Address Resolution Protocol (ARP)

Most computer programs/applications use logical addresses (IP Addresses) to send/receive messages.
However, the actual communication happens over the Physical Address (MAC Address) that is from layer
2 of the OSI model. So our mission is to get the destination MAC Address which helps in communicating
with other devices. This is where ARP comes into the picture, its functionality is to translate IP addresses to
Physical Addresses.

Address Resolution Protocol (ARP)

The acronym ARP stands for Address Resolution Protocol which is one of the most important protocols of
the Data link layer in the OSI model. It is responsible to find the hardware address of a host from a known
IP address. There are three basic ARP terms.

Note: ARP finds the hardware address, also known as the Media Access Control (MAC) address, of a host
from its known IP address.

Important Terms Associated with ARP

 Reverse ARP

 Proxy ARP

 Inverse ARP

Reverse ARP

Reverse Address Resolution Protocol is a protocol that is used in local area networks (LAN) by client
machines for requesting IP Address (IPv4) from Router’s ARP Table. Whenever a new machine comes,
which requires an IP Address for its use. In that case, the machine sends a RARP broadcast packet
containing MAC Address in the sender and receiver hardware field.

Proxy ARP

Proxy Address Resolution Protocol work to enable devices that are separated into network segments
connected through the router in the same IP to resolve IP Address to MAC Address. Proxy ARP is enabled
so that the ‘proxy router’ resides with its MAC address in a local network as it is the desired router to which
broadcast is addressed. In case, when the sender receives the MAC Address of the Proxy Router, it is going
to send the datagram to Proxy Router, which will be sent to the destination device.
Inverse ARP

Inverse Address Resolution Protocol uses MAC Address to find the IP Address, it can be simply illustrated
as Inverse ARP is just the inverse of ARP. In ATM (Asynchronous Transfer Mode) Networks, Inverse ARP
is used by default. Inverse ARP helps in finding Layer-3 Addresses from Layer-2 Addresses.

How ARP Works?

Imagine a device that wants to communicate with others over the internet. What does ARP do? It broadcast
a packet to all the devices of the source network. The devices of the network peel the header of the data link
layer from the Protocol Data Unit (PDU) called frame and transfer the packet to the network layer (layer 3
of OSI) where the network ID of the packet is validated with the destination IP’s network ID of the packet
and if it’s equal then it responds to the source with the MAC address of the destination, else the packet
reaches the gateway of the network and broadcasts packet to the devices it is connected with and validates
their network ID. The above process continues till the second last network device in the path reaches the
destination where it gets validated and ARP, in turn, responds with the destination MAC address.

1. ARP Cache: After resolving the MAC address, the ARP sends it to the source where it is stored in a
table for future reference. The subsequent communications can use the MAC address from the table.

2. ARP Cache Timeout: It indicates the time for which the MAC address in the ARP cache can reside.

3. ARP request: This is nothing but broadcasting a packet over the network to validate whether we
came across the destination MAC address or not.

1. The physical address of the sender.

2. The IP address of the sender.

3. The physical address of the receiver is FF:FF:FF:FF:FF: FF or 1’s.

4. The IP address of the receiver.

4. ARP response/reply: It is the MAC address response that the source receives from the destination
which aids in further communication of the data.

 CASE-1:

 The sender is a host and wants to send a packet to another host on the same network.

 Use ARP to find another host’s physical address.

 CASE-2:

 The sender is a host and wants to send a packet to another host on another network.

 The sender looks at its routing table.

 Find the IP address of the next hop (router) for this destination.

 Find the IP address of the next hop (router) for this destination.
  CASE-3:

 The sender is a router and received a datagram destined for a host on another network.

 The router checks its routing table.

 Find the IP address of the next router.

 Use ARP to find the next router’s physical address.

 CASE-4:

 The sender is a router that has received a datagram destined for a host in the same network.

 Use ARP to find this host’s physical address.

Note: An ARP request is broadcast, and an ARP response is a Unicast.

Test Yourself

Internet Schema 1

Connect two PC, say A and B with a cross cable. Now you can see the working of ARP by typing these
commands:

1. A > arp -a

There will be no entry at the table because they never communicated with each other.

Blank Entry Table ARP

2. A > ping 192.168.1.2

IP address of destination is 192.168.1.2

Reply comes from destination but one
packet is lost because of ARP processing.
Packet Loss ARP

Now, entries of the ARP table can be seen by typing the command. This is what the ARP table looks like:

ARP Table

ARP Spoofing and ARP Cache Poisoning

ARP Spoofing is a type of falseness of a device in order to link the attacker’s MAC Address with the IP
Address of the computer or server by broadcasting false ARP messages by the hacker. Upon successful
establishment of the link, it is used for transferring data to the hacker’s computer. It is simply called
Spoofing. ARP can cause a greater impact on enterprises. ARP Spoofing attacks can facilitate other attacks
like:

 Man-in-the-Middle Attack: A man-in-the-middle (MITM) attack is a type of eavesdropping in which the

cyberattacker intercepts, relays, and alters messages between two parties—who have no idea that a third
party is involved—to steal information. The attacker may try to control and manipulate the messages of one
of the parties, or of both, to obtain sensitive information. Because these types of attacks use sophisticated
software to mimic the style and tone of conversations—including those that are text- and voice-based—a
MITM attack is difficult to intercept and thwart.A MITM attack occurs when malware is distributed and
takes control of a victim's web browser. The browser itself is not important to the attacker, but the
data that the victim shares very much is because it can include usernames, passwords, account
numbers, and other sensitive information shared in chats and online discussions. Once they have
control, the attacker creates a proxy between the victim and a legitimate site, usually with a fake
lookalike site, to intercept any data between the victim and the legitimate site. Attackers do this with
online banking and e-commerce sites to capture personal information and financial data.
  Denial of Service Attack: A denial-of-service (DoS) attack is one in which a cyberattacker attempts to
overwhelm systems, servers, and networks with traffic to prevent users from accessing them. A larger-scale
DoS attack is known as a distributed denial-of-service (DDoS) attack, where a much larger number of sources
are used to flood a system with traffic.These types of attacks exploit known vulnerabilities in network
protocols. When a large number of packets are transmitted to a vulnerable network, the service can
easily become overwhelmed and then unavailable.

 Session Hijacking: Session hijacking occurs when a cyberattacker steals a user's session ID, takes over
that user's web session, and masquerades as that user. With the session ID in their possession, the attacker
can perform any task or activity that user is authorized to do on that network.Authentication occurs when
a user tries to gain access to a system or sign in to a restricted website or web service. The session ID
is stored in a cookie in the browser, and an attacker engaged in session hijacking will intercept the
authentication process and intrude in real time.

Local Area Network that uses ARP is not safe in the case of ARP Spoofing, this is simply called as ARP
Cache Poisoning.

Reverse Address Resolution Protocol (RARP)

What is Reverse Address Resolution Protocol (RARP)?

Reverse Address Resolution Protocol (RARP) is a protocol a physical machine in a local area network
(LAN) can use to request its IP address. It does this by sending the device's physical address to a specialized
RARP server that is on the same LAN and is actively listening for RARP requests.

How does RARP work?

A network administrator creates a table in a RARP server that maps the physical interface or media access
control (MAC) addresses to corresponding IP addresses. This table can be referenced by devices seeking to
dynamically learn their IP address. When a new RARP-enabled device first connects to the network, its
RARP client program sends its physical MAC address to the RARP server for the purpose of receiving an IP
address in return that the device can use to communicate with other devices on the IP network. The RARP
request is sent in the form of a data link layer broadcast. It is, therefore, important that the RARP server be
on the same LAN as the devices requesting IP address information.

Assuming an entry for the device's MAC address is set up in the RARP database, the RARP server returns
the IP address associated with the device's specific MAC address.

This image shows

the process a machine in a LAN uses to request its IP address via a RARP server.
The general RARP process flow follows these steps:

1. Device 1 connects to the local network and sends an RARP broadcast to all devices on the subnet. In
the RARP broadcast, the device sends its physical MAC address and requests an IP address it can
use.

2. Because a broadcast is sent, device 2 receives the broadcast request. However, since it is not a RARP
server, device 2 ignores the request.

3. The broadcast message also reaches the RARP server. The server processes the packet and attempts
to find device 1's MAC address in the RARP lookup table. If one is found, the RARP server returns
the IP address assigned to the device. In this case, the IP address is 51.100.102.

Is RARP obsolete? If so, what alternatives exist?

Historically, RARP was used on Ethernet, Fiber Distributed Data Interface and token ring LANs.

RARP offers a basic service, as it was designed to only provide IP address information to devices that either
are not statically assigned an IP address or lack the internal storage capacity to store one locally. Bootstrap
Protocol and Dynamic Host Configuration Protocol have largely rendered RARP obsolete from a LAN
access perspective. Both protocols offer more features and can scale better on modern LANs that contain
multiple IP subnets.

But the world of server and data center virtualization has brought RARP back into the enterprise. For
example, the ability to automate the migration of a virtual server from one physical host to another --located
either in the same physical data center or in a remote data center -- is a key feature used for high-availability
purposes in virtual machine (VM) management platforms, such as VMware's vMotion. When a VM needs to
be moved due to an outage or interruption on the primary physical host, vMotion relies on RARP to shift the
IP address to a backup host.

How is RARP different from ARP?

Unlike RARP, which uses the known physical address to find and use an associated IP address, Address
Resolution Protocol (ARP) performs the opposite action. If the logical IP address is known but the MAC
address is unknown, a network device can initiate an ARP request that seeks to learn the physical MAC
address of a device so data can be sent in a more efficient unicast packet, as opposed to a broadcast packet.
Today, ARP lookups and ARP tables are commonly performed on network routers and Layer 3 switches.

Dynamic Host Configuration Protocol (DHCP)

DHCP stands for Dynamic Host Configuration Protocol. It is the critical feature on which the users of an
enterprise network communicate. DHCP helps enterprises to smoothly manage the allocation of IP
addresses to the end-user clients’ devices such as desktops, laptops, cellphones, etc. is an application layer
protocol that is used to provide:

Subnet Mask (Option 1 - e.g., 255.255.255.0)

Router Address (Option 3 - e.g., 192.168.1.1)

DNS Address (Option 6 - e.g., 8.8.8.8)

Vendor Class Identifier (Option 43 - e.g.,

'unifi' = 192.168.1.9 ##where unifi = controller)

Why Use DHCP?

DHCP helps in managing the entire process automatically and centrally. DHCP helps in maintaining a
unique IP Address for a host using the server. DHCP servers maintain information on TCP/IP configuration
and provide configuration of address to DHCP-enabled clients in the form of a lease offer.

Components of DHCP

The main components of DHCP include:

 DHCP Server: DHCP Server is basically a server that holds IP Addresses and other information
related to configuration.

 DHCP Client: It is basically a device that receives configuration information from the server. It can
be a mobile, laptop, computer, or any other electronic device that requires a connection.

 DHCP Relay: DHCP relays basically work as a communication channel between DHCP Client and
Server.

 IP Address Pool: It is the pool or container of IP Addresses possessed by the DHCP Server. It has a
range of addresses that can be allocated to devices.

 Subnets: Subnets are smaller portions of the IP network partitioned to keep networks under control.

 Lease: It is simply the time that how long the information received from the server is valid, in case
of expiration of the lease, the tenant must have to re-assign the lease.

 DNS Servers: DHCP servers can also provide DNS (Domain Name System) server information to
DHCP clients, allowing them to resolve domain names to IP addresses.

 Default Gateway: DHCP servers can also provide information about the default gateway, which is
the device that packets are sent to when the destination is outside the local network.

 Options: DHCP servers can provide additional configuration options to clients, such as the subnet
mask, domain name, and time server information.

 Renewal: DHCP clients can request to renew their lease before it expires to ensure that they
continue to have a valid IP address and configuration information.

 Failover: DHCP servers can be configured for failover, where two servers work together to provide
redundancy and ensure that clients can always obtain an IP address and configuration information,
even if one server goes down.

 Dynamic Updates: DHCP servers can also be configured to dynamically update DNS records with
the IP address of DHCP clients, allowing for easier management of network resources.

 Audit Logging: DHCP servers can keep audit logs of all DHCP transactions, providing
administrators with visibility into which devices are using which IP addresses and when leases are
being assigned or renewed.
Operation Code Hardware type Hardware length Hop
count

Transition ID

Number of seconds Flags

Client IP address

Your IP address

Server IP address

Gateway IP address

Client hardware address

(16 bytes)

Server name

(64 bytes)

Boot file name

(128 bytes)

Options

( Variable length)

Fig. DHCP Packet Format

1.Hardware length:

This is an 8-bit field defining the length of the physical address in bytes. e.g for Ethernet the value is 6.

2.Hop count:
This is an 8-bit field defining the maximum number of hops the packet can travel.

3.Transaction ID:

This is a 4-byte field carrying an integer. The transcation identification is set by the client and is used to
match a reply with the request. The server returns the same value in its reply.

4.Number of seconds:

This is a 16-bit field that indicates the number of seconds elapsed since the time the client started to boot.

5.Flag:

This is a 16-bit field in which only the leftmost bit is used and the rest of the bit should be set to os.

A leftmost bit specifies a forced broadcast reply from the server. If the reply were to be unicast to the client,
the destination. IP address of the IP packet is the address assigned to the client.

6.Client IP address:

This is a 4-byte field that contains the client IP address . If the client does not have this information this field
has a value of 0.

7.Your IP address:

This is a 4-byte field that contains the client IP address. It is filled by the server at the request of the client.

8.Server IP address:

This is a 4-byte field containing the server IP address. It is filled by the server in a reply message.

9.Gateway IP address:

This is a 4-byte field containing the IP address of a routers. IT is filled by the server in a reply message.

10.Client hardware address:

This is the physical address of the client .Although the server can retrieve this address from the frame sent
by the client it is more efficient if the address is supplied explicity by the client in the request message.

11.Server name:

This is a 64-byte field that is optionally filled by the server in a reply packet. It contains a null-terminated
string consisting of the domain name of the server. If the server does not want to fill this filed with data, the
server must fill it with all 0s.

12.Boot filename:

This is a 128-byte field that can be optionally filled by the server in a reply packet. It contains a null-
terminated string consisting of the full pathname of the boot file. The client can use this path to retrieve
other booting information. If the server does not want to fill this field with data, the server must fill it with
all 0s.

13.Options:

This is a 64-byte field with a dual purpose. IT can carry either additional information or some specific
vendor information. The field is used only in a reply message. The server uses a number, called a magic
cookie, in the format of an IP address with the value of 99.130.83.99. When the client finishes reading the
message, it looks for this magic cookie. If present the next 60 bytes are options.

Working of DHCP

The working of DHCP is as follows:

DHCP works on the Application layer of the TCP/IP Protocol. The main task of DHCP is to dynamically
assigns IP Addresses to the Clients and allocate information on TCP/IP configuration to Clients. For more,
you can refer to the Article Working of DHCP.

The DHCP port number for the server is 67 and for the client is 68. It is a client-server protocol that uses
UDP services. An IP address is assigned from a pool of addresses. In DHCP, the client and the server
exchange mainly 4 DHCP messages in order to make a connection, also called the DORA process, but there
are 8 DHCP messages in the process.

Working of DHCP

The 8 DHCP Messages:

1. DHCP discover message: This is the first message generated in the communication process between the
server and the client. This message is generated by the Client host in order to discover if there is any DHCP
server/servers are present in a network or not. This message is broadcasted to all devices present in a
network to find the DHCP server. This message is 342 or 576 bytes long
DHCP discover message

As shown in the figure, the source MAC address (client PC) is 08002B2EAF2A, the destination MAC
address(server) is FFFFFFFFFFFF, the source IP address is 0.0.0.0(because the PC has had no IP address till
now) and the destination IP address is 255.255.255.255 (IP address used for broadcasting). As they discover
message is broadcast to find out the DHCP server or servers in the network therefore broadcast IP address
and MAC address is used.

2. DHCP offers a message: The server will respond to the host in this message specifying the unleased IP
address and other TCP configuration information. This message is broadcasted by the server. The size of the
message is 342 bytes. If there is more than one DHCP server present in the network then the client host will
accept the first DHCP OFFER message it receives. Also, a server ID is specified in the packet in order to
identify the server.

DHCP offer message

Now, for the offer message, the source IP address is 172.16.32.12 (server’s IP address in the example), the
destination IP address is 255.255.255.255 (broadcast IP address), the source MAC address is
00AA00123456, the destination MAC address is FFFFFFFFFFFF. Here, the offer message is broadcast by
the DHCP server therefore destination IP address is the broadcast IP address and destination MAC address is
FFFFFFFFFFFF and the source IP address is the server IP address and the MAC address is the server MAC
address.

Also, the server has provided the offered IP address 192.16.32.51 and a lease time of 72 hours(after this time
the entry of the host will be erased from the server automatically). Also, the client identifier is the PC MAC
address (08002B2EAF2A) for all the messages.

3. DHCP request message: When a client receives an offer message, it responds by broadcasting a DHCP
request message. The client will produce a gratuitous ARP in order to find if there is any other host present
in the network with the same IP address. If there is no reply from another host, then there is no host with the
same TCP configuration in the network and the message is broadcasted to the server showing the acceptance
of the IP address. A Client ID is also added to this message.

DHCP request message

Now, the request message is broadcast by the client PC therefore source IP address is 0.0.0.0(as the client
has no IP right now) and destination IP address is 255.255.255.255 (the broadcast IP address) and the source
MAC address is 08002B2EAF2A (PC MAC address) and destination MAC address is FFFFFFFFFFFF.

Note – This message is broadcast after the ARP request broadcast by the PC to find out whether any other
host is not using that offered IP. If there is no reply, then the client host broadcast the DHCP request
message for the server showing the acceptance of the IP address and Other TCP/IP Configuration.

4. DHCP acknowledgment message: In response to the request message received, the server will make an
entry with a specified client ID and bind the IP address offered with lease time. Now, the client will have the
IP address provided by the server.
DHCP acknowledgment message

Now the server will make an entry of the client host with the offered IP address and lease time. This IP
address will not be provided by the server to any other host. The destination MAC address is
FFFFFFFFFFFF and the destination IP address is 255.255.255.255 and the source IP address is
172.16.32.12 and the source MAC address is 00AA00123456 (server MAC address).

5. DHCP negative acknowledgment message: Whenever a DHCP server receives a request for an IP
address that is invalid according to the scopes that are configured, it sends a DHCP Nak message to the
client. Eg-when the server has no IP address unused or the pool is empty, then this message is sent by the
server to the client.

6. DHCP decline: If the DHCP client determines the offered configuration parameters are different or
invalid, it sends a DHCP decline message to the server. When there is a reply to the gratuitous ARP by any
host to the client, the client sends a DHCP decline message to the server showing the offered IP address is
already in use.

7. DHCP release: A DHCP client sends a DHCP release packet to the server to release the IP address and
cancel any remaining lease time.

8. DHCP inform: If a client address has obtained an IP address manually then the client uses DHCP
information to obtain other local configuration parameters, such as domain name. In reply to the DHCP
inform message, the DHCP server generates a DHCP ack message with a local configuration suitable for the
client without allocating a new IP address. This DHCP ack message is unicast to the client.

Note – All the messages can be unicast also by the DHCP relay agent if the server is present in a different
network.
Advantages of DHCP

The advantages of using DHCP include:

 Centralized management of IP addresses.

 Centralized and automated TCP/IP configuration.

 Ease of adding new clients to a network.

 Reuse of IP addresses reduces the total number of IP addresses that are required.

 The efficient handling of IP address changes for clients that must be updated frequently, such as
those for portable devices that move to different locations on a wireless network.

 Simple reconfiguration of the IP address space on the DHCP server without needing to reconfigure
each client.

 The DHCP protocol gives the network administrator a method to configure the network from a
centralized area.

 With the help of DHCP, easy handling of new users and the reuse of IP addresses can be achieved.

Disadvantages of DHCP

The disadvantage of using DHCP is:

 IP conflict can occur.

 The problem with DHCP is that clients accept any server. Accordingly, when another server is in the
vicinity, the client may connect with this server, and this server may possibly send invalid data to the
client.

 The client is not able to access the network in absence of a DHCP Server.

 The name of the machine will not be changed in a case when a new IP Address is assigned.

ICMP

ICMP or Internet Control Message Protocol is one of the major protocols of the TCP/IP. ICMP is a
mechanism used by the host, routers, and gateways to send error messages back to the sender. As the IP does
not provide any mechanism for error reporting and control, ICMP has been designed to compensate for these
deficiencies of the IP. However, it only reports the error and doesn't correct the error .

The ICMP messages are divided into two categories:

1. Error Message

2. Query Message
Error Message

The error messages report the problems which may be faced by the hosts or routers when they process the IP
packet.

1. Destination Unreachable: When any router or gateway determines that the packet cannot be
sent(due to link failure, congestion , etc) to the final destination then it sends an ICMP destination
unreachable message to the source. Not only the routers but the destination host can also send the
ICMP error message if there is any failure at the destination like hardware failure, port failure, etc.

2. Source Quench: A source quench is a request by the receiver to the sending host or sender
to reduce the rate at which the sender is sending the data. This message is sent by the receiver when
it has congestion and there are chances that the packet may get lost if the sender keeps on sending the
packets at the same rate.

3. Parameter Problem: When the packet is received by the router then the calculated checksum should
be equal to the received checksum. If there is any ambiguity then the packet is dropped by the router
and the parameter problem message is sent.

4. Time Exceeded: Whenever the TTL(Time to Live) field of the datagram reduces to zero then the
router discards the datagram and sends the time exceeded message to the source.

5. Route Redirect: If any router determines that the host has incorrectly sent the packet to the different
router the router uses the route redirect message to inform the host to update its routing information.
So, it helps in improving the efficiency of the routing process.

Query Message

The ICMP protocol can diagnose some network problems also. Query messages help the hosts to get some
specific information from a router or another host.

1. TimeStamp Request/Reply: Host and routers determine the round trip- time required for an IP
datagram to travel between hosts or routers. It can also be used to synchronize the clocks in two
systems.

2. Router Solicitation and Advertisement: If the host wants to send the data to a host on another
network then it needs to know the address of the routers connected. The host also needs to know
if routers are alive and operational . All these functions are provided by the router solicitation and
advertisement message.

3. Address Mask Request/Reply: The host broadcast the address mask request if it does not know the
address of the router . The router receiving the address mask request replies with the necessary
mask for the host.

4. Echo Request/ Echo Reply: It a command designed checking the connectivity between two
hosts. Example : ping command.
Let's say you want to check the connectivity between your computer and the Google server. You can do this
by writing the command “ping www.google.com” in the command line.

When the ping command is invoked then the ICMP echo request message is sent to the target host(google,
here). If the target is connected to the network and operational then it sends an echo reply message as an
acknowledgement.

IGMP

IGMP is also a protocol of the TCP/IP. Internet Group Message Protocol is an Internet protocol that
manages multicast group membership on IP networks. Multicast routers are used to send the packets to
all the hosts that are having the membership of a particular group. These routers receive many packets that
are to be transmitted to various groups and they just can't broadcast it as it will increase the load on the
network.

So to overcome this problem a list of groups and their members is maintained and IGMP helps the multicast
router in doing so. The multicast router has a list of the multicast address for which there are any members
in the network. There is a multicast router for each group that distributes the multicast traffic of the group to
the members of that group.

Major goals of the IGMP protocol.

1. To inform the local multicast router that the host wants to receive the multicast traffic of a particular
group.

2. To inform the local multicast router that the host wants to leave a particular group.

Versions of IGMP

 IGMPv1: It was the first version where the host announced that it wants to receive the traffic of a
particular multicast group. 0.0.0.0 is defined as the group address and the 224.0.0.1 as
the destination address for the general IGMP requests. The default interval for these requests which
is sent automatically by the routers is 60 seconds. There was no system of leaving a multicast group.
Only a timeout (delay timer 180 seconds)removes the respective host from groups they’re in.
Suppose the host which is in a particular group closes its system. This results in a situation where the
traffic is sent to the host even if is not accepting the traffic. When the router discovers after some
time that the host is no longer accepting the traffic then the multicast traffic is stopped. This problem
was resolved in the next version.
  IGMPv2: The group address (0.0.0.0) and destination address(224.0.0.1) remain unchanged. but,
the default interval for these requests which is sent automatically by the routers is increased to 125
seconds . The most important feature added in this version is “leave message” which a host can send
if it wants to leave a group. This allows the router to stop an unnecessary multicast of traffic.

 IGMPv3: The group address (0.0.0.0) and destination address(224.0.0.1) remain unchanged and
the default interval for these requests which is sent automatically by the routers is 125 seconds. The
most feature added in this version was the option to select the source of the multicast stream . This
reduces the demands on the network and ensures greater security during transmission.

Difference between ICMP and IGMP

S.NO ICMP IGMP

ICMP stands for Internet Control While IGMP stands for Internet Group
1.
Message Protocol. Message Protocol.

2. ICMP has PING features. While it has the Multicast feature.

Internet control message protocol is While internet group message protocol

3.
unicasting. is multicasting.

ICMP can be operate between host to While IGMP can be used between
4.
host or host to router or router to router. client to multicast router.

IGMP is also a network layer or layer3

5. ICMP is a layer3 protocol.
protocol.

It controls the unicast communication

6. It controls the multicast communication.
and used for reporting error.

ICMP could be a mechanism employed

While IGMP is employed to facilitate
by hosts and gateway to send
7. the synchronal transmission of a
notification of datagram downside back
message to a bunch of recipients.
to sender.

ICMP is used to test reachability to a While IGMP is used in group packet

8.
host or network. transmission like DTS service.

ICMP is primarily used for diagnostic and IGMP is primarily used for multicasting
9.
error reporting purposes. purposes.

ICMP messages are typically sent in IGMP messages are sent by hosts to
10. response to errors or diagnostic multicast routers to join or leave
requests. multicast groups.