ICMP

Internet Control Message Protocol

It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address.

ICMP differs from transport protocols such as TCP and UDP in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like ping and traceroute).

A separate Internet Control Message Protocol (called ICMPv6) is used with IPv6.

Internet Control Message ProtocolWikipedia

---

ping

• Used to test connectivity between devices on a network.

• It sends ICMP Echo Request packets to a target and waits for ICMP Echo Reply packets in return.

• The command provides details like packet loss, round-trip time (RTT), and TTL (time-to-live).

---

Output Example

PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.123 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.120 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.122 ms

• Bytes: Size of the ICMP packet.

• From: IP address of the responding device.

• icmp_seq: Sequence number of the packet.

• TTL (Time to Live): The maximum number of hops a packet can traverse before being discarded.

• Time: The round-trip time (RTT) for the packet to reach the destination and return.

---

TTL Values and OS Fingerprinting

• The TTL value in the ping response is a starting value decremented by one for each hop the packet takes.

• The default starting TTL values differ between operating systems, making it possible to infer the OS of the target system.

  • Linux/Unix -> 64

  • Windows -> 128

  • Cisco -> 255

---

Commands

Send 4 packages

ping -c 4 example.com

// Some c