NXLog search
Let's Talk Start free
Let's Talk
1.08

ICMP (Internet Control Message Protocol)

Description

A network layer protocol utilized by network devices to diagnose communication problems. ICMP is primarily used to determine whether data is reaching its intended destination promptly. Additionally, network devices, such as routers, utilize the ICMP protocol for error reporting when network issues prevent the delivery of data packets.

Hackers have also found ways to use ICMP messages maliciously, such as Ping of Death (PoD) attacks, Smurf attacks, and ping flood attacks. While few networks are vulnerable to PoD and Smurf attacks today, most systems remain susceptible to ping flood attacks. In corporate networks, ICMP traffic commonly indicates ping requests, and a certain amount of ICMP traffic is expected. However, a sharp increase in ICMP traffic over a short period usually indicates malicious activity. Therefore, ICMP traffic is worth monitoring.

NXLog Agent provides the Packet Capture input module to capture network traffic. You can use it in conjunction with the Event Correlator processor module to define a threshold for expected ICMP traffic and generate an alert if exceeded.

Also known as

ICMP protocol

See also

Detect unusual ICMP traffic

A

Access rules

Agent

Agent-based log collection

Agentless log collection

Agent management

Audit log

Automatic enrollment

B

Bandwidth

C

CEF (Common Event Format)

Configuration

CSV (Comma-separated Values)

Customer

Customer portal

D

Deployment

DNS (Domain Name System)

E

Endpoint security

Enroll

EPS (Events Per Second)

ETW (Event Tracing for Windows)

Event correlation

F

Failover

G

GELF (Graylog Extended Log Format)

I

ICMP (Internet Control Message Protocol)

IDS (Intrusion Detection System)

J

JSON (JavaScript Object Notation)

K

Kernel log

KVP (Key-Value Pair)

L

LEEF (Log Event Extended Format)

Log centralization

Log normalization

Log parsing

Log source

Log storage

Log type

M

Multi-line logs

N

NetFlow

O

Organization

P

PCI-DSS (Payment Card Industry Data Security Standard)

Protocol

R

Relay

S

SIEM (Security Information and Event Management)

SNMP (Simple Network Management Protocol)

Structured logging

Subscription

Syslog

T

TCP (Transmission Control Protocol)

Tenant

TLS (Transport Layer Security)

U

UDP (User Datagram Protocol)

User role

W

W3C Extended Log File Format

WEC (Windows Event Collector)

WEF (Windows Event Forwarding)

Windows event ID

WMI (Windows Management Instrumentation)

X

XPath

© Copyright NXLog Ltd.

PRIVACY POLICY GENERAL TERMS OF BUSINESS