Professional Documents
Culture Documents
Al-Iraqia University
Engineering College
Network Engineering Department
By
Supervised By
2020-2021
Internet Control Message Protocol Network Protocols
1. Introduction:
2. Objective:
3. Theory:
4. Procedure:
Page | 1
Internet Control Message Protocol Network Protocols
Page | 2
Internet Control Message Protocol Network Protocols
d) After the ping command terminates, stop the Wireshark packet capture.
e) Now filter the captured packets to only ICMP by typing icmp in the filter
bar.
f)
Page | 3
Internet Control Message Protocol Network Protocols
g) As we can see, there are 20 packets, 10 of them belongs to ping queries sent
by the source and the other ten belongs to the ping responses received by the
source. Also note that the source’s IP address is private address which is
172.29.2.20; the destination’s IP address is that of the Web server at HKUST
which is 143.89.12.134 .
Page | 4
Internet Control Message Protocol Network Protocols
Page | 5
Internet Control Message Protocol Network Protocols
d) After the ping command terminates, stop the Wireshark packet capture.
e) Now filter the captured packets to only ICMP by typing icmp in the filter
bar.
f)
Page | 6
Internet Control Message Protocol Network Protocols
a) What is the IP address of your host? What is the IP address of the destination
host?
• The IP address of my host: 172.29.2.20
• The IP address of the destination host: 143.89.12.134
Page | 7
Internet Control Message Protocol Network Protocols
b) Why is it that an ICMP packet does not have source and destination port
numbers?
• Unlike TCP or UDP, ICMP has no source or destination ports, and no
other protocols layered on top of it. Instead, there is a set of defined
ICMP message types/codes; the particular type/code used dictates the
interpretation of the rest of the ICMP packet. It does not have source and
destination port numbers because it was designed to communicate
network-layer information between hosts and routers, not between
application layer processes.
c) Examine one of the ping request packets sent by your host. What are the
ICMP type and code numbers? What other fields does this ICMP packet
have? How many bytes are the checksum, sequence number and identifier
fields?
• As shown in the figure above, ICMP type: 8; ICMP code: 0.
• This ICMP packet also have checksum, identifier, sequence number, and
data fields.
Page | 8
Internet Control Message Protocol Network Protocols
• The checksum, sequence number and identifier fields each one is two
bytes.
d) Examine the corresponding ping reply packet. What are the ICMP type and
code numbers? What other fields does this ICMP packet have? How many
bytes are the checksum, sequence number and identifier fields?
• ICMP type: 0; ICMP code: 0.
• As the request packet This ICMP packet also have checksum, identifier,
sequence number, and data fields.
• The checksum, sequence number and identifier fields each one is two
bytes.
e) What is the IP address of your host? What is the IP address of the target
destination host?
• The IP address of my host: 172.29.2.20
Page | 9
Internet Control Message Protocol Network Protocols
f) If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol
number still be 01 for the probe packets? If not, what would it be?
• No, it would not. It would be 0x11.
g) Examine the ICMP echo packet in your screenshot. Is this different from the
ICMP ping query packets in the first half of this lab? If yes, how so?
• The ICMP echo packet has similar fields as the ping query packets.
Page | 10
Internet Control Message Protocol Network Protocols
h) Examine the ICMP error packet in your screenshot. It has more fields than
the ICMP echo packet. What is included in those fields?
• It includes the IP header and the first 8 bytes of the original ICMP packet
that cause the error.
i) Examine the last three ICMP packets received by the source host. How are
these packets different from the ICMP error packets? Why are they
different?
• The last three ICMP packets that received by the source host are message
type 0 (echo reply) rather than 11 (TTL expired). They are different because
the datagrams have made it all the way to the destination host before the
TTL expired.
Page | 11
Internet Control Message Protocol Network Protocols
Page | 12