Wireshark ICMP

Introduction

In this lab, we’ll explore aspects of the ICMP protocol: ICMP messages generating by the Ping program

Before attacking this lab, you’re encouraged to review the ICMP material in section 5.6 of the text.

ICMP and Ping

Let’s begin our ICMP adventure by capturing the packets generated by the Ping program. You may recall that the Ping program is simple tool that allows anyone (for example, a network administrator) to verify if a host is live or not. The Ping program in the source host sends a packet to the target IP address; if the target is live, the Ping program in the target host responds by sending a packet back to the source host. As you might have guessed (given that this lab is about ICMP), both of these Ping packets are ICMP packets.

Do the following:

  • Let’s begin this adventure by opening a terminal

  • Start up the Wireshark packet sniffer, and begin Wireshark packet capture.

  • The ping command is ping -c 10 hostname on Linux/Mac and ping –n 10 hostname on Windows (The -n/c 10 indicating you wish to send 10 ping requests). You can use sydney.edu.au as the hostname, it is the University of Sidney in Australia.

  • When the Ping program terminates, stop the packet capture in Wireshark.

At the end of the experiment, your Command Prompt Window should look something like Figure 1. In this example, the source ping program is in Denmark and the destination Ping program is in Australia. From this window we see that the source ping program sent 10 query packets and received 10 responses. Note also that for each response, the source calculates the round-trip time (RTT), which for the 10 packets is on average 318 msec.

Figure 1
Figure 1: Command Prompt window after entering Ping command

Enter icmp in the filter field in wireshark.

Tasks

You should answer the following questions:

  1. What is the IP address of your host?

  2. What is the IP address of the destination host?

  3. Why is it that an ICMP packet does not have source and destination port numbers?

  4. Examine one of the ping request packets sent by your host - take a screenshot of wireshark with the ICMP packet expanded.

    1. What are the ICMP type number?

    2. What are the ICMP code number?

    3. What other fields does this ICMP packet have?

    4. How many bytes are the checksum, sequence number and identifier fields?

  5. Examine the corresponding ping reply packet - take a screenshot of wireshark with the ICMP packet expanded.

    1. What are the ICMP type number?

    2. What are the ICMP code number?

    3. What other fields does this ICMP packet have?

    4. How many bytes are the checksum, sequence number and identifier fields?