ICMP | P4n1cBook

It is used by , including , to send error messages and operational information indicating success or failure when communicating with another .
ICMP differs from such as and in that it is not typically used to exchange data between systems, nor is it regularly employed by end-user network applications (with the exception of some diagnostic tools like and ).
A separate Internet Control Message Protocol (called ) is used with .

ping

Used to test connectivity between devices on a network.

It sends ICMP Echo Request packets to a target and waits for ICMP Echo Reply packets in return.

The command provides details like packet loss, round-trip time (RTT), and TTL (time-to-live).

Output Example

PING 192.168.1.1 (192.168.1.1) 56(84) bytes of data.
64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=0.123 ms
64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=0.120 ms
64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=0.122 ms

Bytes: Size of the ICMP packet.

From: IP address of the responding device.

icmp_seq: Sequence number of the packet.

TTL (Time to Live): The maximum number of hops a packet can traverse before being discarded.

Time: The round-trip time (RTT) for the packet to reach the destination and return.

`TTL` Values and `OS` Fingerprinting

The TTL value in the ping response is a starting value decremented by one for each hop the packet takes.
The default starting TTL values differ between operating systems, making it possible to infer the OS of the target system.
- Linux/Unix -> 64
- Windows -> 128
- Cisco -> 255

Commands

Send 4 packages

ping -c 4 example.com