Why is ICMP used for tunneling?

Prepare for the Wireshark Traffic Analysis Exam. Study with flashcards and multiple choice questions, each question includes hints and explanations. Ace your exam!

Multiple Choice

Why is ICMP used for tunneling?

Explanation:
ICMP tunneling works because ICMP is typically treated as trusted diagnostic traffic and is often permitted through firewalls. Since many networks allow ICMP echo requests/replies for ping and traceroute, data carried inside ICMP payloads can traverse devices that would block other protocols. This permissive handling makes ICMP a convenient carrier for a covert channel. It’s not about high bandwidth or security, and NAT behavior isn’t guaranteed, but the enduring reason it’s used for tunneling is that ICMP is commonly allowed through security devices.

ICMP tunneling works because ICMP is typically treated as trusted diagnostic traffic and is often permitted through firewalls. Since many networks allow ICMP echo requests/replies for ping and traceroute, data carried inside ICMP payloads can traverse devices that would block other protocols. This permissive handling makes ICMP a convenient carrier for a covert channel. It’s not about high bandwidth or security, and NAT behavior isn’t guaranteed, but the enduring reason it’s used for tunneling is that ICMP is commonly allowed through security devices.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy