The article explores the implementation of our ICMP detection module, detailing the engineering process and how the ICMP Echo Stream (iStream) assembler played a key role in designing its core detection rules.

With version 2.0, we have added the capability to construct ICMPv4/v6 Echo streams, which we refer to throughout the document as iStreams (note the ‘i’). PacketSmith is the only known tool capable of constructing ICMP (when the version is not specified, both v4 and v6 are considered) Echo streams, similar to TCP/UDP streams. With this feature, we can interrogate and dissect the ICMP Echo protocol in various ways to capture its unique behavioural and semantic characteristics.

Yesterday, we released PacketSmith v2.0, and today we are publishing an article detailing some of the implementation details of IPv4/IPv6 Packet Fragmentation: detection and reassembly.

PacketSmith: A Comprehensive CLI Utility for Editing, Transforming, and Analyzing PCAP Network Traffic.