Guide to TCP/IP, Fourth Edition 5-1

Solution Manual for Guide to TCP IP 4th Edition

Carrell Chappell Tittel Pyles 1133019862
9781133019862
Full download link at:
Solution manual: https://testbankpack.com/p/solution-manual-for-guide-to-
tcp-ip-4th-edition-carrell-1133019862-9781133019862/
Test bank: https://testbankpack.com/p/test-bank-for-guide-to-tcp-ip-4th-
edition-carrell-1133019862-9781133019862/

Chapter 5
Internet Control Message Protocol (ICMP)

At a Glance

 Overview

 Objectives

 Teaching Tips

 Quick Quizzes

 Class Discussion Topics

 Additional Projects

 Additional Resources

 Key Terms

 Technical Notes for Hands-On Projects

1
Guide to TCP/IP, Fourth Edition 5-2

Lecture Notes

Overview
Although IP is certainly the best-known Network layer protocol in the TCP/IP
family, it’s by no means the only such protocol. This chapter covers Internet
Control Message Protocol (ICMP), an important error-handling and information-
handling protocol that is an integral part of the TCP/IP suite of protocols, which
also operates at the Network layer. This chapter starts with an overview of the
various roles ICMP can play, next describes its capabilities, packet layouts, and
field formats, and then explains how ICMP handles report errors, delivery errors,
path discovery, Path Maximum Transmission Unit (MTU) Discovery, and other
routing-related functions.

Chapter Objectives
 Explain the basics of the Internet Control Message Protocol (ICMP) and the roles
it plays on networks
 Describe the specifications listed in RFC 792, which define the original ICMPv4
protocol, including its header format and the different types and formats of
ICMPv4 messages
 Provide a basic overview of the ICMPv6 protocol, covering its header format and
the different types and formats of ICMPv6 messages, including how error
messages and informational message types are organized
 List the details of the different ICMPv6 error messages, including those that
existed in ICMPv4 and have been upgraded as well as message types that were
newly created for ICMPv6
 Describe the intricacies of all the different ICMPv6 informational messages,
including those that existed under ICMPv4 and have been upgraded and those that
have been newly created for use in ICMPv6
 Understand the general differences between ICMPv4 and ICMPv6
 Explain how Path MTU Discovery operates between IPv4 nodes, including the
involvement of default packet MTUs, packet fragmentation, and the effect of a
packet being marked for no fragmentation relative to ICMPv4 messaging
 Describe how Path MTU Discovery has been changed for IPv6 and the associated
changes to ICMPv6 messages for this technology
 Describe the various processes for testing and troubleshooting with ICMP,
including the use of network utilities such as Ping, Traceroute, and Pathping as
well as routing sequences and security issues
 Explain network protocol analyzer data and use the data to decode ICMPv4 and
ICMPv6 packets in order to understand their versions, types, sequencing, and
other information

2
Guide to TCP/IP, Fourth Edition 5-3

Teaching Tips
ICMP Basics
1. If ICMP was part of a mechanic’s took kit, it would be a screwdriver or a wrench.
If it was part of a cook’s utensils, it would be a measuring cup or a stirring spoon.
It’s that basic. Without the ability to use ICMP utilities like Ping and Traceroute,
it would be extremely difficult to do any maintenance work on a network,
especially with any speed.

2. Recall for your students that ICMP is not only part of the OSI Network layer, but
part of the Internet layer of the TCP/IP stack. You might want to have the students
briefly revisit a comparison between the two protocol stacks as a refresher.

3. Also remember that ICMP is a specialized part of IP and not a separate entity.
We are not studying a separate protocol, but a subset of a large, multifaceted
protocol; one that the Internet and Ethernet LANs could not exist without.

Teaching For more information and useful links regarding ICMP visit:
Tip http://www.networksorcery.com/enp/protocol/icmp.htm.

Roles That ICMP Plays on IP Networks

1. Use Table 5-1 to explain the ICMP message types and their uses on IP networks.
The first two message types are most often what users and most technicians think
of when they consider ICMP message types. Note that all the message types are
related to routing.

ICMPv4
1. ICMP is a core protocol in the IP suite, originally specified in April 1981 by RFC
777, which was obsoleted the following September by RFC 792. Computer
operating systems use ICMPv4 primarily to send certain error messages to other
networked nodes. Although ICMPv4 may not be known to average computer
users, its most common manifestation—the ping command—is widely used to test
the connection between one computer and another, even by those who may
otherwise know very little about networking.

3
Guide to TCP/IP, Fourth Edition 5-4

Overview of RFC 792

1. Note that although RFC 792 was published in 1981, it defines the primary
functions of, and blueprints for, ICMP messages to this day.

Quick Quiz 1
1. ____________________ occurs when network traffic starts to exceed handling
capacities.
Answer: Network congestion

2. ____________________ permits a gateway (router) on a non-optimal route

between sender and receiver to redirect traffic to a more optimal path.
Answer: ICMP Redirect

3. True or False: ICMP’s job is to provide a variety of information about IP routing

behavior, reachability, routes between specific pairs of hosts, delivery errors, and
so forth.
Answer: True

4. True or False: ICMP reports errors only about processing of non-ICMP IP

datagrams.
Answer: True

ICMPv4 Header
1. In this section, we cover each portion of the header structure, the functions of the
various ICMP packet types, and provide examples of ICMP query and error
messages found on the network.

Constant ICMP Fields

1. ICMP packets contain only three required fields after the IP header: Type, Code,
and Checksum. In some ICMP packets, however, there are additional fields that
provide information or details about the message, or message-specific
information.

Types of ICMPv4 Messages

1. There are many ICMP message types, but they fall into two general categories:
error messages and informational messages. All ICMPv4 messages use a common
message format and are sent and received using a simple set of protocol rules.

4
Guide to TCP/IP, Fourth Edition 5-5

2. Explain that the Destination Unreachable message is returned to the source node
when a packet that was sent could not be delivered to the destination address. The
sender can then use this information to decide how to correct the problem.

3. Mention that the Source Quench message is used to tell the source node to reduce
the rate of speed at which it sends packets to the destination node. The source
node responds by slowing down the transmission rate until it stops receiving
Source Quench messages.

4. Explain that the Time Exceeded message is sent in two circumstances. The first is
when a packet’s Time to Live (TTL) field is decremented to zero by routers on
the network before the packet reaches its destination. The second is when some of
the fragments of a message do not reach the destination node by the time the
node’s reassembly timer reaches zero.

5. Explain that routers send ICMP Redirect messages to hosts to indicate that a
preferable route exists.

6. Mention that the Parameter Problem message is a “generic” error message that
can be sent back to the source node by any device on the network when that
device detects an error in any header field in an IP packet.

7. Explain that the Echo Request and Echo Reply messages are used for connectivity
testing between network nodes. The most common implementation of these
messages is with the use of the Ping utility.

8. Mention that routers use the Timestamp Request and Timestamp Reply pair of
messages on a network to synchronize their system clocks for date and time. This
method of time synchronization does not work very well on large networks,
particularly the Internet.

9. Mention that the Router Advertisement and Router Solicitation pair of messages
allows a network node not manually configured with the address of a first-hop
router to ask for and receive information about routers on the local network.

10. Explain that the Address Mask Request and Address Mask Reply pair of
messages is used to supply subnet mask information about other computers on the
network to the node sending the Address Mask Request.

11. Explain that the Traceroute message type is similar to Echo Request and Echo
Reply messages except that instead of just testing for basic connectivity, this
ICMPv4 message traces the exact sequence of routers used to send a packet from
the source to the destination node on a hop-by-hop basis.

5
Guide to TCP/IP, Fourth Edition 5-6

The Variable ICMP Structures and Functions

1. Figures 5-2 and 5-3 in the text are reminders why the students are being asked to
learn about ICMP packet fields and functions. The information has a practical
application when monitoring and troubleshooting networks with a protocol
analyzer such as Ethereal.

Two articles, “How to Use TRACERT to Troubleshoot TCP/IP Problems in

Teaching Windows” and “How to Troubleshoot TCP/IP Connectivity with Windows” can
Tip be found at http://support.microsoft.com. Just search for “TRACERT,” and
review the resulting links.

Quick Quiz 2
1. ICMP packets contain only three required fields after the IP header: Type, Code,
and ____________________.
Answer: Checksum

2. The ____ field identifies types of ICMP messages that can be sent on the network.
Answer: Type

3. True or False: The Code field provides error detection for the ICMP header only.
Answer: False

4. ICMP Type ____________________ is used for Echo Reply packets.

Answer: 0

ICMPv6
1. ICMPv6 provides the same basic mechanism for error reporting and information
exchange between networked devices as ICMPv4. The specifications for ICMPv4
are over 30 years old, and a new version of ICMP is required for modern network
messaging requirements. ICMPv6 message types still fall into two main groups:
error messages and informational messages. However, the message types in these
categories have changed, some of them significantly.

Overview of ICMPv6

1. ICMPv6 was originally specified by RFC 1885, which was then made obsolete by
RFC 2463. The current specification is RFC 4443, “Internet Control Message
Protocol (ICMPv6) for Internet Protocol Version 6 (IPv6) Specification.”

6
Guide to TCP/IP, Fourth Edition 5-7

ICMPv6 is described as having message types and message type formats updated
for use with the IPv6 protocol.

Types of ICMPv6 Messages

1. Use Table 5-9 to describe all different types of ICMPv6 messages.

ICMPv6 Header

1. RFC 4443 describes the general format of ICMPv6 messages. Specific message
types may have their own unique formatting beyond what is illustrated here. An
IPv6 header and potentially one or more extension headers will come before the
ICMPv6 message. The Next Header value for the ICMPv6 header is 58 in the
immediately preceding header. Figure 5-20 shows the general format of the
ICMPv6 message header.

ICMPv6 Error Messages

1. Mention that ICMPv6 error messages fall into a range from 0 to 127, and those
Type values are all defined in RFC 4443.

Destination Unreachable Messages

1. When a packet cannot be delivered to its destination for various reasons, such as
the packet containing an invalid destination address, the router encountering this
packet will send a Destination Unreachable message back to the source node.

2. Once the source node receives the Destination Unreachable message, the node is
responsible for deciding a response.

Packet Too Big Messages

1. Explain that this new ICMPv6 error message type is required because of how
IPv6 manages data fragmentation and reassembly.

Time Exceeded Messages

1. This message type is substantially similar to its ICMPv4 counterpart. A Time

Exceeded message can be sent back to the source node if the packet exceeds the
value in its Hop Limit field prior to being delivered to the destination node.

7
Guide to TCP/IP, Fourth Edition 5-8

Parameter Problem Messages

1. Like their ICMPv4 counterparts, ICMPv6 Parameter Problem messages are

considered “generic” messages as opposed to ones that respond to a specific error.
This message type is sent to the source node when some kind of problem with a
packet has been encountered in one of the packet’s fields or parameters in the
IPv6 header. Use Table 5-12 to show the Parameter Problem message format
fields.

ICMPv6 Informational Messages

1. Type codes for informational messages exist in the 128–255 range (see Table 5-9
for details) and include a long list of message types specified by multiple RFC
documents.

2. Mention that as with ICMPv4 informational message types, ICMPv6 messages

are not used to report errors but to provide information to the source node
regarding some test, support, or diagnostic function being performed between
nodes on the IPv6 network.

Echo Request and Echo Reply Messages

1. Explain that the Echo Request and Echo Reply messages are specified in RFC
4443 and perform a basic connectivity test.

Router Advertisement and Router Solicitation Messages

1. Router discovery in IPv6 works similarly to router discovery in IPv4 except that
the router discovery function has been integrated into the Neighbor Discovery
(ND) protocol and has become part of a suite of discovery utilities that are used
between network nodes and routers.

Neighbor Solicitation and Neighbor Advertisement Messages

1. Neighbor Solicitation and Neighbor Advertisement messages are specified in

RFC 4861 and are part of the IPv6 Neighbor Discovery protocol. IPv6 network
nodes send Neighbor Solicitations in order to request the link-layer address of a
target node and, at the same time, send the target node their own link-layer
address.

8
Guide to TCP/IP, Fourth Edition 5-9

Redirect Messages

1. Specified by RFC 4861 in its ICMPv6 implementation, Redirect messages were

considered error messages under ICMPv4. These messages don’t actually
describe an error but rather provide the information to a network node that it
needs to change which router it is using on the local link to send messages to a
particular destination.

Router Renumbering Messages

1. Router Renumbering for IPv6 is specified in RFC 2894 and allows address
prefixes on routers to be configured and reconfigured with the ease of Neighbor
Discovery and Address Autoconfiguration for network nodes. This allows
administrators to update the prefixes used and advertised by IPv6 routers
throughout a site.

A Short Comparison of ICMPv4 and ICMPv6 Messages

1. ICMPv4 and ICMPv6 perform the same basic functions; however, ICMPv6
provides added functionality. Describe general message types common to both
implementation and those new in ICMPv6.

Quick Quiz 3
1. True or False: Data for Echo Request messages may consist of one or more octets
of arbitrary data.
Answer: False

2. IPv6 network nodes send in ____________________ order to request the link-

layer address of a target node.
Answer: Neighbor Solicitations

3. ICMPv6 Router Renumbering takes advantage of the vast

____________________-bit IPv6 address space.
Answer: 128

4. True or False: The principal difference between these two versions of the ICMP
protocol is the integration of different messaging types under the ICMPv6
protocol.
Answer: True

9
Guide to TCP/IP, Fourth Edition 5-10

Path MTU Discovery

1. Path MTU (PMTU) Discovery in IPv4 networks allows routers to notify nodes via
ICMPv4 messages if they need to change the MTU size of the packets they are
sending via ICMPv4 messages.

2. Each PMTU is made up of a number of links between the source and destination
node, and each link can have a different MTU size. The PMTU is the size of the
smallest MTU for an individual link.

Teaching For additional information about PMTU Discovery, visit:

Tip http://www.netheaven.com/pmtu.html.

Changes to PMTU

1. IPv6 MTU sizing and fragmentation have been updated to improve the efficiency
and quality of sending and receiving network traffic. One way this was achieved
was by setting the default MTU for packets to 1280 bytes. Another method was to
eliminate fragmentation of packets once they’ve been sent from the source node.
IPv6 routers are unable to fragment packets in transit. If a packet needs to be
fragmented in order to be delivered to the destination, the source node must
perform this task.

Testing and Troubleshooting Sequences for ICMP

1. ICMP’s most common uses are testing and troubleshooting. Two of the most
well-known utilities, Ping and Traceroute, rely on ICMP to perform connectivity
tests and path discovery.

Connectivity Testing with Ping

1. There are times when network troubleshooting and security will clash. Once, a
Cisco technician was trying to diagnose a problem on a switch. He was able to
ping the switch, but the switch could not ping the technician’s laptop when
commanded to do so over the console connection. Then, the tech realized that he
had the built-in firewall feature on his Windows XP Professional laptop turned on
and the firewall was configured to block ICMP echo replies. Remind your
students that sometimes what we think of as a problem on the network can be a
detail that we have neglected to take into account.

10
Guide to TCP/IP, Fourth Edition 5-11

2. Regarding Ping command-line parameters, the –t parameter will allow you to

send an endless series of echo packets to hosts. The stream will not self-terminate
and the user must use the key combination CNTL + C to stop the packet stream.

3. You and your students may recall seeing the –l parameter mentioned in Chapter 3.

Path Discovery with Traceroute

1. Remember that Traceroute is a TCP/IP utility. The Windows version is called

Tracert. You will find the Traceroute command used commonly on the command
line of routers.

Path Discovery with Pathping

2. The text briefly mentions pathping here and refers the reader to Appendix C. For
more information on this utility, go to www.windowsitpro.com/. In the
“InstantDoc” window near the top of the page, enter “15736” and click “go,”
which will take you to the article “Pathping: Traceroute on Steroids.”

Path MTU Discovery with ICMP

1. RFC 1191, “Path MTU Discovery,” defines a method for discovering a Path MTU
(PMTU) using ICMP.

2. PMTU Discovery enables a source to learn the currently supported MTU across
an entire path, without requiring fragmentation.

3. Use Figure 5-31 and Tables 5-17 and 5-18 to describe PMTU.

Routing Sequences for ICMP

1. ICMP’s most common uses are testing and troubleshooting. Two of the most
well-known utilities, PING and TRACEROUTE, rely on ICMP to perform
connectivity tests and path discovery.

Router Discovery

1. Hosts that would not use Router Discovery either have the default gateway
manually configured on the local computer, or the default gateway is manually
configured on a DHCP (Dynamic Host Configuration Protocol) server that is
handing out that information to hosts configured to accept DHCP network settings
along with IP addresses, subnet masks, and DNS primary and (optional)
secondary servers.

11
Guide to TCP/IP, Fourth Edition 5-12

2. ICMP Router Solicitation usually occurs upon boot with the computer sending out
a router multicast requesting the IP address of the router interface of the default
gateway.

Router Advertising

1. Some routers can be configured to send periodic ICMP Router Advertisement

packets. These periodic ICMP Router Advertisements do not mean that ICMP is a
routing protocol. They simply allow hosts to passively learn about available
routes.

Redirection to a Better Router

1. Even though a router will send a message back to the host giving the IP address of
a better router, it will still forward the originally sent packet to its destination.

2. There is a major drawback to redirection. Let’s say your default gateway forwards
your message to the next hop router. The next hop router may know of a third
router that would be a better choice and sends the redirection message back to the
sending host. The default gateway does not get this information, and although the
host can then amend its routing table to include the third router, the default
gateway will still be unaware of this and may continue to send packets through
the same next hop router it began to use.

Security Issues for ICMPv4

1. The text mentions that some companies “limit the amount of ICMP traffic that
flows through their networks.” One of the most common attacks on a network is
called DoS (Denial of Service). It involves flooding a gateway server or router
with a huge amount of oversized ICMP packets in hopes (for the attacker,
anyway) of flooding the device’s memory buffer; which would cause a shutdown
and open a doorway into the network for the attacker. Security issues will be
covered in detail in Chapter 9.

2. If ICMP traffic is to be blocked effectively, it will be done at the network

parameter device, usually a firewall. This may explain why a person cannot ping a
site on the Internet; or when a person runs a Tracert, why the function times out
before the trace is completed.

12
Guide to TCP/IP, Fourth Edition 5-13

3. The site www.warez.com is perhaps the most famous (infamous?) hacker tool site
on the Internet. Visiting this site or the other site mentioned in the text should be
for research purposes only; it is not recommended that your students download
any of the tools from these sites onto the school’s lab computers (unless
specifically requested to do so as part of a class project). The use of these tools,
either with school or personal computers, to compromise public or private
networks can result in civil and criminal proceedings being brought against the
student.

4. One of the techniques used by people to illicitly gain information about a network
is Passive Fingerprinting. This method is used to map a target network and the
networks and hosts communicating with it, using data from a protocol analyzer.
This is an example of why ICMP and a protocol analyzer together can be a
potential hazard to network security.

Security Issues for ICMPv6

1. ICMPv6 has built-in security features that are designed to prevent attacks sent
from another network segment. These features include the value in the Hop Limit
field being set at 255. Also, the source address of ICMPv6 packets must be either
link-local or unspecified (::/128) for all Router Advertisement and Neighbor
Solicitation messages.

2. Authentication for ICMPv6 packet exchanges is managed using the IP

Authentication Header (IPv6-AUTH) or the IP Encapsulating Security Payload
Header (IPv6-ESP).

3. In short, except for the items already mentioned, ICMPv6 security is similar to
ICMPv4.

Decoding ICMP Packets

1. The structure of ICMP and other network packets can seem theoretical when
viewed as a diagram or discussed in a narrative, but tools such as Wireshark can
capture and decode ICMP packets for examination.

ICMPv4

1. Use Figure 5-34 and Table 5-21 to show the ICMPv4 Echo Request and Echo
Reply Message format fields.

ICMPv6

1. Use Figure 5-35 and Table 5-22 to show the ICMPv6 Echo Request and Echo
Reply Message format fields.

13
Guide to TCP/IP, Fourth Edition 5-14

Quick Quiz 4
1. True or False: The ICMP Echo Request guarantees packet delivery.
Answer: False

2. The Traceroute utility uses ____________________ to identify a path from the

sender to the target host.
Answer: route tracing

3. The ____ utility is a command-line utility that uses ICMP Echo packets to test
router and link latency, as well as packet loss.
Answer: Pathping

4. ____________________ enables a source to learn the currently supported MTU

across an entire path, without requiring fragmentation.
Answer: PMTU Discovery

Class Discussion Topics

1. The text mentions that some public sites block ICMP echo responses for security
reasons. If blocking ICMP is a good strategy for keeping your network safe from
intrusion from the Internet, why don’t all public sites follow this policy?

2. Assign half of the class the role of sysadmins of your school’s IT Department.
Assign the other half to be student users of the school’s computer network, which
includes Internet access. The issue is whether or not students should be allowed
access to ICMP utilities such as ping and Traceroute on university computers. The
sysadmins say “no” and the students say “yes.” Have each side discuss their
position, and as instructor, determine who has the more convincing argument.

3. It is extremely common to assign network hosts a default gateway either manually

on each machine or automatically through DHCP services. Given the above, why
would a network admin choose to use the router solicitation and router discovery
processes instead? Have the students discuss the pros and cons of each method.

14
Guide to TCP/IP, Fourth Edition 5-15

Additional Projects
1. This project can only be done with the instructor’s approval if school computers
are involved. Go to www.pingplotter.com and download the freeware version of
their software. With the experience of this chapter and based on other relevant
information from the text, use the pingplotter utility to use as many of the
functions of ping and Tracert as it is capable of performing. Report to the class on
the benefits and drawbacks of using pingplotter compared to the more standard
ICMP utilities. NOTE: If students choose to download pingplotter onto their
personal computer equipment, they bear sole responsibility for their use of the
tool and the resulting outcomes.

2. Have the students go to www.fifi.org (yes, that’s “fifi”). Click on “Public

Services,” and then, near the top of the page, first choose “pinging.” After they
are done with that page, have them choose the other link “tracing routes.” On the
“pinging” page, have them fill out a well-known Web site like www.yahoo.com
or www.google.com in the “host name” field. They should choose “5” as the
packet count. Leave the other settings at the default and click the ping button.
Once they’ve done this with two or three addresses, have them go to the
“services” page again and choose “tracing routes.” They should use the same
names in the “host name” field, set the “traces count” to “3,” and click
“Traceroute.” Have the students report on the differences between using this
method and the usual ICMP utilities from the Windows command-line interface.

Additional Resources
1. For information on a form of graphical Traceroute, go to www.pingplotter.com.
The site makes both freeware and shareware versions of their software available
for download. Please caution your students to not download any software onto
their school lab machines without specific direction from the instructor to do so.
This site is recommended only to introduce the students to the concept of a
graphical Traceroute utility.

2. For more information on ICMP datagram format, IP addressing, and a number of

other related topics, your students can go to www.ceenet.org. Click on
“Workshops” then “Materials,” and then click on CEENet’98 Technology
Workshop lecture materials. Under “Track1 Engineering the Network, Avgust
Jauk,” click on the html link by “IP addressing and Introduction to IP Routing.”
Scroll down the Table of Contents and click on “ICMP datagram format.” The
other subjects on this page are also worthy of study and address subjects that have
been addressed in the previous chapters that have been reviewed up to this point.

15
Guide to TCP/IP, Fourth Edition 5-16

3. As always, the relevant Request for Comment documents are good source
materials:

ICMP RFC 792

Source Quench RFC 896
Address Mask RFC 950
PMTU Discovery RFC 1191
ICMP Frame Structures RFC 1256
Type of Service (TOS) in IP Suite RFC 1349
Requirements for IPv4 Routers RFC 1812

Key Terms
 advertising rate—The rate at which a service (typically a routing service) is
announced on a network. An example of an advertising rate is the 10-minute
advertising rate for ICMP Router Advertisement packets.
 allowable data size—The amount of data that can be transferred across a link; the
MTU.
 auto-reconfiguration—The process of automatically changing the configuration
of a device. For example, when a PMTU host receives an ICMP Destination
Unreachable: Fragmentation Needed and Don’t Fragment was Set ICMP packet,
that host can reconfigure the outgoing MTU size to match the size dictated by the
restricting link.
 auto-recovery—The process of automatically recovering from a fault. For
example, the process of black hole detection enables a host to auto-recover from a
communication failure caused by a router that does not forward packets and does
not send any messages indicating that an error occurred.
 available routes—The known functional routes on an internetwork. Available
routes are not necessarily the optimal routes. On IP networks, routers periodically
advertise available routes.
 average response time—The median time required to reply to a query. The
history of network average response times is used to provide a measurement for
comparison of current network responses.
 backward compatibility—A feature that enables a device, process, or protocol to
operate with earlier versions of software or hardware that do not support all the
latest, up-to-date, or advanced features. For example, a PMTU host can
automatically and incrementally reduce the MTU size it uses until it learns the
supported PMTU size.
 command-line parameter—Options added to a command issued at a prompt (not
in a windowed environment). For example, in the command arp -a, the -a is the
parameter for the command arp.
 connectivity tests—Tests to determine the reachability of a device. IP PING and
TRACEROUTE are two utilities that can be used for connectivity testing.
 Destination Unreachable message— An ICMP error message sent from a router
to a network host notifying the host that its message could not be delivered to its
destination.

16
Guide to TCP/IP, Fourth Edition 5-17

 Destination Unreachable packets—ICMP packets that indicate a failure to reach

a destination due to a fragmentation problem, parameter problem, or other
problem.
 end-to-end minimum MTU size—The smallest data size that can be sent from
one host to another host on an internetwork. Packets may be fragmented to reach
the end-to-end minimum MTU size, or the PMTU process can be used to
determine the minimum size.
 expired route entry—A route entry that is considered “too old” and won’t be
used to forward data through an internetwork. Expired route entries may be held
in a routing table for a short time in anticipation that the route will become valid
again as another device advertises it.
 firewalking—A two-staged reconnaissance method involving an initial perimeter
device discovery phase and subsequent inverse mapping of filtered devices (by
eliciting Time Exceeded responses).
 fragmentable—Able to be fragmented. A packet must have the May Fragment
bit set in order to allow an IP packet to be fragmented if necessary.
 gateway—In the TCP/IP environment, the term “gateway” is used to refer to a
Network layer forwarding device typically known as a router. The default
gateway is the router a host sends a packet to when the host has no specific route
to a destination.
 hacker—A person who uses computer and communications knowledge to exploit
information or functionality of a device.
 host probe—A reconnaissance process used to determine which hosts are active
on an IP network. Typically, the PING process is used to perform a host probe.
 ICMP Echo communication—An ICMP process whereby a host sends an Echo
packet to another host on an internetwork. If the destination host is active and
able, it echoes back the data that is contained in the ICMP Echo packet.
 ICMP Echo Request packets—Packet that are sent to a device to test
connectivity. If the receiving device is functional and can reply, it should echo
back the data that is contained in the data portion of the Echo Request packet.
 ICMP error message—Error messages sent using the ICMP protocol.
Destination Unreachable, Time Exceeded, and Parameter Problem are examples
of ICMP error messages.
 ICMP query message—ICMP messages that contain requests for configuration
or other information. ICMP Echo Request, Router Solicitation, and Address Mask
Request are examples of ICMP query messages.
 ICMP Router Discovery—A process in which hosts send ICMP Router
Solicitation messages to the all-router multicast address (224.0.0.2). Local routers
that support the ICMP Router Discovery process reply with an ICMP Router
Advertisement unicast to the host. The advertisement contains the router’s address
and a Lifetime value for the router’s information.
 ICMP Router Solicitation—The process that a host can perform to learn of local
routers. ICMP Router Solicitation messages are sent to the all-routers multicast
address of 224.0.0.2.

17
Guide to TCP/IP, Fourth Edition 5-18

 Internet Control Message Protocol (ICMP)—A key protocol in the TCP/IP

protocol suite that provides error messages and the ability to query other devices.
IP PING and TRACEROUTE utilities use ICMP.
 Internet Group Management Protocol (IGMP)—A protocol that supports the
formation of multicast groups. Hosts use IGMP to join and leave multicast
groups. Routers track IGMP memberships and only forward multicasts on a link
that has active members of that multicast group.
 inverse mapping—The process of identifying live network hosts (mapping
internal network layout) positioned behind a filtering device by probing for
addresses known not to be in use.
 IP address scanning—The process of sending PING packets (ICMP Echo
Request packets) to each host within an IP address range to obtain a list of active
hosts in that range. This method is commonly used by hackers—all devices that
reply may be probed further to determine if they represent valid targets for attack.
 metrics—Measurements that may be based on distance (hop count), time
(seconds), or other values.
 millisecond—One-thousandth of a second.
 network congestion—A condition that occurs when the delivery time for packets
(also known as network latency) increases beyond normal limits. Congestion can
result from several causes, including problems with network links, overloaded
hosts or routers, or unusually heavy network usage levels. Packet loss is identified
as a characteristic of network congestion.
 Network Time Protocol (NTP)—A time synchronization protocol defined in
RFC 1305. NTP provides the mechanisms to synchronize and coordinate time
distribution in a large, diverse Internet operating at varying speeds.
 optimal route—The best route possible. Typically, routing protocols are used to
exchange routing metric information to determine the best route possible. The
optimal route is defined as either the route that is quickest, most reliable, most
secure, or considered best by some other measurement. When TOS is not used,
the optimal route is either the closest (based on hop count) or the highest
throughput route.
 overhead—The non-data bits or bytes required to move data from one location to
another. The datalink header is the overhead required to move an IP packet from
one device to another across a network. The IP header is additional overhead
required to move a packet through an internetwork. Ideally, bandwidth,
throughput, and processing power should be devoted to moving high amounts of
data bytes—not high amounts of overhead bytes.
 path—The route that a packet can take through an internetwork.
 path discovery—The process of learning possible routes through a network.
 Path MTU (PMTU)—The MTU size that is supported through an entire path; the
lowest common denominator MTU through a path. The Path MTU is learned
through the PMTU Discovery process.
 PMTU Discovery—The process of learning the MTU that is supported through
an entire path. ICMP is used for PMTU Discovery.
 Pathping—A Windows utility used to test router and path latency, as well as
connectivity.

18
Guide to TCP/IP, Fourth Edition 5-19

 reachability—The ability to find at least one transmission path between a pair of

hosts so they can exchange datagrams across an internetwork.
 reconnaissance process—The process of learning various characteristics about a
network or host. Typically, reconnaissance probes precede network attacks.
 redirect—Point out another path. Using ICMP, a router can redirect a host to
another more optimal router.
 restricting link—A link that does not support forwarding based on the current
packet format and configuration. PMTU is used to identify restricting links so
hosts can re-send packets using an acceptable MTU size.
 retry counter—A counter that tracks the number of retransmissions on the
network. The most common retry counter found in TCP/IP networking is the TCP
retry counter. If a communication cannot be completed successfully before the
retry counter expires, the transmission is considered a failure.
 round-trip time—The amount of time required to get from one host to another
host and back. The round-trip time includes the transmission time from the first
point to the second point, the processing time at the second point, and the return
transmission time to the first point.
 route tracing—A technique for documenting which hosts and routers a datagram
traverses in its path from the sender to the receiver. (The Traceroute and Tracert
commands use ping in a systematic way to provide this information.)
 silent discard—The process of discarding a packet without notification to any
other device that such a discarding process occurred. For example, a black hole
router silently discards packets that it cannot forward.
 throughput difference—The comparative difference in throughput between two
paths. Throughput is measured in Kbps or Mbps.
 time synchronization—The process of obtaining the exact same time on multiple
hosts. Network Time Protocol (NTP) is a time synchronization protocol.
 Traceroute—See Tracert.
 Tracert—The name of the Windows command that uses multiple ping commands
to establish the identity and round-trip times for all hosts between a sender and a
receiver.
 Universal Time (UT)—Sometimes called Universal Coordinate Time (UCT),
Greenwich Mean Time (GMT), or Zulu Time. A time scale based on the Earth’s
rotation.
 unsolicited—Unrequested. Unsolicited replies are typically advertisements that
occur on a periodic basis. For example, ICMP Router Advertisements typically
occur on a 7–10 minute basis.

19
Guide to TCP/IP, Fourth Edition 5-20

Technical Notes for Hands-On Projects

The lab setup for Chapter 5 includes the following elements:

HANDS-ON NETWORK WORKSTATION OTHER

PROJECT DEVICES OPERATING RESOURCES
REQUIRED SYSTEM REQUIRED
REQUIRED

5-1 LAN connection Windows Vista/7 Wireshark installed

Professional on the Workstation

5-2 LAN connection Windows Vista/7 Ethereal installed

Professional on the Workstation

5–3 LAN connection Windows Vista/7 Wireshark installed

Professional on the Workstation

5-4 LAN connection Windows Vista/7 Wireshark installed

Professional on the Workstation

20