Firewall: ICMP Filter
Desktop Training - Fedora

ICMP or Internet Control Message Protocol is used to provide information about network connections.  If you are on a local network that is secure you can leave these connections active to provide connection testing and information.  This will assume that your external firewall guarding your network from the Internet does not allow these type of messages.  The reason you do not want ICMP message from the Internet is that these message can provide an attacker with a lot of information.

Lesson 9 / Lesson 11

ICMP

Here is an example of the most common ICMP message use.

Ping stands for Packet Internet Groper.
It is usually the first port of call when troubleshooting network issues. Think of it as a virtual wave to the device you are trying to connect to. All it does is send a short ‘hello’ message to the destination asking if it exists or is alive. Then it feeds back the results to you. If it receives a reply then it will tell you how long it took. If it doesn’t receive as reply then you know there is something wrong with the connection.  This is using ICMP.

The command is: ping –c 5 192.169.102.134
Ping is the command. –c 5 is to ping the destination 5 times. If you don’t add this then the ping will be continuous until you press Ctrl C. 192.169.102.134 is the destination address you want to reach.

You can ping to a destination hostname if you like, but it then brings DNS into the mix and that’s a whole other post!

That command would be: ping –c 5 www.google.com
In this example the ping succeeds and even tells you how long it took to get a response. The lower the number, the better the network.

ping www.google.com

Pinging www.l.google.com [209.85.227.147] with 32 bytes of data:

Reply from 209.85.227.147: bytes=32 time=29ms TTL=242
Reply from 209.85.227.147: bytes=32 time=26ms TTL=242
Reply from 209.85.227.147: bytes=32 time=26ms TTL=242
Reply from 209.85.227.147: bytes=32 time=25ms TTL=242

Ping statistics for 209.85.227.147:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 25ms, Maximum = 29ms, Average = 26ms

You can see that the system queries the DNS server and gets the IP address of 1.google.com [209.85.227.147]. Then it sends a ping request and gets a reply.

Pinging a known working device will then tell you whether the problem is at the local end, i.e. the machine you are using or the destination or far end. If your ping returns from the known working machine then you know the problem is likely at the far end or somewhere in between depending on your network routing. If the ping doesn’t return then you should look a little closer to home!