Linux 101 : ICMP - Internet Control Message Protocol and Ping sweep scans
The IP protocol - Internet protocol - doesn't include an error notification system.
For example if an IP address is not reachable, the IP protocol has no way of informing us.
IP uses the ICMP protocol - Internet Control Message Protocol - to add an error notification system.
ICMP provides an error notification system at the network layer - layer 3 in the OSI model -
Below is a couple of ICMP message types:
- Type 8 : Echo Request.
- Type 0 : Echo Reply.
The ICMP message "Type 8" is request sent to a host asking it to reply if it is up and running.
If the destination host is active, it will responds with an ICMP message "Type 0", telling the sender that is is "alive".
For example for the "destination Unreachable, Type 3", we could receive one of these codes - there are other codes that are not mentioned below -:
- 0 : Error in the network route.
- 1 : Host Unreachable.
- 3 : Port Unreachable.
- 7 : Destination Unknown.
- 13 : Communication filtered by the firewall.
We could check these codes using a scanning software such as "Wireshark", by filtering the ICMP packets and expanding the details section to see the codes - below Type: 8, code: 0 -:
Remark:
The "Code: 0" related to "Type: 8" in the above example doesn't have a meaning since the "Type: 8" ICMP message has no codes related to it.
Ping is the program that allows us to send/receive ICMP messages.
Ping allows us to check one machine at a time:
We could use other programs to ping a whole network - Ping sweep - in one go to check which machines are active:
To check if the machines in the "10.34.4.0/24" network are active.
The "-sn" option doesn't scan the ports on the machine, it only checks if the host is active.
Remark:
Sometimes for security reasons the ICMP protocol is disabled or blocked by the firewall.
Comments