Hopefully, by now, you can see the many aspects of ICMP, which is a significant protocol in the TCP/IP suite. We looked at the purpose of ICMP: a method to communicate issues that prevent data delivery. We compared ICMPv4 and ICMPv6, which have similar functions; however, we identified how ICMPv6 has a bigger role. So that you can use this protocol while troubleshooting, we looked at ICMP messages that communicate with hosts to report on transmission errors, along with query messages that attempt to obtain information from a host.

To better understand the ICMP type and code values, we took a look at how they work in communicating information. In addition, we saw that there are some ICMP types that you will rarely see as they are now deprecated and/or not supported. By now, you should see that ICMP is a powerful protocol that helps to move traffic on a network, but we covered how ICMP can be used in malicious ways. As a result, you now understand the need to configure firewall rules that allow or deny specific types of ICMP traffic in order to reduce the threat of malicious ICMP traffic on the local area network.

In the next chapter, we will review ARP and begin with an overview of the role and purpose of ARP. So that you understand how ARP works and what an ARP packet looks like, we will cover an ARP transaction along with a closer look at ARP headers and fields. We will see the importance of a different type of ARP, called a Gratuitous ARP. Finally, we will look at ARP attacks and how to identify and defend against these types of threats.