HCNA 4 (ICMP +ARP +transport Layer)

Internet Control Message
Protocol
Lecture 4: ARP + ICMP HCNA-01
ICMP
Message
Return Message
• Integral part of internet.
• Feedback Protocol of Internet: routing, diagnostics and errors.
• The purpose of these control messages is to provide feedback about

problems in the communication environment, and does not guarantee that
a datagram will be delivered, or that a control message will be returned.
Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

ICMP Format
Ethernet_II IP ICMP FCS
0 8 15 31
Type Code Checksum
Variable Parameters – Dependant on ICMP Type Field
Internet Header + 64 bits of Original Data Datagram – Dependant on ICMP Type Field
 ICMP parameters are represented in a type/code format.
 Additional data often carried to identify the undelivered packet.

ICMP Type & Code Fields
Type Code Description

0 0 Echo Reply
3 0 Network Unreachable
3 1 Host Unreachable
3 2 Protocol Unreachable
3 3 Port Unreachable
5 0 Redirect Datagram for the Network
8 0 Echo Request
 The Type value represents the format of a message.
 The Code value provides a more specific message description.

ICMP (Routing)
Server A
Public Network
20.0.0.1/24
20.0.0.2/24
10.0.0.200/24
③ ① 10.0.0.100/24
② ICMP Redirect
IP: 10.0.0.1/24
Gateway: 10.0.0.100/24
Host A

ICMP (Diagnostics)
ICMP Echo Request ICMP Echo Reply
Host A Server
 Two separate messages are used for the request and reply.
 Commonly associated with the Ping application.

ICMP (Errors)
.2 10.0.0.0/24 .1 .2 20.0.0.0/24 .1
Host A Server
Packet Forwarding
ICMP Destination Unreachable
 Notifies the packet source of problems with packet forwarding.
 Uses the source IP address in the IP header for notification.

ICMP Applications - Ping
.1 10.0.0.0/24 .2
RTA RTB
<RTA>ping ?
-a Select source IP address, the default is the IP address of
the output interface
-c Specify the number of echo requests to be sent, the
default is 5
-t Timeout in milliseconds to wait for each reply, the
default is 2000ms
STRING<1-255> IP address or hostname of a remote system
……
<RTA>ping 10.0.0.2

Ping Results
<RTA>ping 10.0.0.2
PING 10.0.0.2 : 56 data bytes, press CTRL_C to break
Reply from 10.0.0.2 : bytes=56 Sequence=1 ttl=255 time=340 ms
--- 10.0.0.2 ping statistics ---

5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/88/340 ms

ICMP Application – Traceroute
30.0.0.0/24
Host A RTA RTB Host B
10.0.0.0/24 20.0.0.0/24
<RTA>tracert ?
-a Set source IP address, the default is the IP
address of the output interface
-f First time to live, the default is 1
-m Max time to live, the default is 30
-name Display the host name of the router on each hop
-p Destination UDP port number, the default is 33434
STRING<1-255> IP address or hostname of a remote system
……
<RTA>tracert 30.0.0.2

Traceroute Results
<RTA>tracert 30.0.0.2
traceroute to 30.0.0.2(30.0.0.2), max hops:30, packet length:40,

press CTRL_C to break
1 10.0.0.2 130 ms 50 ms 40 ms
2 20.0.0.2 80 ms 60 ms 80 ms
3 30.0.0.2 80 ms 60 ms 70 ms
 Traceroute displays hop-by-hop transmission results.
 TTL value is used to define a hop limit for each set of results.
Summary
 Which two ICMP message types are used as part of a successful
Ping?
 In the event that the TTL value in the IP header of a datagram
reaches zero, what action will be taken by the receiving gateway?

Address Resolution Protocol
ARP
IP: 10.1.1.1/24 IP : 10.1.1.2/24
MAC: 00-01-02-03-04-AA MAC: 00-01-02-03-04-BB
Host A Host B
ETH_II IP DATA FCS
Dest IP : 10.1.1.2
Source IP : 10.1.1.1
Dest MAC : UNKNOWN

Source MAC : 00-01-02-03-04-AA
 Data link forwarding relies on knowledge of the MAC address of the data
link layer destination.
Address Resolution Protocol

ARP
• Anytime a node has an IP datagram to send to another node in a link, it has
the IP address of the receiving node.
• ARP accepts an IP address from the IP protocol, maps the address to the
corresponding link-layer address, and passes it to the data-link layer.

ARP: Packet Format
• Size of ARP packet (28 bytes)
– Hardware Type and Protocol Type (2 bytes each)
– Hardware Length and Protocol Length (6 and 4 bytes respectively).
– Operation (2 bytes)
– Source and destination Hardware Address (6 bytes each)
– Source and destination Protocol Address (4 bytes each)
Ethernet_II ARP FCS
0 15 31
Hardware Type Protocol Type
Hardware Protocol Length Operation Code

Length
Source Hardware Address
Source Protocol Address
Destination Hardware Address
Destination Protocol Address

ARP Process
Host B
10.0.0.2
00-01-02-03-04-BB
Host A Host C
10.0.0.1 10.0.0.3
00-01-02-03-04-AA 00-01-02-03-04-CC
 Host A wishes to forward data to Host C, but must identify whether it is

able to reach the destination at the data link layer.

ARP Cache Lookup

Host B
10.0.0.2
00-01-02-03-04-BB
Host A Host C
10.0.0.1 10.0.0.3
00-01-02-03-04-AA 00-01-02-03-04-CC
Host A>arp -a
Internet Address Physical Address Type
• When a source device want to communicate, it checks its ARP cache for MAC
address of destination.

ARP Request Process

Host B
10.0.0.2
00-01-02-03-04-BB
Host A Host C
10.0.0.1 10.0.0.3
00-01-02-03-04-AA 00-01-02-03-04-CC
D.MAC S.MAC ARP

Dest IP: 10.0.0.3
FF-FF-FF-FF-FF-FF Source IP: 10.0.0.1
Dest MAC: FF-FF-FF-FF-FF-FF
00-01-02-03-04-AA Source MAC: 00-01-02-03-04-AA
Operation Code: Request
• If ARP mapping is not in the local cache, source will generate an ARP request
message and broadcast it.

ARP Reply Process

Host B
10.0.0.2
00-01-02-03-04-BB
Host A Host C
10.0.0.1 10.0.0.3
00-01-02-03-04-AA 00-01-02-03-04-CC
Host C>arp -a
Internet address Physical address Type
10.0.0.1 00-01-02-03-04-AA Dynamic
• ARP request is received by all devices in the network and they compare the destination IP with
their own IP address; if match fails, it is dropped.
• The correct destination host accepts the packet and sends an ARP reply.
• The destination will update its local ARP cache, since it may need to contact the sender.

ARP Reply Process

Host B
10.0.0.2
00-01-02-03-04-BB
Host A Host C
10.0.0.1 10.0.0.3
00-01-02-03-04-AA 00-01-02-03-04-CC
D.MAC S.MAC ARP

Dest IP : 10.0.0.1
Source IP : 10.0.0.3
00-01-02-03-04-AA Dest MAC : 00-01-02-03-04-AA
00-01-02-03-04-CC Source MAC : 00-01-02-03-04-CC
Operation Code: Reply
• Destination device send unicast ARP reply message.

ARP Cache
Host B
10.0.0.2
00-01-02-03-04-BB
Host A Host C
10.0.0.1 10.0.0.3
00-01-02-03-04-AA 00-01-02-03-04-CC
Host A>arp -a
10.0.0.3 00-01-02-03-04-CC Dynamic
• The source will receive and process the ARP reply and saves the sender’s
MAC.

Gratuitous ARP
IP: 10.0.0.1/24
MAC: 00-01-02-03-04-AA
Host A
D.MAC S.MAC ARP

Dest IP : 10.0.0.1
Source IP : 0.0.0.0
FF-FF-FF-FF-FF-FF
Dest MAC : 00-00-00-00-00-00
00-01-02-03-04-AA Source MAC : 00-01-02-03-04-AA
 Duplicate IP addresses may be assigned in a single IP network.
 ARP can be used to discover IP address conflicts.

Summary
 Prior to generating an ARP request, what action must be taken by an
end station?
 When are gratuitous ARP messages generated and propagated on
the local network?

Transport Layer Protocols
TCP
• Transmission Control Protocol (TCP) is a connection-
oriented, reliable protocol.
• TCP explicitly defines connection establishment, data transfer,

and connection teardown phases to provide a connection-
oriented service.
• To achieve reliability goal, TCP uses:

– Checksum (for error detection),
– Retransmission of lost or corrupted packets,
– Acknowledgments, and timers.
– Full-Duplex
– Reliable Delivery (Acknowledgement)
– Flow Control
Transmission Control Protocol
Host A TCP Connection Host B
Request Reply
A connection is established before data is sent.

TCP Ports
Host A HTTP Server
S:1027 D:80 Data S:80 D:1027 Data
Protocol Port
FTP 20 - 21
HTTP 80
TELNET 23
SMTP 25
Ports represent individual services such as those listed above.

TCP Header
IP TCP Header Data
0 15 31
Source Port Destination Port
Sequence Number
20bytes Acknowledge Number
Header NC E U A P R S F
Resv. S W C R C S S Y I Window
Length R E GK HT N N
Checksum Urgent Pointer
Options Padding

TCP Connection Establishment

Host A Server A
 A TCP connection is established after a three-way handshake.

TCP Transmission Process

Host A Server A
Send 1,2,3
Acknowledge 4
Send 4,5,6
Acknowledge 4
Send 4,5,6

TCP Flow Control
Host A Server A

TCP Connection Termination
Host A Server A
Closed
 Host A will ensure ACK is received by Server A before closing.

User Datagram Protocol

Host A Host B
Request Reply
• UDP based data is sent without establishing a connection.

• Operates at Transport Layer of OSI and TCP/IP model.
• Provides application access to the Network Later without the overhead of reliability
mechanisms.
• Multiplexing
• Simplest end-to-end protocol.
• Connection-less
• Provides Best-Effort Service
• No Data-Recovery Feature
• Unreliable
• It does not add anything to the services of IP except for providing process-to-
process communication instead of host-to-host communication.
UDP Datagram Format

IP UDP Data
0 15 16 31
Source port Destination port

8 bytes
Length Checksum
• UDP achieves minimal overhead for each datagram.
• Datagram delivery is not guaranteed with UDP.

• UDP packets, called user datagrams, have a fixed-size header of 8 bytes:
• Source and Destination port numbers.
• Total length of the user datagram, header plus data.
• Last field is optional checksum field.

UDP Forwarding Behavior
Host A Host B
 UDP susceptible to the possibility of datagram duplication or

non-orderly delivery of datagrams.

UDP Forwarding Behavior
Host A Host B
Voice/Video
Packet Loss
 There are no acknowledgements, therefore lost packets are not

retransmitted, this however is beneficial to delay sensitive data.

Complete Picture
UDP in IP

Data Forwarding Scenario
Scenario Introduction
Host A Server A
RTA RTB
10.1.1.1/24 Internet 172.16.10.1/24
Host B
Server B
10.1.1.2/24 172.16.10.2/24
 Data forwarding may be local (Same Network) or remote (Different Network),

however the general forwarding process is the same.

Path Discovery
Network/Mask Gateway Interface

0.0.0.0/0 10.1.1.254 10.1.1.1
10.1.1.0/24 - 10.1.1.1
Host A Server A
RTA RTB
10.1.1.1/24 G0/0/0 Internet 172.16.10.1/24
10.1.1.254/24
Host B Server B
10.1.1.2/24 172.16.10.2/24
 Host A must have knowledge of a path to the destination.

ARP
Host A Host A> arp -a
10.1.1.254 00-01-02-03-04-08 Dynamic
10.1.1.2 00-01-02-03-04-06 Dynamic
10.1.1.1/24 RTA
00-01-02-03-04-05
G0/0/0
Host B 10.1.1.254/24 Internet
00-01-02-03-04-08
10.1.1.2/24
00-01-02-03-04-06
 The ARP cache table is used to discover the data link next-hop.
 An unknown next-hop will generate an ARP request.

TCP Encapsulation
Host A
Segment
TCP Data (If Applicable) Transport
Network
Source Port Destination Port
Sequence Number
Data Link
Acknowledgement Number
Header N C E UA P RS F
Resv. S W C R C S S Y I Window
Length R E GK H T N N Physical
Options Padding
 Encapsulation is performed once path is confirmed.

IP Encapsulation
Host A
Packet (Datagram)
IP TCP Data (If Applicable) Transport
Network
Version Header DS Field Total Length
Length
Identification Flags Fragment Offset Data Link
Time to Live Protocol Header Checksum

Physical
Source IP Address
Destination IP Address
IP Options

Ethernet Framing
Host A
Frame
Transport
Ethernet IP TCP Data FCS

Network
D.MAC S.MAC Type Data Link
D.MAC S.MAC Length LLC SNAP Physical
 Frame type is dependant on the encapsulated protocols.
 IP is the upper layer protocol, so the Ethernet II frame is used.

Frame Forwarding
Host A
D.MAC(48bits) SFD(8 bits) Preamble(56 bits)
1…0100 11010101 010101010101010101…
 Data link layer uses carrier sense to detect for existing traffic.
 Preamble and SFD used to synchronize with forwarded frame.

Frame Processing
Host A
Error Check
FCS Data Ethernet II SFD Preamble
RTA
DESTINATION MAC
G0/0/0
Host B 00-01-02-03-04-08
TYPE
0x0800
 Frame will be received by all in the same collision domain.
 Only the gateway (RTA) will process the frame.

Packet Processing
Ver HL DS Total Length

Identification Flag
Offset
TTL
Protocol Checksum
Source IP: 10.1.1.1
Dest IP: 172.16.10.1 Destination/Mask Interface
IP Options 172.16.10.0/24 G0/0/1
RTA
Data IP
10.1.1.254/24 G0/0/0 G0/0/1
 Destination IP is checked against the address of the gateway.
 A new frame header is constructed following discovery process.

Frame Decapsulation
Server A
RTB
172.16.10.1/24
08-07-06-05-04-AA
G0/0/1 Server B
172.16.10.2/24
08-07-06-05-04-BB
D.MAC S.MAC Type(0x0800)
 Frame is forwarded with destination MAC address of Server A.
 Server A compares interface MAC to frame destination MAC.

Packet Decapsulation
Server A
Data (If Applicable) IP
RTB 172.16.10.1/24 Header

08-07-06-05-04-AA Ver. Length DS Field. Total Length
Identification Flags Fragment Offset

G0/0/1
Server B Header
TTL Protocol: 0x06
Checksum
Source IP: 10.1.1.1
Destination IP: 172.16.10.1
172.16.10.2/24 IP Options
08-07-06-05-04-BB
 Server A compares own IP to destination address of IP header.
 IP header is processed and discarded, data is directed to TCP.

Segment Decapsulation
Server A
Data (If APL) TCP
RTB 172.16.10.1/24
02-03-04-05-06-AA Source Port: 1027 Destination Port: 80
Sequence Number
G0/0/1
Server B Acknowledgement Number
Header N C E UA P R S F
Length Resv. S W C R C S S Y I Window
R E GK H T N N
172.16.10.2/24
02-03-04-05-06-BB Options Padding
 TCP header builds connection with the service at port 80.
 Parameters within the TCP header used to manage connection.

Summary
 What information is required before data can be encapsulated?
 What happens when a frame is forwarded to a destination to which it is not

intended?
 How does the data in the frame ultimately reach the application it is intended
for?
 When multiple sessions of the same application are active (e.g. multiple web
browsers), how does the return data reach the correct session?

HCNA 4 (ICMP +ARP +transport Layer)

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

HCNA 4 (ICMP +ARP +transport Layer)

Uploaded by

Copyright:

Available Formats

Internet Control Message

• Integral part of internet.

• Feedback Protocol of Internet: routing, diagnostics and errors.

• The purpose of these control messages is to provide feedback about

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

Ethernet_II IP ICMP FCS

Type Code Checksum

Variable Parameters – Dependant on ICMP Type Field

 ICMP parameters are represented in a type/code format.

 Additional data often carried to identify the undelivered packet.

ICMP Type & Code Fields

Type Code Description

5 0 Redirect Datagram for the Network

 The Type value represents the format of a message.

 The Code value provides a more specific message description.

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

ICMP Echo Request ICMP Echo Reply

 Commonly associated with the Ping application.

ICMP Destination Unreachable

 Notifies the packet source of problems with packet forwarding.

 Uses the source IP address in the IP header for notification.

ICMP Applications - Ping

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

--- 10.0.0.2 ping statistics ---

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

ICMP Application – Traceroute

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

traceroute to 30.0.0.2(30.0.0.2), max hops:30, packet length:40,

 Traceroute displays hop-by-hop transmission results.

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

ETH_II IP DATA FCS

Dest MAC : UNKNOWN

Address Resolution Protocol

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

Ethernet_II ARP FCS

Hardware Type Protocol Type

Hardware Protocol Length Operation Code

Source Hardware Address

Source Protocol Address

Destination Hardware Address

Destination Protocol Address

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

 Host A wishes to forward data to Host C, but must identify whether it is

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

ARP Cache Lookup

Internet Address Physical Address Type

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

ARP Request Process

D.MAC S.MAC ARP

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

ARP Reply Process

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

ARP Reply Process

D.MAC S.MAC ARP

• Destination device send unicast ARP reply message.

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

D.MAC S.MAC ARP

 Duplicate IP addresses may be assigned in a single IP network.

 ARP can be used to discover IP address conflicts.

Ghulam Ishaq Khan Institute of Engineering Sciences and Technology, Topi

• TCP explicitly defines connection establishment, data transfer,

• To achieve reliability goal, TCP uses: