There are many security tools (such as those of Firewalls, Network Intrusion Devices, Routers, etc.) out there that can alert a Network Administrator of any penetrations that are occurring.  But these devices, for the most part, can only detect those Cyberthreats that are coming from the external environment.

In addition to this, what is also needed is some sort of detection system that can provide alerts of any unknown or suspicious activity that is occurring from within the network segments.

This is where the role of the Internet Control Message Protocol (also known as the “ICMP”) comes into play.

A Review of the Internet Protocol Suite

The ICMP operates in what is also known as the “Internet Protocol Suite”.  This model consists of the following four layers:

1. The Application Layer:

This is the layer in which applications communicate with other applications which reside on the same host, or even on an entirely different host. The higher-level network protocols are also used and supported at this layer, which include the following:

  • Simple Mail Transfer Protocol (SMTP);
  • File Transfer Protocol (FTP);
  • Secure Shell (SSH);
  • Hyper Text Transport Protocol (HTTP).

2. The Transport Layer:

This is the layer in which network communications take place between different hosts that reside on the same network segment (such as those found on a Local Area Network [LAN]) or even an entirely different one (such as those found on a Wide Area Network [WAN]).  The most widely used communications protocol used in this layer is the Transmission Control Protocol (also known as the “TCP”).

3. The Internet Layer:

This layer “defines and establishes” the actual Internet as we know it today.  The primary network protocol that is used here is the Internet Protocol (also known as the “IP”). It also defines the actual IP address.

4. The Link Layer:

This layer connects of all of the of the LANs that are located nearby each other.

A Definition of ICMP

A technical definition of the ICMP is as follows:

“It is an error-reporting protocol [that is used] to generate error messages to the source IP address when network problems prevent delivery of IP packets. ICMP creates and sends messages to the source IP address indicating that a gateway to the Internet, service or host cannot be reached for packet delivery.”

(SOURCE:  1)

Put in simpler terms, the Primary Domain Controller (also known as the “PDC”). In response, the PDC is attempting to make available the shared resources (such as files and applications) that resides in its database.

These shared resources will be transmitted via the Data Packets to the client computers.  But if for some reason or another, a shared resource cannot reach its ultimate destination, then an error message is transmitted back to the PDC notifying that the delivery of the Data Packets cannot be completed and are returning back to it.

This error reporting functionality is made available specifically by the ICMP.  Thus, the ICMP itself does not transmit the Data Packets. It only transmits the relevant error message as to why they cannot be delivered to the final destination.  In other words, it is not a Transport Protocol that transmits information and data.

The ICMP is heavily by Network Administrators in order to pinpoint and troubleshoot any Internet connections from within the network infrastructure, by making use of diagnostic tools such as “Ping” and “Traceroute”.

There are many reasons why Data Packets cannot reach their final destination:

  • There could be an issue with a Router or Hub in forwarding them on to the next point;
  • There could be a “hiccup” in the network that is interfering with the normal flow of Data Packets;
  • There could be a disconnection that exists somewhere in the Network Infrastructure, or there might even be a Cyberattack underway.

The ICMP is used in both Internet Protocols, which are:

  • The Internet Protocol version 4 (also known as “IPv4”);
  • The Internet Protocol version 6 (also known as the “IPv6”).


Our next blog will examine the specific error messages that the ICMP transmits, and the security vulnerabilities that are posed to them.