The Internet Control Message Protocol (ICMP) [RFC792] protocol is a classic example of client server application. The ICMP server executes on all IP end system computers and all IP intermediate systems (i.e routers). The primary purpose of ICMP is for error reporting and to perform network diagnostics.
ICMP is a supporting protocol in Internet layer of the Internet protocol suite. It is used by network devices, including routers, to send error messages and operational information indicating success or failure when communicating with another IP address. The network diagnostic tools traceroute and ping both operate using ICMP.
The figure above shows the encapsulation of ICMP over an Ethernet LAN using an IP network layer header, and a MAC link layer header and trailer containing the 32-bit checksum. The ICMP header contains three fields as the major type that identifies the ICMP message; the minor code that contains more information about the type field; and the checksum that helps detect errors introduced during transmission.
It is the responsibility of the network layer (IP) protocol to ensure that the ICMP message is sent to the correct destination. This is achieved by setting the destination address of the IP packet carrying the ICMP message. The source address is set to the address of the computer that generated the IP packet (carried in the IP source address field) and the IP protocol type is set to “ICMP” to indicate that the packet is to be handled by the remote end system’s ICMP client interface.
The Smurf attacks and Ping Flood (DDoS) attacks use ICMP to launch attacks either by sending an IP packet larger than the number of bytes allowed by the IP protocol or by spoofing ICMP echo/ping.
Image Credit: Comparitech