ICMP is the Internet Control Message Protocol. It was designed and implemented as part of the Internet Protocol Version 4 (IPv4) and Internet Protocol Version 6 (IPv6).
ICMP messages are used for communication between network devices. These messages can be sent and received either through a network interface or via a direct connection.
ICMP messages can be sent in response to a requested ICMP message or independently. For example, if you ping a device, it will return an echo-response message. This is an independent ICMP message that is being requested and sent back.
There are many different types of ICMP messages, and most can be blocked or disabled on your network devices. Knowing what these are and why they are used will help you understand how to properly secure your network.
The simplicity of icmp packets
As mentioned before, icmp packets do not contain source or destination IP addresses. Instead, they contain a special field called the checksum.
This checksum is used to verify the integrity of the packet after it has been received and processed by the computer. If the checksum does not match what it should be based on the processed information, then you know there was a problem with processing the information.
Because icmp packets do not have a specific use, there is no need to track sources and destinations. Therefore, there is no need to include source or destination IP addresses in the packet. This cuts down on processing time and size of the packet, making it more efficient.
An important thing to note is that although icmp packets are not used in denial-of-service attacks, they can be used to track potential cyber threats.
What are ports?
When you browse the web, your computer sends and receives information to and from servers. These servers are usually located in large data centers where many different companies host their services.
The information that is sent and received is called data. When you visit a website, your computer receives some data about the site such as its title, how many pages it has, and what each page’s content is. This data comes in the form of packets.
When a packet comes into your computer, it has a source port number and a destination port number. The source port number identifies where the packet came from, and the destination port number identifies where it’s going.
ICMP packets do not have source or destination port numbers because ICMP is an Internet Protocol that every device uses to communicate with other devices.
Why are they important?
ICMP packets do not have source and destination port numbers. This makes it more difficult to determine the exact type of attack that is being performed.
Since ICMP packets do not carry TCP or UDP data, there is no source or destination port number information to extract. This makes it impossible to determine whether the incoming ICMP packet is part of a TCP connection or some other type of connection.
ICMP echo requests (also known as ping) use a well-known port (port number 7) and thus can be blocked easily. However, with arbitrary ICMP packets, it becomes much harder to identify and block all of them.
It is important to note that some ICMP packets do contain source and/or destination port numbers. However, these are rare cases and are not the default setting.
How do I configure my router for port forwarding?
You will need to login to your router and forward the specific port to the internal device. You will also need to tell your router the external IP of your home network, so it can send the packets where they need to go.
Many people get confused by the term port forwarding. Port forwarding is the action of telling your router to forward a specific port from an external address on your network to an internal device.
For example, if you had a web server on your home network and you wanted people outside of your home network to be able to access it, you would have to configure port forwarding for it. You would have to tell your router that any external IP’s that try to connect to that specific port on your internal network are allowed to do so.
In short, you are configuring security measures on your router that allow certain connections to come through.
What is the difference between unicasting, multicasting, and broadcasting?
Unicasting is the process of sending a data packet to a specific destination address or device. This is the most efficient way to send data, as the packet is being sent to only one destination.
Multicasting is similar to unicasting, but with a key difference. With multicasting, several devices or addresses are targeted with the data packet. This is typically done so that all of those devices or addresses can receive the data, like a classroom where the teacher sends information to all students.
Broadcasting is when a data packet is sent out with no specific destination address or device. This is typically done for public information, like traffic alerts or emergency announcements.
These three networking terms are often confused with each other as they all have different definitions based on how many devices or addresses the data packet targets.