Scribd Logo
Upload

Welcome to Scribd!

  • Joshua Larkin CSC 251 Net-Centric Spring 2012: Host IP: 192.168.1.69 Destination IP: 72.14.204.160

    Uploaded by

    Ярик Макс
    18 views3 pages
    This document summarizes the key findings from a Wireshark lab on ICMP and traceroute: 1. ICMP ping request packets contain the ICMP type and code, checksum, identifier, and sequence number fields. Ping reply packets contain the same fields but with type and code values of 0. 2. Traceroute works by incrementing the TTL field in ICMP echo packets. ICMP error packets received by the source host contain a copy of the initially sent packet and have type and code values of 3. 3. In the traceroute measurements, the delay across one link was significantly longer than others, most likely representing the jump across continents between routers with IP-only names versus English hostnames.

    Original Description:

    Original Title

    ws6

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document summarizes the key findings from a Wireshark lab on ICMP and traceroute: 1. ICMP ping request packets contain the ICMP type and code, checksum, identifier, and sequence number fields. Ping reply packets contain the same fields but with type and code values of 0. 2. Traceroute works by incrementing the TTL field in ICMP echo packets. ICMP error packets received by the source host contain a copy of the initially sent packet and have type and code values of 3. 3. In the traceroute measurements, the delay across one link was significantly longer than others, most likely representing the jump across continents between routers with IP-only names versus English hostnames.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    18 views3 pages

    Joshua Larkin CSC 251 Net-Centric Spring 2012: Host IP: 192.168.1.69 Destination IP: 72.14.204.160

    Uploaded by

    Ярик Макс
    This document summarizes the key findings from a Wireshark lab on ICMP and traceroute: 1. ICMP ping request packets contain the ICMP type and code, checksum, identifier, and sequence number fields. Ping reply packets contain the same fields but with type and code values of 0. 2. Traceroute works by incrementing the TTL field in ICMP echo packets. ICMP error packets received by the source host contain a copy of the initially sent packet and have type and code values of 3. 3. In the traceroute measurements, the delay across one link was significantly longer than others, most likely representing the jump across continents between routers with IP-only names versus English hostnames.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Joshua Larkin

    CSC 251
    Net-Centric
    Spring 2012

    Wireshark Lab 6: ICMP

    1. ICMP and Ping:

    1. What is the IP address of your host? What is the IP address of the destination host?

    Host IP: 192.168.1.69


    Destination IP: 72.14.204.160

    2. Why is it that an ICMP packet does not have source and destination port numbers?

    ICMP is handled by the network and does not need to transfer data through a port up to a higher
    layer.

    3. Examine one of the ping request packets sent by your host. What are the ICMP type and code
    numbers? What other fields does this ICMP packet have? How many bytes are the checksum,
    sequence number and identifier fields?
    Type: 8. Code: 0. The other fields are Checksum, Identifier, and Sequence Number. They are
    each 2 bytes long.

    4. Examine the corresponding ping reply packet. What are the ICMP type and code numbers? What
    other fields does this ICMP packet have? How many bytes are the checksum, sequence number and
    identifier fields?

    Type: 0. Code: 0. The other fields are Checksum, Identifier, and Sequence Number. They are
    each 2 bytes long.

    2. ICMP and Traceroute:

    5. What is the IP address of your host? What is the IP address of the target destination host?

    Host IP: 192.168.1.69.


    Destination IP: 72.14.204.160.

    6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the
    probe packets? If not, what would it be?

    It would not be 01. It would be 17 as specified by RFC 1010.

    7. Examine the ICMP echo packet in your screenshot. Is this different from the
    ICMP ping query packets in the first half of this lab? If yes, how so?
    The only difference is that the echo packets here are incrementing the TTL field.

    8. Examine the ICMP error packet in your screenshot. It has more fields than the
    ICMP echo packet. What is included in those fields?

    A copy of the packet that we initially sent out.

    9. Examine the last three ICMP packets received by the source host. How are these packets different
    from the ICMP error packets? Why are they different?

    They are "Destination unreachable" messages from the server with Type and Code values of 3.

    10. Within the tracert measurements, is there a link whose delay is significantly longer than others?
    Refer to the screenshot in Figure 4, is there a link whose delay is significantly longer than others? On
    the basis of the router names, can you guess the location of the two routers on the end of this link?

    Yes there is. It is most likely the jump across continents. The link on one end is still inside the US.
    After that the routers only have IP address for names and no hostnames are given. This may signify that
    the jump has been made to Asia where the IP address do not have English names.

    You might also like