Scribd
Upload
50 views

Joshua Larkin CSC 251 Net-Centric Spring 2012: Host IP: 192.168.1.69 Destination IP: 72.14.204.160

This document summarizes the key findings from a Wireshark lab on ICMP and traceroute: 1. ICMP ping request packets contain the ICMP type and code, checksum, identifier, and sequence number fields. Ping reply packets contain the same fields but with type and code values of 0. 2. Traceroute works by incrementing the TTL field in ICMP echo packets. ICMP error packets received by the source host contain a copy of the initially sent packet and have type and code values of 3. 3. In the traceroute measurements, the delay across one link was significantly longer than others, most likely representing the jump across continents between routers with IP-only names versus English hostnames.

Uploaded by

Ярик Макс
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
50 views

Joshua Larkin CSC 251 Net-Centric Spring 2012: Host IP: 192.168.1.69 Destination IP: 72.14.204.160

This document summarizes the key findings from a Wireshark lab on ICMP and traceroute: 1. ICMP ping request packets contain the ICMP type and code, checksum, identifier, and sequence number fields. Ping reply packets contain the same fields but with type and code values of 0. 2. Traceroute works by incrementing the TTL field in ICMP echo packets. ICMP error packets received by the source host contain a copy of the initially sent packet and have type and code values of 3. 3. In the traceroute measurements, the delay across one link was significantly longer than others, most likely representing the jump across continents between routers with IP-only names versus English hostnames.

Uploaded by

Ярик Макс
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

Joshua Larkin

CSC 251
Net-Centric
Spring 2012

Wireshark Lab 6: ICMP

1. ICMP and Ping:

1. What is the IP address of your host? What is the IP address of the destination host?

Host IP: 192.168.1.69


Destination IP: 72.14.204.160

2. Why is it that an ICMP packet does not have source and destination port numbers?

ICMP is handled by the network and does not need to transfer data through a port up to a higher
layer.

3. Examine one of the ping request packets sent by your host. What are the ICMP type and code
numbers? What other fields does this ICMP packet have? How many bytes are the checksum,
sequence number and identifier fields?
Type: 8. Code: 0. The other fields are Checksum, Identifier, and Sequence Number. They are
each 2 bytes long.

4. Examine the corresponding ping reply packet. What are the ICMP type and code numbers? What
other fields does this ICMP packet have? How many bytes are the checksum, sequence number and
identifier fields?

Type: 0. Code: 0. The other fields are Checksum, Identifier, and Sequence Number. They are
each 2 bytes long.

2. ICMP and Traceroute:

5. What is the IP address of your host? What is the IP address of the target destination host?

Host IP: 192.168.1.69.


Destination IP: 72.14.204.160.

6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the
probe packets? If not, what would it be?

It would not be 01. It would be 17 as specified by RFC 1010.

7. Examine the ICMP echo packet in your screenshot. Is this different from the
ICMP ping query packets in the first half of this lab? If yes, how so?
The only difference is that the echo packets here are incrementing the TTL field.

8. Examine the ICMP error packet in your screenshot. It has more fields than the
ICMP echo packet. What is included in those fields?

A copy of the packet that we initially sent out.

9. Examine the last three ICMP packets received by the source host. How are these packets different
from the ICMP error packets? Why are they different?

They are "Destination unreachable" messages from the server with Type and Code values of 3.

10. Within the tracert measurements, is there a link whose delay is significantly longer than others?
Refer to the screenshot in Figure 4, is there a link whose delay is significantly longer than others? On
the basis of the router names, can you guess the location of the two routers on the end of this link?

Yes there is. It is most likely the jump across continents. The link on one end is still inside the US.
After that the routers only have IP address for names and no hostnames are given. This may signify that
the jump has been made to Asia where the IP address do not have English names.

You might also like