Ismaeel Laith Fahmi

Ministry of Higher Education and Scientific research
Al-Iraqia University
Engineering College
Network Engineering Department
(Internet Control Message Protocol)
An Assignment Submitted to the Department of Networks Engineering in Partial

Fulfilment for the Requirements of the Success Degree in Network Protocols course for
the Fourth year
By
Ismaeel Laith Fahmi
Supervised By
Assoc. Prof. Dr. Satea H. Alnjjar
2020-2021
Internet Control Message Protocol Network Protocols
Internet Control Message Protocol
1. Introduction:
ICMP is a transport level protocol within TCP/IP which communicates

information about network connectivity issues back to the source of the
compromised transmission. It sends control messages such as destination
network unreachable, source route failed, and source quench. It uses a data
packet structure with an 8-byte header and variable-size data section. For
example, if a datagram is not delivered, ICMP might report this back to the
host with details to help discern where the transmission went wrong. It's a
protocol that believes in direct communication in the workplace.
2. Objective:
In this experiment we aim to do ping and tracert commands on the windows

command prompt application and sniff their packets using the Wireshark
packet analyzer.
3. Theory:
We performed this experiment to see and learn what ICMP messages

generated using the Ping / Tracert commands, what is the format / contents
of an ICMP message and what is the idea of using these commands for
troubleshooting network problems.
4. Procedure:
• ICMP and Ping

a) Begin by opening the Windows Command Prompt application. As shown in
Figure below.
Page | 1
b) Start up the Wireshark packet sniffer, as described in the introductory

Wireshark lab and begin Wireshark packet capture.
c) Now go back to the Windows Command Prompt and enter “ping –n 10

www.ust.hk” (without quotation marks).
Page | 2
d) After the ping command terminates, stop the Wireshark packet capture.
e) Now filter the captured packets to only ICMP by typing icmp in the filter
bar.
f)
Page | 3
f) Press Enter to apply the filter.
g) As we can see, there are 20 packets, 10 of them belongs to ping queries sent
by the source and the other ten belongs to the ping responses received by the
source. Also note that the source’s IP address is private address which is
172.29.2.20; the destination’s IP address is that of the Web server at HKUST
which is 143.89.12.134 .
Page | 4
• ICMP and Traceroute

a) Begin again by opening the Windows Command Prompt application. As
shown in Figure below.
b) Start up the Wireshark packet sniffer, as described in the introductory

Wireshark lab and begin Wireshark packet capture.
Page | 5
c) Now go back to the Windows Command Prompt and enter “tracert

www.inria.fr” (without quotation marks).
d) After the ping command terminates, stop the Wireshark packet capture.
e) Now filter the captured packets to only ICMP by typing icmp in the filter
bar.
f)
Page | 6
g) Press Enter to apply the filter.
5. Discussion: (Ping / Traceroute)
a) What is the IP address of your host? What is the IP address of the destination
host?
• The IP address of my host: 172.29.2.20
• The IP address of the destination host: 143.89.12.134
Page | 7
b) Why is it that an ICMP packet does not have source and destination port
numbers?
• Unlike TCP or UDP, ICMP has no source or destination ports, and no
other protocols layered on top of it. Instead, there is a set of defined
ICMP message types/codes; the particular type/code used dictates the
interpretation of the rest of the ICMP packet. It does not have source and
destination port numbers because it was designed to communicate
network-layer information between hosts and routers, not between
application layer processes.
c) Examine one of the ping request packets sent by your host. What are the
ICMP type and code numbers? What other fields does this ICMP packet
have? How many bytes are the checksum, sequence number and identifier
fields?
• As shown in the figure above, ICMP type: 8; ICMP code: 0.
• This ICMP packet also have checksum, identifier, sequence number, and
data fields.
Page | 8
• The checksum, sequence number and identifier fields each one is two
bytes.
d) Examine the corresponding ping reply packet. What are the ICMP type and
code numbers? What other fields does this ICMP packet have? How many
bytes are the checksum, sequence number and identifier fields?
• ICMP type: 0; ICMP code: 0.
• As the request packet This ICMP packet also have checksum, identifier,
sequence number, and data fields.
• The checksum, sequence number and identifier fields each one is two
bytes.
e) What is the IP address of your host? What is the IP address of the target
destination host?
• The IP address of my host: 172.29.2.20
Page | 9
• The IP address of the destination host: 128.93.162.83
f) If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol
number still be 01 for the probe packets? If not, what would it be?
• No, it would not. It would be 0x11.
g) Examine the ICMP echo packet in your screenshot. Is this different from the
ICMP ping query packets in the first half of this lab? If yes, how so?
• The ICMP echo packet has similar fields as the ping query packets.
Page | 10
h) Examine the ICMP error packet in your screenshot. It has more fields than
the ICMP echo packet. What is included in those fields?
• It includes the IP header and the first 8 bytes of the original ICMP packet
that cause the error.
i) Examine the last three ICMP packets received by the source host. How are
these packets different from the ICMP error packets? Why are they
different?
• The last three ICMP packets that received by the source host are message
type 0 (echo reply) rather than 11 (TTL expired). They are different because
the datagrams have made it all the way to the destination host before the
TTL expired.
As the figure next page:
Page | 11
j) Within the tracert measurements, is there a link whose delay is significantly

longer than others? Refer to the screenshot in Figure 4, is there a link whose
delay is significantly longer than others? On the basis of the router names,
can you guess the location of the two routers on the end of this link?
• As the question told me to use figure 4, my answer will be on it.
• There is a link has a longer than others between steps 11 and 12. This is a
transatlantic link from New York to Aubervilliers, France. In figure 4 from
the lab, the link is from New York to Pasteurella, France.
Page | 12

Ismaeel Laith Fahmi - ICMP

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Ismaeel Laith Fahmi - ICMP

Uploaded by

Copyright:

Available Formats

Ministry of Higher Education and Scientific research

(Internet Control Message Protocol)

An Assignment Submitted to the Department of Networks Engineering in Partial

Assoc. Prof. Dr. Satea H. Alnjjar

Internet Control Message Protocol

ICMP is a transport level protocol within TCP/IP which communicates

In this experiment we aim to do ping and tracert commands on the windows

We performed this experiment to see and learn what ICMP messages

• ICMP and Ping

b) Start up the Wireshark packet sniffer, as described in the introductory

c) Now go back to the Windows Command Prompt and enter “ping –n 10

f) Press Enter to apply the filter.

• ICMP and Traceroute

b) Start up the Wireshark packet sniffer, as described in the introductory

c) Now go back to the Windows Command Prompt and enter “tracert

g) Press Enter to apply the filter.

5. Discussion: (Ping / Traceroute)

• The IP address of the destination host: 128.93.162.83

As the figure next page:

j) Within the tracert measurements, is there a link whose delay is significantly

You might also like