ICMPv4 - Internet Control Message Protocol version 4

What is ICMPv4?

ICMP stands for Internet Control Message Protocol. It is the version 4. It’s a network protocol used by devices like routers and computers to send error messages and operational information.

Why is ICMPv4 useful?

ICMP is essential for network diagnostics and troubleshooting. It helps: * Detect unreachable hosts or networks * Report routing issues * Measure network latency and packet loss * Support tools like ping and traceroute

How it works?

  • Device sends a message – e.g., a computer sends a ping (ICMP Echo Request) to another device

  • Target responds – If reachable, target replies with ICMP Echo Reply

  • Error reporting – Routers/hosts send ICMP messages on issues (Destination Unreachable, Time Exceeded)

  • No data transfer – ICMP only sends control and error messages, not user data

Where is ICMPv4 used?

  • Ping command – To check host reachability and response time

  • Traceroute – To trace packet path to destination

  • Routers/gateways – Report unreachable destinations or TTL expiry

  • Network monitoring tools – Assess network health and performance

Which OSI layer does this protocol belong to?

  • Works closely with IP to report packet delivery issues

  • Deals with routing and delivery errors, not application data

  • Manages and controls IP-based network behavior

Topics in this section,

  • In this section, you are going to learn

  • Terminology

  • Version Info

Version & RFC Details

ICMPv4 Version

RFC Version

Year

Core Idea / Contribution

ICMPv4

RFC 777

1981

Initial specification of ICMP (superseded by RFC 792).

RFC 792

1981

Defines ICMPv4 as part of the IP protocol suite. It specifies message formats, types, and codes for error reporting and diagnostics

RFC 1122

1989

Host requirements for Internet protocols, including ICMP behavior.

RFC 1191

1990

Defines Path MTU Discovery using ICMP “Fragmentation Needed” messages.

RFC 1256

1991

Defines ICMP Router Discovery messages (Router Advertisement and Solicitation).

RFC 1393

1993

Defines ICMP Traceroute message (now deprecated).

RFC 1812

1995

Router requirements, including how routers should handle ICMP messages.

RFC 4884

2007

Extends ICMP messages to include more diagnostic information.

RFC 6633

2012

Deprecates ICMP Source Quench messages.

RFC 6918

2013

Updates and deprecates several ICMP message types.

Testcase 1: Ping Test

  • Step-1 : Launch GNS3 and Create Network Topology

    Note

    • Use GNS3 to simulate two Ubuntu virtual machines.

    • Connect both VMs using a virtual Ethernet cable.

    1. Open GNS3

    2. Add two Ubuntu VMs to the canvas

    3. Connect the VMs using an Ethernet link

    4. Start both virtual machines

  • Step-2 : Assign Static IPv4 Addresses

VM1:~$ sudo ifconfig enp0s8 192.168.1.10 up
VM2:~$ sudo ifconfig enp0s8 192.168.1.20 up

Note

  • Both machines must be on the same subnet

  • Replace enp0s8 with your actual interface name (check via ifconfig)

  • Step-3 : Verify Interface Configuration

    VM1:~$ ip a show enp0s8
VM2:~$ ip a show enp0s8

    • expected output :

      • inet 192.168.1.10/24 (on VM1)

      • inet 192.168.1.20/24 (on VM2)

  • Step-4 : Start Wireshark Capture in GNS3

    • Right-click the Ethernet link between VM1 and VM2

    • Click Start Capture

  • Step-5 : Test ICMPv4 Connectivity

    VM2:~$ ping 192.168.1.10
PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data.
64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.503 ms
64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.412 ms
64 bytes from 192.168.1.10: icmp_seq=3 ttl=64 time=0.421 ms
64 bytes from 192.168.1.10: icmp_seq=4 ttl=64 time=0.395 ms

--- 192.168.1.10 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.395/0.432/0.503/0.043 ms

Note

  • This confirms successful ICMPv4 communication from VM2 to VM1

  • Step-6 : Capture and Inspect ICMPv4 Traffic

    Note

    • You will observe: - ICMP Echo Request from 192.168.1.20 to 192.168.1.10 - ICMP Echo Reply from 192.168.1.10 to 192.168.1.20

Testcase 2: Fast Ping Test

  • Step-1 : Launch GNS3 and Create Network Topology

    Note

    • Use GNS3 to simulate two Ubuntu virtual machines.

    • Connect both VMs using a virtual Ethernet cable.

    1. Open GNS3

    2. Add two Ubuntu VMs to the canvas

    3. Connect the VMs using an Ethernet link

    4. Start both virtual machines

  • Step-2 : Assign Static IPv4 Addresses

VM1:~$ sudo ifconfig enp0s8 192.168.1.10 up
VM2:~$ sudo ifconfig enp0s8 192.168.1.20 up

Note

  • Both machines must be on the same subnet

  • Replace enp0s8 with your actual interface name (check via ifconfig)

  • Step-3 : Verify Interface Configuration

    VM1:~$ ip a show enp0s8
VM2:~$ ip a show enp0s8

    • expected output :

      • inet 192.168.1.10/24 (on VM1)

      • inet 192.168.1.20/24 (on VM2)

  • Step-4 : Start Wireshark Capture in GNS3

    • Right-click the Ethernet link between VM1 and VM2

    • Click Start Capture

  • Step-5 : Test ICMPv4 Connectivity with fast ping.

    VM2:~$ sudo ping -f 192.168.1.10
PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data.
...................................................................................................................................................................
--- 192.168.1.10 ping statistics ---
5000 packets transmitted, 5000 received, 0% packet loss, time 471ms
rtt min/avg/max/mdev = 0.043/0.097/1.203/0.054 ms, ipg/ewma 0.094/0.091 ms

// Can see ICMP echo request from 192.168.1.20 to 192.168.1.10
// Can see ICMP echo reply from 192.168.1.10 to 192.168.1.20

Note

  • This uses high-speed flooding to test ICMPv4 throughput and stability.

  • Useful for performance testing or triggering firewall/IDS logs.

  • Step-6 : Capture and Inspect Fast ICMPv4 Traffic

    Note

    • You will observe:

      • A burst of ICMP Echo Requests from 192.168.1.20 to 192.168.1.10

      • Corresponding ICMP Echo Replies from 192.168.1.10 to 192.168.1.20

      • High frequency and low latency if the network is stable.

Testcase 3: Jumbo Packet Ping Test

  • Step-1 : Launch GNS3 and Create Network Topology

    Note

    • Use GNS3 to simulate two Ubuntu virtual machines.

    • Connect both VMs using a virtual Ethernet cable.

    1. Open GNS3

    2. Add two Ubuntu VMs to the canvas

    3. Connect the VMs using an Ethernet link

    4. Start both virtual machines

  • Step-2 : Assign Static IPv4 Addresses

VM1:~$ sudo ifconfig enp0s8 192.168.1.10 up
VM2:~$ sudo ifconfig enp0s8 192.168.1.20 up

Note

  • Both machines must be on the same subnet

  • Replace enp0s8 with your actual interface name (check via ifconfig)

  • Step-3 : Verify Interface Configuration

    VM1:~$ ip a show enp0s8
VM2:~$ ip a show enp0s8

    • expected output :

      • inet 192.168.1.10/24 (on VM1)

      • inet 192.168.1.20/24 (on VM2)

  • Step-4 : Start Wireshark Capture in GNS3

    • Right-click the Ethernet link between VM1 and VM2

    • Click Start Capture

  • Step-5 : Test ICMPv4 Connectivity with Jumbo Packets

    VM2:~$ ping -s 1472 -M do 192.168.1.10

PING 192.168.1.10 (192.168.1.10) 1472(1500) bytes of data.
1480 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.768 ms
1480 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.752 ms
1480 bytes from 192.168.1.10: icmp_seq=3 ttl=64 time=0.719 ms
1480 bytes from 192.168.1.10: icmp_seq=4 ttl=64 time=0.702 ms

--- 192.168.1.10 ping statistics ---
9 packets transmitted, 9 received, 0% packet loss, time 3006ms
rtt min/avg/max/mdev = 0.702/0.735/0.768/0.026 ms

    Note

    • -s 1472: Specifies the ICMP payload size in bytes

    • (1472 bytes is used because 1500 - IP header (20) - ICMP header (8) = 1472)

    • -M do: Sets the “Don’t Fragment” (DF) bit in the IP header

    • Can see ICMP echo request from 192.168.1.20 to 192.168.1.10

    • Can see ICMP echo reply from 192.168.1.10 to 192.168.1.20

    • Can see data size as 1472 in ICMP packets

    Note

    • This test validates whether larger ICMP packets can be transmitted without fragmentation.

    • It also checks MTU boundaries and DF bit handling on the network path.

  • Step-6 : Capture and Inspect Jumbo ICMPv4 Traffic

    Note

    • You will observe: * ICMP Echo Requests with 1472-byte payload (1480 bytes total) * Echo Replies of the same size * DF (Don’t Fragment) flag set in packet headers

Testcase 4: Destination Unreachable (Port Unreachable)

  • Step-1 : Launch GNS3 and Create Network Topology

    Note

    • Use GNS3 to simulate two Ubuntu virtual machines.

    • Connect both VMs using a virtual Ethernet cable.

    1. Open GNS3

    2. Add two Ubuntu VMs to the canvas

    3. Connect the VMs using an Ethernet link

    4. Start both virtual machines

  • Step-2 : Assign Static IPv4 Addresses

    VM1:~$ sudo ifconfig enp0s8 192.168.1.10 up
VM2:~$ sudo ifconfig enp0s8 192.168.1.20 up

    Note

    • Both machines must be on the same subnet

    • Replace enp0s8 with your actual interface name (check via ifconfig)

  • Step-3 : Verify Interface Configuration

    VM1:~$ ip a show enp0s8
VM2:~$ ip a show enp0s8

    • expected output :

      • inet 192.168.1.10/24 (on VM1)

      • inet 192.168.1.20/24 (on VM2)

  • Step-4 : Start Wireshark Capture in GNS3

    • Right-click the Ethernet link between VM1 and VM2

    • Click Start Capture

  • Step-5 : Trigger ICMP Destination Unreachable (Port Unreachable)

    VM2:~$ nc -u 192.168.1.10 9999
hello

    • expected behavior:

      - No service is running on **UDP port 9999** of VM1.
- VM1 replies with **ICMP Type 3, Code 3** (Destination Unreachable – Port Unreachable).
- The `hello` string is sent as a UDP probe.
- Wireshark captures an ICMP error packet generated by VM1.

    Note

    • Ensure no UDP service is running on port 9999 of VM1.

    • If you run nc -u -l 9999 on VM1, this test will not work as intended.

  • Step-6 : Capture and Inspect ICMP Destination Unreachable Packet

    Note

    • You will observe:

      • UDP packet from 192.168.1.20 to 192.168.1.10:9999

      • ICMP response from 192.168.1.10 to 192.168.1.20

      • Type 3 (Destination Unreachable), Code 3 (Port Unreachable)

      • The payload of the original UDP packet is echoed back inside the ICMP error

Testcase 5: Broadcast Ping (No Response Found)

  • Step-1 : Launch GNS3 and Create Network Topology

    Note

    • Use GNS3 to simulate two Ubuntu virtual machines.

    • Connect both VMs using a virtual Ethernet cable.

    1. Open GNS3

    2. Add two Ubuntu VMs to the canvas

    3. Connect the VMs using an Ethernet link

    4. Start both virtual machines

  • Step-2 : Assign Static IPv4 Addresses

    VM1:~$ sudo ifconfig enp0s8 192.168.1.10 up
VM2:~$ sudo ifconfig enp0s8 192.168.1.20 up

    Note

    • Both machines must be on the same subnet

    • Replace enp0s8 with your actual interface name (check via ifconfig)

  • Step-3 : Verify Interface Configuration

    VM1:~$ ip a show enp0s8
VM2:~$ ip a show enp0s8

    • expected output :

      • inet 192.168.1.10/24 (on VM1)

      • inet 192.168.1.20/24 (on VM2)

  • Step-4 : Start Wireshark Capture in GNS3

    • Right-click the Ethernet link between VM1 and VM2

    • Click Start Capture

  • Step-5 : Send Broadcast ICMPv4 Echo Request from VM2

    VM2:~$ ping -b 192.168.1.255

WARNING: pinging broadcast address
PING 192.168.1.255 (192.168.1.255) 56(84) bytes of data.

--- 192.168.1.255 ping statistics ---
6 packets transmitted, 0 received, 100% packet loss, time 5114ms

    Note

    • This is a directed broadcast to the subnet’s broadcast address (192.168.1.255)

    • Most modern systems and networks drop broadcast pings for security reasons

    • You will see ICMP Echo Requests, but no Echo Replies

    • expected behavior :

      • ICMP Echo Request packets are sent by VM2 to 192.168.1.255

      • No reply is received from any host, including VM1

      • Wireshark confirms presence of Echo Requests only

  • Step-6 : Capture and Inspect ICMP Broadcast Behavior

    Note

    • You will observe:

    • Multiple ICMP Echo Requests to 192.168.1.255 from 192.168.1.20

    • No ICMP Echo Replies from any host

    • Indicates that broadcast ping response is suppressed

Testcase 6: Broadcast Ping with Delayed Response

  • Step-1 : Launch GNS3 and Create Network Topology

    Note

    • Use GNS3 to simulate two Ubuntu virtual machines.

    • Connect both VMs using a virtual Ethernet cable.

    1. Open GNS3

    2. Add two Ubuntu VMs to the canvas

    3. Connect the VMs using an Ethernet link

    4. Start both virtual machines

  • Step-2 : Assign Static IPv4 Addresses

    VM1:~$ sudo ifconfig enp0s8 192.168.1.10 up
VM2:~$ sudo ifconfig enp0s8 192.168.1.20 up

    Note

    • Both machines must be on the same subnet

    • Replace enp0s8 with your actual interface name (check via ifconfig)

  • Step-3 : Verify Interface Configuration

    VM1:~$ ip a show enp0s8
VM2:~$ ip a show enp0s8

    • expected output :

      • inet 192.168.1.10/24 (on VM1)

      • inet 192.168.1.20/24 (on VM2)

  • Step-4 : Enable Broadcast Echo Replies

    VM1 & VM2:~$ sudo nano /etc/sysctl.conf

# Add this line at the end:
net.ipv4.icmp_echo_ignore_broadcasts=0

# Apply changes immediately
VM1 & VM2:~$ sudo sysctl -p

    • expected output :

      • net.ipv4.icmp_echo_ignore_broadcasts = 0

    Note

    • This allows Linux systems to respond to ICMP Echo Requests sent to a broadcast address.

  • Step-5 : Start Wireshark Capture in GNS3

    • Right-click the Ethernet link between VM1 and VM2

    • Click Start Capture

  • Step-6 : Send Broadcast Ping from VM2

    VM2:~$ ping -b 192.168.1.255

WARNING: pinging broadcast address
PING 192.168.1.255 (192.168.1.255) 56(84) bytes of data.
64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=3.12 ms
64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=5.87 ms
64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=3.05 ms
64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=6.34 ms
64 bytes from 192.168.1.10: icmp_seq=3 ttl=64 time=2.89 ms
64 bytes from 192.168.1.10: icmp_seq=3 ttl=64 time=5.76 ms

--- 192.168.1.255 ping statistics ---
3 packets transmitted, 3 received, +3 duplicates, 0% packet loss, time 2005ms
rtt min/avg/max/mdev = 2.89/4.83/6.34 ms, pipe 2

    Note

    • VM1 replies to the broadcast ICMP Echo Requests since icmp_echo_ignore_broadcasts=0

    • Duplicate replies may be observed due to how Linux handles replies and timing in virtualized environments

    • Delay is possible in GNS3/VM due to scheduling or emulation latency

    • expected behavior :

      • ICMP Echo Requests are sent from VM2 to 192.168.1.255

      • VM1 responds with ICMP Echo Replies

      • Duplicate responses or delayed responses may occur

  • Step-7 : Capture and Inspect ICMP Broadcast Responses

    Note

    • You will observe:

    • ICMP Echo Requests from 192.168.1.20 to 192.168.1.255

    • ICMP Echo Replies from 192.168.1.10 to 192.168.1.20

    • Duplicates and out-of-order timing are possible

ICMPv4 Echo Request Packet

S.No

Protocol Packets

Description

Size(bytes)

1

Echo Request

It is a type of message used in the ICMP to test the

40

reachability of a network device.

Type

Indicates the type of ICMP message

1

8-specifies this is an Echo Request

Code

Provides further information about the type

1

0-Always Zero for echo requests

Checksum

Used for error-checking the ICMP header and data.

2

Identifier

Used to match requests and replies,Usually set by sender.

2

Sequence Number

Used to match requests and replies

2

Data

Optional data sent with the request

32

ICMPv4 Echo Reply Packet

S.No

Protocol Packets

Description

Size(bytes)

2

Echo Reply

The response to an echo request, confirming the machine’s status and providing round-trip time data.

40

Type

Indicates the type of ICMP message

1

0-specifies this is an Echo Reply

Code

Provides further information about the type

1

0-Always Zero for echo requests

Checksum

Used for error-checking the ICMP header and data.

2

Identifier

Matches the identifier from the Echo Request

2

Sequence Number

Matches the sequence number from the Echo Request

2

Data

Optional data sent with the request

32

ICMPv4 Destination Unreachable Packet

S.No

Protocol Packets

Description

Size(bytes)

3

Destination Unreachable

indicates that packet could not reach its intended destination

24

Type

Indicates the type of ICMP message

1

3-specifies this is an Destination Unreachable

Code

Specifies the reason for the unreachable destination (e.g., 0 for network unreachable, 1 for host unreachable)

1

Checksum

Used for error-checking the ICMP header and data.

2

Unused

Reserved for future use

4

Internet Header+ 64 bits of original Datagram

Contains the header and first 64 bits of the original datagram that caused the error

16

ICMPv4 Time Exceeded Packet

S.No

Protocol Packets

Description

Size(bytes)

4

Time Exceeded

Indicates that a packet’s Time-To-Live (TTL) value has reached zero before reaching its destination.

24

Type

Indicates the type of ICMP message

1

11-specifies this is a Time Exceeded

Code

Specifies the reason for the time exceeded (e.g., 0 for TTL expired in transit, 1 for fragment reassembly time exceeded)

1

Checksum

Used for error-checking the ICMP header and data.

2

Unused

Reserved for future use

4

Internet Header+ 64 bits of original Datagram

Contains the header and first 64 bits of the original datagram that caused the error

16

ICMPv4 Redirect Packet

S.No

Protocol Packets

Description

Size(bytes)

5

Redirect

mechanism used by routers to inform hosts about a more efficient route for sending packets to a particular destination.

24

Type

Indicates the type of ICMP message

1

5-specifies this is a ICMP Redirect

Code

Specifies the reason for the redirect (e.g., 0 for redirect for network, 1 for redirect for host)

1

Checksum

Used for error-checking the ICMP header and data.

2

Gateway Internet Address

IP address of the gateway to which the redirection should

4

be sent

Internet Header+ 64 bits of original Datagram

Contains the header and first 64 bits of the original datagram that caused the error

16

ICMPv4 Parameter Problem Packet

S.No

Protocol Packets

Description

Size(bytes)

6

Parameter Problem

Fields Breakdown

27

Type

12 (Indicates Parameter Problem)

1

Code

Specifies the nature of the problem:

1

  • 0: Pointer indicates the error

  • 1: Missing a required option

  • 2: Bad length

Checksum

Error-checking for the ICMP message

2

Pointer

Indicates the byte offset in the original IP header where the error

4

was detected

Unused

3 bytes reserved (set to zero)

3

Original IP Header + 8 bytes of data

The offending packet’s IP header and the first 8 bytes of its

16

payload (used for context)

ICMPv4 - Use Cases

S.no

Use Case

Description

1

Error Reporting

ICMPv4 is primarily used to report errors in IP packet processing. For example, if a router cannot forward a packet due to a missing route or TTL expiration, it sends an ICMP error message back to the sender.

2

Network Diagnostics

Tools like ping and traceroute use ICMPv4 to test connectivity and trace the path packets take through the network.

3

Path MTU Discovery

Helps determine the maximum transmission unit (MTU) size on the path between two IP hosts without fragmentation.

4

Router Discovery

Hosts can discover the presence and addresses of operational routers on their subnet.

5

Extended Diagnostics

RFC 4884 allows ICMP messages to carry more detailed diagnostic information, useful for advanced troubleshooting.

6

Firewall and Security Monitoring

ICMP can be used to detect unauthorized access or scanning attempts. For example, repeated ICMP Echo Requests may indicate a ping sweep or reconnaissance activity.

ICMPv4 - Basic Features

S.no

Features

Description

1

Diagnostic Tools Support

Enables tools like ping (Echo Request/Reply) and traceroute (Time Exceeded) for network troubleshooting.

2

Message Types and Codes

ICMPv4 defines various message types (e.g., Type 3 for Destination Unreachable) and codes for detailed error classification.

3

Error Reporting

ICMPv4 reports issues in IP packet delivery, such as unreachable destinations or TTL expiration.

4

Lightweight Protocol

ICMPv4 is a simple protocol that operates directly over IP (protocol number 1), without using TCP or UDP.

5

No Reliability Mechanism

ICMPv4 does not guarantee message delivery; it relies on IP and is used for best-effort communication.

6

Control and Informational Messages

ICMPv4 includes both error messages (e.g., Destination Unreachable) and informational messages (e.g., Echo Request/Reply).

7

Stateless Operation

ICMPv4 does not maintain session state; each message is independent.

8

Security Considerations

ICMPv4 can be exploited for reconnaissance or DoS attacks, so it’s often filtered or rate-limited by firewalls.

Diagnostic Tools Support - Testcases

Diagnostic Tools Support - Test Cases

#

Test Case

Description

Expected Result

1

Send ICMP Echo Request

Use ping to target host

Echo Reply is received

2

Receive ICMP Echo Reply

Target responds to ping

Echo Reply matches request

3

Ping unreachable host

Send ping to non-existent IP

ICMP Destination Unreachable received

4

Ping with large payload

Send large ICMP packet

Echo Reply received or fragmentation error

5

Ping with DF bit set

Send ping with Don’t Fragment

ICMP Fragmentation Needed received if MTU exceeded

6

Ping with TTL = 1

Send ping with TTL 1

ICMP Time Exceeded received

7

Traceroute to host

Use traceroute utility

ICMP Time Exceeded from intermediate hops

8

Traceroute with blocked ICMP

ICMP blocked on path

Traceroute fails or incomplete

9

ICMP Type 3 Code 0

Destination Network Unreachable

Correct ICMP message received

10

ICMP Type 3 Code 1

Destination Host Unreachable

Correct ICMP message received

11

ICMP Type 3 Code 2

Protocol Unreachable

Correct ICMP message received

12

ICMP Type 3 Code 3

Port Unreachable

Correct ICMP message received

13

ICMP Type 3 Code 4

Fragmentation Needed

Correct ICMP message received

14

ICMP Type 3 Code 5

Source Route Failed

Correct ICMP message received

15

ICMP Type 11 Code 0

TTL Exceeded in Transit

Correct ICMP message received

16

ICMP Type 11 Code 1

Fragment Reassembly Time Exceeded

Correct ICMP message received

17

ICMP Type 12

Parameter Problem

Correct ICMP message received

18

ICMP Type 4

Source Quench (deprecated)

Message ignored or logged

19

ICMP Type 5

Redirect Message

Host updates routing table

20

ICMP Type 8

Echo Request

Target responds with Echo Reply

21

ICMP Type 0

Echo Reply

Response to Echo Request

22

ICMP checksum validation

Corrupt checksum

Packet discarded

23

ICMP rate limiting

Send excessive pings

ICMP replies are rate-limited

24

ICMP unreachable filtering

Block ICMP Type 3

No unreachable messages received

25

ICMP echo filtering

Block ICMP Type 8

Ping fails

26

ICMP redirect filtering

Block ICMP Type 5

Host ignores redirect

27

ICMP TTL exceeded filtering

Block ICMP Type 11

Traceroute fails

28

ICMP parameter problem filtering

Block ICMP Type 12

No error message received

29

ICMP with NAT

Ping through NAT

Echo Reply received correctly

30

ICMP with firewall

ICMP allowed through firewall

Ping and traceroute succeed

31

ICMP with ACL

ICMP permitted/denied by ACL

Behavior matches ACL rules

32

ICMP with VPN

Ping over VPN tunnel

Echo Reply received

33

ICMP with MPLS

Ping across MPLS network

Echo Reply received

34

ICMP with IPv4 fragmentation

Send fragmented ICMP

Reassembled and replied correctly

35

ICMP with spoofed source

Send spoofed ICMP

Response sent to spoofed address

36

ICMP with invalid code

Send ICMP with invalid code

Packet discarded

37

ICMP with invalid type

Send ICMP with invalid type

Packet discarded

38

ICMP payload inspection

Check payload in Echo Reply

Payload matches request

39

ICMP timestamp request

Send timestamp request

Timestamp reply received (if supported)

40

ICMP address mask request

Send address mask request

Mask reply received (if supported)

41

ICMP error message format

Validate structure

Message conforms to RFC 792

42

ICMP message logging

Enable logging

ICMP messages logged

43

ICMP message capture

Use packet sniffer

ICMP packets visible in capture

44

ICMP message rate

Measure ICMP response rate

Matches expected limits

45

ICMP message size

Send max-size ICMP

Echo Reply received or error

46

ICMP message with options

Send with IP options

Options processed correctly

47

ICMP message with IPsec

Send over IPsec tunnel

Echo Reply received securely

48

ICMP message with VLAN

Send over VLAN

Echo Reply received

49

ICMP message with QoS

Set DSCP bits

QoS markings preserved

50

ICMP message with VRF

Send in VRF context

Echo Reply received in correct VRF

Message Types and Codes - Testcases

Message Types and Codes - Test Cases

#

Test Case

Description

Expected Result

1

ICMP Type 0 Code 0

Echo Reply

Host responds to Echo Request

2

ICMP Type 3 Code 0

Destination Network Unreachable

Correct ICMP error generated

3

ICMP Type 3 Code 1

Destination Host Unreachable

Correct ICMP error generated

4

ICMP Type 3 Code 2

Protocol Unreachable

Correct ICMP error generated

5

ICMP Type 3 Code 3

Port Unreachable

Correct ICMP error generated

6

ICMP Type 3 Code 4

Fragmentation Needed and DF set

Correct ICMP error generated

7

ICMP Type 3 Code 5

Source Route Failed

Correct ICMP error generated

8

ICMP Type 3 Code 6

Destination Network Unknown

Correct ICMP error generated

9

ICMP Type 3 Code 7

Destination Host Unknown

Correct ICMP error generated

10

ICMP Type 3 Code 9

Network Administratively Prohibited

Correct ICMP error generated

11

ICMP Type 3 Code 10

Host Administratively Prohibited

Correct ICMP error generated

12

ICMP Type 3 Code 13

Communication Administratively Prohibited

Correct ICMP error generated

13

ICMP Type 4 Code 0

Source Quench (Deprecated)

Message ignored or logged

14

ICMP Type 5 Code 0

Redirect Datagram for Network

Host updates route

15

ICMP Type 5 Code 1

Redirect Datagram for Host

Host updates route

16

ICMP Type 5 Code 2

Redirect for TOS and Network

Host updates route

17

ICMP Type 5 Code 3

Redirect for TOS and Host

Host updates route

18

ICMP Type 8 Code 0

Echo Request

Target responds with Echo Reply

19

ICMP Type 9 Code 0

Router Advertisement

Host receives router info

20

ICMP Type 10 Code 0

Router Solicitation

Router responds with advertisement

21

ICMP Type 11 Code 0

TTL Exceeded in Transit

Correct ICMP error generated

22

ICMP Type 11 Code 1

Fragment Reassembly Time Exceeded

Correct ICMP error generated

23

ICMP Type 12 Code 0

Pointer indicates error

Correct ICMP error generated

24

ICMP Type 12 Code 1

Missing required option

Correct ICMP error generated

25

ICMP Type 13 Code 0

Timestamp Request

Host responds with Timestamp Reply

26

ICMP Type 14 Code 0

Timestamp Reply

Response to Timestamp Request

27

ICMP Type 15 Code 0

Information Request (Deprecated)

Message ignored or logged

28

ICMP Type 16 Code 0

Information Reply (Deprecated)

Message ignored or logged

29

ICMP Type 17 Code 0

Address Mask Request

Host responds with mask

30

ICMP Type 18 Code 0

Address Mask Reply

Response to mask request

31

Invalid ICMP Type

Use undefined type

Packet discarded

32

Invalid ICMP Code

Use undefined code for valid type

Packet discarded

33

ICMP with invalid checksum

Corrupt checksum

Packet discarded

34

ICMP with truncated header

Incomplete message

Packet discarded

35

ICMP with extra payload

Add extra data

Payload ignored or logged

36

ICMP with spoofed source

Spoof source IP

Response sent to spoofed address

37

ICMP with loopback address

Send to 127.0.0.1

Response received locally

38

ICMP with broadcast address

Send to 255.255.255.255

No reply expected

39

ICMP with multicast address

Send to 224.0.0.1

No reply expected

40

ICMP with private IP

Send to 192.168.x.x

Response received if host reachable

41

ICMP with public IP

Send to internet host

Response received if reachable

42

ICMP with firewall block

Block ICMP type

No response received

43

ICMP with ACL block

Block specific code

No response received

44

ICMP with NAT

Send through NAT

Response translated correctly

45

ICMP with VRF

Send in VRF context

Response received in correct VRF

46

ICMP with VLAN

Send over VLAN

Response received

47

ICMP with QoS

Set DSCP bits

QoS markings preserved

48

ICMP with IP options

Add IP options

Options processed correctly

49

ICMP with IPsec

Send over IPsec tunnel

Response received securely

50

ICMP with logging enabled

Enable logging

ICMP messages logged with type/code

Error Reporting - Testcases

Error Reporting - Test Cases

#

Test Case

Description

Expected Result

1

Destination network unreachable

Send packet to unreachable network

ICMP Type 3 Code 0 received

2

Destination host unreachable

Send packet to unreachable host

ICMP Type 3 Code 1 received

3

Protocol unreachable

Send packet with unsupported protocol

ICMP Type 3 Code 2 received

4

Port unreachable

Send UDP to closed port

ICMP Type 3 Code 3 received

5

Fragmentation needed

Send large packet with DF bit

ICMP Type 3 Code 4 received

6

Source route failed

Use strict source routing

ICMP Type 3 Code 5 received

7

Network administratively prohibited

Blocked by ACL/firewall

ICMP Type 3 Code 9 received

8

Host administratively prohibited

Host blocked by policy

ICMP Type 3 Code 10 received

9

Communication administratively prohibited

General admin block

ICMP Type 3 Code 13 received

10

TTL exceeded in transit

Send packet with TTL = 1

ICMP Type 11 Code 0 received

11

Fragment reassembly time exceeded

Send fragmented packet with missing parts

ICMP Type 11 Code 1 received

12

Parameter problem - pointer indicates error

Send malformed header

ICMP Type 12 Code 0 received

13

Parameter problem - missing option

Omit required IP option

ICMP Type 12 Code 1 received

14

Redirect for network

Router sends redirect

ICMP Type 5 Code 0 received

15

Redirect for host

Router sends host redirect

ICMP Type 5 Code 1 received

16

Redirect for TOS and network

TOS-based redirect

ICMP Type 5 Code 2 received

17

Redirect for TOS and host

TOS-based host redirect

ICMP Type 5 Code 3 received

18

Source quench (deprecated)

Simulate congestion

ICMP Type 4 Code 0 (ignored)

19

Echo request to unreachable host

Ping unreachable IP

ICMP Type 3 Code 1 received

20

UDP to closed port

Send UDP to unused port

ICMP Type 3 Code 3 received

21

TCP RST vs ICMP

Compare TCP RST and ICMP

ICMP used for UDP, not TCP

22

ICMP error with original header

Check embedded IP header

Original header included in ICMP

23

ICMP error with 8 bytes of payload

Check embedded payload

First 8 bytes of original payload included

24

ICMP error with invalid checksum

Corrupt checksum

Packet discarded

25

ICMP error with spoofed source

Spoof source IP

ICMP sent to spoofed address

26

ICMP error with broadcast address

Send to broadcast

No ICMP error generated

27

ICMP error with multicast address

Send to multicast

No ICMP error generated

28

ICMP error with loopback

Send to 127.0.0.1

No ICMP error generated

29

ICMP error with private IP

Send to 192.168.x.x

ICMP error generated if unreachable

30

ICMP error with public IP

Send to unreachable public IP

ICMP error generated

31

ICMP error with NAT

Send through NAT

ICMP translated correctly

32

ICMP error with firewall

Blocked by firewall

ICMP error generated or blocked

33

ICMP error with ACL

ACL denies traffic

ICMP Type 3 Code 13 generated

34

ICMP error with VRF

Send in VRF

ICMP error scoped to VRF

35

ICMP error with VLAN

Send over VLAN

ICMP error received

36

ICMP error with IPsec

Send over IPsec

ICMP error encrypted or blocked

37

ICMP error with QoS

Set DSCP bits

DSCP preserved in ICMP

38

ICMP error with IP options

Use IP options

Options copied to ICMP error

39

ICMP error with invalid type

Use undefined type

Packet discarded

40

ICMP error with invalid code

Use undefined code

Packet discarded

41

ICMP error with truncated header

Incomplete ICMP

Packet discarded

42

ICMP error with extra payload

Add extra data

Payload ignored

43

ICMP error with logging

Enable logging

ICMP errors logged

44

ICMP error with SNMP

Monitor via SNMP

ICMP errors visible in MIBs

45

ICMP error with packet capture

Use Wireshark/tcpdump

ICMP error visible in trace

46

ICMP error with rate limiting

Send many errors

ICMP errors rate-limited

47

ICMP error with router advertisement

Send RA

No ICMP error expected

48

ICMP error with timestamp request

Send timestamp

No error unless unsupported

49

ICMP error with address mask request

Send mask request

No error unless unsupported

50

ICMP error with unreachable gateway

Send to down gateway

ICMP Type 3 Code 0 or 1 received

Lightweight Protocol - Testcases

Lightweight Protocol - Test Cases

#

Test Case

Description

Expected Result

1

Verify ICMP header size

Check ICMP header length

Header is 8 bytes

2

Verify minimal payload

Send ICMP with no payload

Echo Reply received

3

Verify small packet size

Send 64-byte ICMP packet

Echo Reply received

4

Verify large packet handling

Send 1500-byte ICMP packet

Echo Reply or fragmentation

5

Stateless operation

Send Echo Request

No session state maintained

6

No handshake required

Send ICMP packet

No connection setup needed

7

No retransmission logic

Drop ICMP packet

No retransmission occurs

8

No flow control

Send burst of ICMP packets

All packets sent without delay

9

No congestion control

Send ICMP during congestion

Packets may be dropped

10

No authentication

Send ICMP packet

No auth required by default

11

No encryption

Send ICMP packet

Payload is in plaintext

12

No reliability guarantees

Drop ICMP packet

No recovery mechanism

13

No ordering guarantees

Send out-of-order packets

No reordering performed

14

No session tracking

Send multiple pings

Each treated independently

15

No port numbers

ICMP uses no ports

Protocol field used instead

16

No application-layer headers

ICMP is network-layer only

No app-layer data

17

Low CPU usage

Monitor CPU during ping

Minimal CPU impact

18

Low memory usage

Monitor memory during ping

Minimal memory footprint

19

Low bandwidth usage

Send small ICMP packets

Minimal bandwidth consumed

20

Fast processing

Measure response time

Replies received quickly

21

Lightweight error reporting

Trigger unreachable error

ICMP error generated with minimal data

22

Lightweight diagnostics

Use ping/traceroute

Tools work with minimal overhead

23

Lightweight implementation

Check ICMP code size

Small code footprint in OS

24

Lightweight in embedded systems

Use ICMP on IoT device

Works with limited resources

25

Lightweight in routers

ICMP processed by router

No session state stored

26

Lightweight in firewalls

ICMP filtered easily

Stateless filtering possible

27

Lightweight in NAT

ICMP translated easily

No session tracking needed

28

Lightweight in VPN

ICMP tunneled with minimal overhead

Works over VPN

29

Lightweight in MPLS

ICMP used for LSP ping

Minimal overhead

30

Lightweight in IPv4 stack

ICMP part of core stack

No additional modules needed

31

Lightweight with IPv6 disabled

Use ICMPv4 only

No IPv6 dependency

32

Lightweight with IPv6 enabled

ICMPv4 coexists with ICMPv6

No conflict

33

Lightweight with QoS

Apply DSCP to ICMP

Markings preserved

34

Lightweight with VLAN

Send ICMP over VLAN

Minimal overhead added

35

Lightweight with GRE

Send ICMP over GRE

Works with minimal encapsulation

36

Lightweight with IPSec

Send ICMP over IPSec

Encrypted with minimal impact

37

Lightweight with fragmentation

Send large ICMP with DF

Fragmentation error generated

38

Lightweight with MTU discovery

Use ICMP for PMTUD

Works with minimal data

39

Lightweight with rate limiting

Apply ICMP rate limit

Limits enforced efficiently

40

Lightweight with logging

Log ICMP packets

Minimal log size

41

Lightweight with SNMP

Monitor ICMP stats

Minimal SNMP overhead

42

Lightweight with packet capture

Capture ICMP traffic

Small packet sizes

43

Lightweight with checksum

Validate checksum

Simple checksum used

44

Lightweight with header inspection

Inspect ICMP header

Easy to parse

45

Lightweight with embedded payload

Check payload in Echo Reply

Matches request

46

Lightweight with TTL exceeded

Send TTL=1

ICMP Time Exceeded generated

47

Lightweight with unreachable host

Ping unreachable IP

ICMP error generated

48

Lightweight with traceroute

Use traceroute

ICMP Time Exceeded used

49

Lightweight with firewall rules

Allow/block ICMP

Stateless filtering works

50

Lightweight with diagnostic tools

Use ping, traceroute, MTR

All tools function efficiently

No Reliability Mechanism - Testcases

No Reliability Mechanism - Test Cases

#

Test Case

Description

Expected Result

1

Drop Echo Request

Drop ICMP Echo Request in transit

No retransmission occurs

2

Drop Echo Reply

Drop ICMP Echo Reply

No retry or recovery

3

Unreachable Host

Send Echo Request to unreachable IP

No response; no retry

4

TTL Expired

Send packet with TTL = 1

ICMP Time Exceeded generated once

5

Invalid Checksum

Send packet with bad checksum

Packet discarded silently

6

Spoofed Source

Use spoofed source IP

Reply sent to spoofed address

7

Invalid Type

Use undefined ICMP type

Packet discarded

8

Invalid Code

Use undefined ICMP code

Packet discarded

9

Truncated Header

Send incomplete ICMP header

Packet discarded

10

Extra Payload

Add extra payload to ICMP

Payload ignored

11

Corrupted Payload

Send corrupted payload

No correction attempted

12

Duplicate Sequence

Send same sequence number

Treated as new request

13

Out-of-Order Sequence

Send non-sequential requests

No reordering

14

High Frequency

Send pings rapidly

No congestion control

15

Low TTL

TTL = 1

Time Exceeded generated once

16

DF Bit Set

Large packet with DF bit

Fragmentation Needed generated

17

Broadcast Address

Send to 255.255.255.255

No reply expected

18

Multicast Address

Send to 224.0.0.1

No reply expected

19

Loopback Address

Send to 127.0.0.1

Reply received locally

20

NAT Environment

Send through NAT

Reply translated if allowed

21

Firewall Block

Block ICMP at firewall

No reply received

22

No Route

Send to unroutable IP

Destination Unreachable generated

23

Down Interface

Send to down interface

No response

24

VRF Context

Send in VRF

Reply scoped to VRF

25

VLAN Interface

Send over VLAN

Reply received if reachable

26

GRE Tunnel

Send through GRE

Reply received if tunnel up

27

IPSec Tunnel

Send through IPSec

Reply encrypted if allowed

28

QoS Markings

Set DSCP bits

No reliability added

29

IP Options

Add IP options

Options processed; no reliability

30

Invalid IP Header

Malformed IP header

Packet discarded

31

Invalid Length

Incorrect total length

Packet discarded

32

Invalid IP Version

Use wrong IP version

Packet discarded

33

Invalid Protocol

Wrong protocol number

Packet discarded

34

Invalid Destination

Send to invalid IP

Destination Unreachable generated

35

Invalid Source

Use invalid source IP

Reply sent to invalid address

36

Spoofed TTL

Use fake TTL

TTL not validated

37

Spoofed ID

Use fake identifier

ID not validated

38

Spoofed Sequence

Use fake sequence number

Sequence not validated

39

Oversized Payload

Payload exceeds MTU

Fragmentation or discard

40

Invalid MTU

MTU < header size

Fragmentation Needed generated

41

Invalid Flags

Use undefined flags

Flags ignored

42

Invalid DSCP

Use invalid DSCP

DSCP ignored

43

Invalid ECN

Use invalid ECN

ECN ignored

44

Invalid Header Length

Wrong header length

Packet discarded

45

Invalid Total Length

Wrong total length

Packet discarded

46

Invalid ID Field

Use invalid IP ID

ID ignored

47

Invalid Fragment Offset

Use invalid offset

Offset ignored

48

Invalid Checksum

Wrong checksum

Packet discarded

49

Invalid Options Length

Wrong options length

Packet discarded

50

No Acknowledgment

Send Echo Request

No ACK mechanism exists

Control and Informational Messages - Testcases

Control and Informational Messages - Test Cases

#

Test Case

Description

Expected Result

1

Echo Request

Send ICMP Type 8

Echo Reply (Type 0) received

2

Echo Reply

Receive ICMP Type 0

Matches Echo Request

3

Destination Network Unreachable

ICMP Type 3 Code 0

Error message received

4

Destination Host Unreachable

ICMP Type 3 Code 1

Error message received

5

Protocol Unreachable

ICMP Type 3 Code 2

Error message received

6

Port Unreachable

ICMP Type 3 Code 3

Error message received

7

Fragmentation Needed

ICMP Type 3 Code 4

Error message received

8

Source Route Failed

ICMP Type 3 Code 5

Error message received

9

Network Administratively Prohibited

ICMP Type 3 Code 9

Error message received

10

Host Administratively Prohibited

ICMP Type 3 Code 10

Error message received

11

Communication Administratively Prohibited

ICMP Type 3 Code 13

Error message received

12

TTL Exceeded in Transit

ICMP Type 11 Code 0

Error message received

13

Fragment Reassembly Time Exceeded

ICMP Type 11 Code 1

Error message received

14

Parameter Problem - Pointer Error

ICMP Type 12 Code 0

Error message received

15

Parameter Problem - Missing Option

ICMP Type 12 Code 1

Error message received

16

Redirect for Network

ICMP Type 5 Code 0

Host updates route

17

Redirect for Host

ICMP Type 5 Code 1

Host updates route

18

Redirect for TOS and Network

ICMP Type 5 Code 2

Host updates route

19

Redirect for TOS and Host

ICMP Type 5 Code 3

Host updates route

20

Timestamp Request

ICMP Type 13

Timestamp Reply received

21

Timestamp Reply

ICMP Type 14

Matches Timestamp Request

22

Address Mask Request

ICMP Type 17

Address Mask Reply received

23

Address Mask Reply

ICMP Type 18

Matches Address Mask Request

24

Router Advertisement

ICMP Type 9

Host receives router info

25

Router Solicitation

ICMP Type 10

Router responds with advertisement

26

Source Quench (Deprecated)

ICMP Type 4

Message ignored or logged

27

Information Request (Deprecated)

ICMP Type 15

Message ignored

28

Information Reply (Deprecated)

ICMP Type 16

Message ignored

29

Invalid Type

Use undefined type

Packet discarded

30

Invalid Code

Use undefined code

Packet discarded

31

Echo Request with Payload

Send with data

Echo Reply includes same data

32

Echo Request with TTL = 1

Send with low TTL

Time Exceeded message received

33

Echo Request to Broadcast

Send to 255.255.255.255

No reply expected

34

Echo Request to Multicast

Send to 224.0.0.1

No reply expected

35

Echo Request with DF bit

Send large packet with DF

Fragmentation Needed message

36

Echo Request with IP Options

Add options

Options processed

37

Echo Request with QoS

Set DSCP bits

DSCP preserved

38

Echo Request with Invalid Checksum

Corrupt checksum

Packet discarded

39

Echo Request with Invalid Header

Truncated header

Packet discarded

40

Echo Request with Spoofed Source

Use fake source IP

Reply sent to spoofed address

41

Echo Request with Invalid Sequence

Use non-sequential IDs

No impact on reply

42

Timestamp Request with Delay

Simulate delay

Reply shows time difference

43

Address Mask Request with No Support

Send to unsupported host

No reply received

44

Redirect Message with Invalid Gateway

Use unreachable gateway

Host ignores redirect

45

Parameter Problem with Invalid Pointer

Use invalid pointer

Packet discarded

46

TTL Exceeded with Fragmented Packet

Send fragments with low TTL

Time Exceeded message

47

Port Unreachable with UDP

Send to closed UDP port

ICMP Type 3 Code 3 received

48

Protocol Unreachable with Raw IP

Use unsupported protocol

ICMP Type 3 Code 2 received

49

Host Unreachable with ACL

Block host via ACL

ICMP Type 3 Code 1 received

50

Network Unreachable with Routing Issue

Remove route

ICMP Type 3 Code 0 received

Stateless Operation - Testcases

Stateless Operation - Test Cases

#

Test Case

Description

Expected Result

1

Send Echo Request

Send ICMP Type 8

Echo Reply received; no state maintained

2

Send Echo Reply

Respond to Echo Request

Stateless response sent

3

Drop Echo Request

Drop packet in transit

No retry or retransmission

4

Drop Echo Reply

Drop reply packet

No recovery attempted

5

Send to Unreachable Host

No response received

No session tracking

6

Send Duplicate Requests

Send same request twice

Each treated independently

7

Send Out-of-Order Requests

Send requests non-sequentially

No reordering or tracking

8

Send with Spoofed Source

Use fake source IP

Reply sent to spoofed address

9

Send with Invalid Sequence

Use random sequence numbers

No validation or tracking

10

Send with Invalid Identifier

Use random ID

No validation or tracking

11

Send with TTL = 1

TTL expires

ICMP Time Exceeded generated once

12

Send with DF Bit

Large packet with DF set

Fragmentation Needed generated

13

Send to Broadcast

Use 255.255.255.255

No reply expected

14

Send to Multicast

Use 224.0.0.1

No reply expected

15

Send to Loopback

Use 127.0.0.1

Reply received locally

16

Send with Invalid Checksum

Corrupt checksum

Packet discarded

17

Send with Truncated Header

Incomplete ICMP header

Packet discarded

18

Send with Extra Payload

Add extra data

Payload ignored

19

Send with Invalid Type

Use undefined type

Packet discarded

20

Send with Invalid Code

Use undefined code

Packet discarded

21

Send with Invalid IP Header

Malformed IP header

Packet discarded

22

Send with Invalid Length

Incorrect total length

Packet discarded

23

Send with Invalid Protocol

Wrong protocol number

Packet discarded

24

Send with Invalid Destination

Use invalid IP

Destination Unreachable generated

25

Send with Invalid Source

Use invalid source IP

Reply sent to invalid address

26

Send with Invalid TTL

Use spoofed TTL

TTL not validated

27

Send with Invalid DSCP

Use invalid DSCP

DSCP ignored

28

Send with Invalid ECN

Use invalid ECN

ECN ignored

29

Send with Invalid Fragment Offset

Use invalid offset

Offset ignored

30

Send with Invalid Options

Use malformed IP options

Packet discarded

31

Send with Invalid Header Length

Wrong header length

Packet discarded

32

Send with Invalid Total Length

Wrong total length

Packet discarded

33

Send with Invalid ID Field

Use invalid IP ID

ID ignored

34

Send with Invalid Flags

Use undefined flags

Flags ignored

35

Send with Invalid MTU

MTU < header size

Fragmentation Needed generated

36

Send with Invalid Payload Size

Payload exceeds MTU

Fragmentation or discard

37

Send with High Frequency

Send pings rapidly

No congestion control

38

Send with Low Frequency

Send pings slowly

Each treated independently

39

Send with NAT

Send through NAT

Reply translated if allowed

40

Send with Firewall

Block ICMP

No reply; no retry

41

Send with VRF

Send in VRF

Reply scoped to VRF

42

Send with VLAN

Send over VLAN

Reply received if reachable

43

Send with GRE Tunnel

Send through GRE

Reply received if tunnel up

44

Send with IPSec Tunnel

Send through IPSec

Reply encrypted if allowed

45

Send with QoS

Set DSCP bits

No state tracking

46

Send with Logging Enabled

Log ICMP packets

Stateless logging

47

Send with SNMP Monitoring

Monitor ICMP stats

No session state tracked

48

Send with Packet Capture

Capture ICMP traffic

Stateless packets visible

49

Send with Rate Limiting

Apply ICMP rate limit

Excess packets dropped

50

Send with No Acknowledgment

Send Echo Request

No ACK mechanism exists

Security Considerations - Testcases

Security Considerations - Test Cases

#

Test Case

Description

Expected Result

1

ICMP Echo Flood

Send high-rate pings

System rate-limits or drops excess

2

ICMP Smurf Attack

Send Echo to broadcast with spoofed source

System ignores broadcast pings

3

ICMP Redirect Attack

Send fake redirect

Host ignores unauthorized redirect

4

ICMP Source Quench

Send deprecated message

Host ignores message

5

ICMP Timestamp Abuse

Send frequent timestamp requests

Host rate-limits or disables

6

ICMP Mask Request Abuse

Send frequent mask requests

Host rate-limits or disables

7

ICMP Parameter Problem

Send malformed header

Host discards packet

8

ICMP Fragmentation Needed

Send spoofed fragmentation error

Host validates MTU before acting

9

ICMP TTL Exceeded Spoof

Send fake TTL Exceeded

Host ignores if not part of session

10

ICMP Port Unreachable Flood

Send to closed UDP ports

Host rate-limits responses

11

ICMP Protocol Unreachable

Send unsupported protocol

Host sends one-time error

12

ICMP Network Unreachable

Simulate routing failure

Host logs and reroutes if possible

13

ICMP Host Unreachable

Simulate host down

Host retries or logs

14

ICMP with Spoofed Source

Send with fake IP

Host replies to spoofed address

15

ICMP with Private IP Spoof

Spoof 192.168.x.x

Host replies unless filtered

16

ICMP with Public IP Spoof

Spoof public IP

Host replies unless filtered

17

ICMP with Loopback Spoof

Spoof 127.0.0.1

Host replies to itself

18

ICMP with Multicast Spoof

Spoof 224.0.0.1

Host ignores

19

ICMP with Broadcast Spoof

Spoof 255.255.255.255

Host ignores

20

ICMP with Invalid Checksum

Corrupt checksum

Host discards packet

21

ICMP with Truncated Header

Incomplete header

Host discards packet

22

ICMP with Extra Payload

Add excessive data

Host ignores extra data

23

ICMP with Invalid Type

Use undefined type

Host discards packet

24

ICMP with Invalid Code

Use undefined code

Host discards packet

25

ICMP with Invalid Length

Incorrect total length

Host discards packet

26

ICMP with Invalid IP Header

Malformed IP

Host discards packet

27

ICMP with IP Options

Add IP options

Host processes securely

28

ICMP with DSCP Abuse

Set high priority

Host ignores DSCP

29

ICMP with ECN Abuse

Set ECN bits

Host ignores ECN

30

ICMP with Fragment Offset

Use invalid offset

Host discards or reassembles

31

ICMP with Invalid Flags

Use undefined flags

Host ignores

32

ICMP with Invalid TTL

Use TTL = 0

Host discards packet

33

ICMP with Invalid Protocol

Use wrong protocol

Host discards packet

34

ICMP with NAT

Send through NAT

NAT handles translation securely

35

ICMP with Firewall

Block ICMP types

Firewall drops or logs

36

ICMP with ACL

Apply access control

ICMP filtered as per policy

37

ICMP with VRF

Send in VRF

Response scoped to VRF

38

ICMP with VLAN

Send over VLAN

Response received if allowed

39

ICMP with GRE Tunnel

Send through GRE

Tunnel endpoint handles securely

40

ICMP with IPSec

Send through IPSec

Encrypted and authenticated

41

ICMP with Logging

Enable logging

ICMP events logged

42

ICMP with SNMP Monitoring

Monitor ICMP stats

Alerts on anomalies

43

ICMP with Rate Limiting

Apply ICMP rate limit

Excess packets dropped

44

ICMP with IDS/IPS

Detect ICMP abuse

Alerts or blocks triggered

45

ICMP with Packet Capture

Capture traffic

ICMP visible for analysis

46

ICMP with Router Advertisement

Send fake RA

Host ignores if not expected

47

ICMP with Router Solicitation

Send fake RS

Router ignores if not valid

48

ICMP with Timestamp Spoof

Spoof time values

Host ignores or logs

49

ICMP with Address Mask Spoof

Spoof mask reply

Host ignores if not requested

50

ICMP with OS Fingerprinting

Use ICMP for fingerprinting

Host randomizes responses or blocks

  • Reference links