Sunday, June 23, 2013

ICMP Types: Echo And Echo-Reply

I find this interesting.  This topic should come up because if you really want to be able to ping out from your site and allow that ping back in, then it may become important for you to modify your ACLs properly, and not just allow all ICMP traffic.  You certainly wont want someone to be able to ping your servers from the outside.  So what does ICMP look like in a packet capture?  Lets take a look:
In the above screen capture, you will notice that at Layer 4, you will see a "Type" field.  That type field, for the ICMP at Layer 4, is a code of 8.  That means its a ping request going out.  Which, according to the packet capture is sourced from and destined to  You can see that the "ICMP request" is actually an "Echo" request.
Below in the second screenshot, you will find something similar.  However, you will notice that the "Type" code is a 0.  That will mean a reply back from the destination you pinged.  Notice though, that at Layer 4, its still ICMP, just a different "Type".

Very interesting stuff when looking at it in depth.  ICMP has many codes that you will recognize by name.  You have seen several of the before in CMD when trying to ping something Im sure.  Take a good look at the codes, all of which are ICMP.

No comments:

Post a Comment

Your comment will be reviewed for approval. Thank you for submitting your comments.