ICMP (Internet Control Message Protocol) is an error-reporting protocol network devices like routers use to generate error messages to the source IP address when network problems prevent delivery of IP packets
Watch the Video lecture on ICMP (click here)
ICMP 3 Timestamp Query calculations
You are invited to raise queries by writing your question in the the box given below
Expertvision 
Good afternoon Professor!
What is the maximum value of the pointer field in a parameter-problem message?
When a Parameter Problem message is generated due to a specific bad field in the original message, the Pointer field is used as described above to show the location of the problem. This meaning of the Parameter Problem message is the one that was defined in the original ICMP standard, RFC 792, and is associated with Code value 0.
Logically the maximum value that pointer field can have is 17, bcoz it points the last field (4 bytes destination address) in the IP header ( from mandatory 20 bytes)
Hello Professor,
In this lecture you discussed only error-reporting messages, but what about query messages?
Are they reported to original source only? And what will be the structure of ICMP in this case?
Hi..
Query message is not only used for reporting to source as it is used in error reporting, but is also used for gathering and managing various internet operations. You are advised to watch the following videos for more details
ICMP – Timestamp Query Calculations
Hi Professor
Can you give more information about using Pointer in Parameter-problem message format?
pointer field is used to specify the position of error (i.e. the error field). Pointer is only used when the error occur in first 20 bytes of Header.
Dear Professor,
Can you explain the following:
1. ICMP-Flood Attack Filtering
ICMP-Flood Packets Threshold
2. UDP-Flood Attack Filtering
UDP-Flood Packets Threshold
3. TCP-SYN-Flood Attack Filtering
TCP-SYN-Flood Packets Threshold
Thank you!
In general these all attacks are categorized as Denial of Service (DoS) attacks.
The basic nature of this type of attack is to overwhelm (keep busy) to any target computer by sending fake request so that it will not able to service/process the actual request.
In ICMP flood attack, or Ping flood attack, the attacker flood the target with echo request packets, the target machine is forced to respond with an equal number of reply packets. This causes the target to become inaccessible to normal traffic. In this case, the attacker must obtain the IP address of the destination beforehand.
To avoid suck attack, either we disable the ICMP protocol to function at any machine so no such request can be handled or ICMP Flood Attack Threshold (ICMP Packets / Sec) can be set, which means if request crosses the threshold value then the ICMP will stop responding to such request and would normalize this attack in short time.
TCP-SYN attack is a situation when one or more malicious attacker overwhelms the server by sending SYN segments. You must be knowing the TCP undergoes the connection-establishment phase before two machine actually communicates, this phase is accomplished by sending a SYN segment where two machines agrees to communicate and allocates some resources ( like TCb tables, buffer space, CPU cycles etc) to each other.
The attacker pretends request comes from different IP ( clients), the server will allocate the resources to each SYN request ( actually fake request). Very shortly the server runs outs of resources and will not able to serve the actual SYN request.
Here also it can be managed by setting a threshold value. If the number of inbound SYN packets destined to one single destination IP address per second exceeds the threshold, system will identify the traffic as a SYN flood.
In UDP flood attack, the attacker overwhelms random ports on the targeted host with IP packets containing UDP datagrams. The targeted host checks for applications associated with these datagrams and since it is fake, it is not found resulting, will sends back a “Destination Unreachable” packet. With such fake request, the system becomes overwhelmed soon and will be unresponsive to other clients.
Hope this help you to understand the different attacks.
Good Evening Professor!
Why error reporting ICMP messages include IP headers and datagram data?
This is included because this first 8 bytes contain information about the port number and sequence number used. This is required for the source(sender) machine to inform the Protocols(UDP and TCP) about the error.
Kindly review that data in datagram(Network layer) is the content of segment/user-datagram(Transport layer) of which header contains port information. Without this, the source machine on receiving ICMP message cannot figure out that the error is corresponding to which port.