Ethereal lab: ICMP

1:ICMP and Ping

Figure 1
 Figure 2
Q1: What is the IP address of your host? What is the IP address of the destination host?
The IP address of my host is 192.168.1.3 and destination host has 143.89.14.34.
Q2: Why is it that an ICMP packet does not have source and destination port numbers?
Our packet does not have datagram field this is because ICMP packet that we send is used
to communicate network-layer information between hosts and routers not between application
layer process

Q3: Examine one of the ping request packets sent by your host. What are the ICMP type and
code numbers? What other fields does this ICMP packet have? How many bytes are the
checksum, sequence number and identifier fields?

From fig 2 we can see that

Code:0 Type:8 This packet have checksum,identifier,sequence number and data field.

Figure 3
We can see from figure 3

checksum,identifier,sequence number has 2 bytes each as we can see when we click on these
field they have 2 bytes
 Figure 4
Q4: Examine the corresponding ping reply packet. What are the ICMP type and code numbers?
What other fields does this ICMP packet have? How many bytes are the checksum, sequence
number and identifier fields?

From fig 4 we can see that

Code:0 Type:0 This packet have checksum,identifier,sequence number and data field.
 Figure 5
We can see from fig 5 that all fields have 2 bytes.

2:ICMP and Traceroute

 Figure 6

Q5: What is the IP address of your host? What is the IP address of the target destination host?
The IP address of my host is 00:0d:56:ed:7c:a2 and destination host is c8:d5:fe:1e:78:94.

Q6: If ICMP sent UDP packets instead would the IP protocol number still be 01 for the probe
packets? If not, what would it be?

No IP protocol number is 01 in ICMP and in UDP protocol number is 011 we can see it by

Internet protocol -> flags -> Protocol no:

Q7: Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping
query packets in the first half of this lab? If yes then how so.

If we see ICMP ping quary packet in figure 2 and ICMP echo packet in figure 6 then we
see that they both have same fields an their bytes. So there is no difference between them.

Q8: Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo
packet. What is included in those fields?

As we can see in fig 7 that error packet have more fields. It has following fields

Error packet fields

Echo packet fields

Figure 7
Q9: Examine the last three ICMP packets received by the source host. How are these packets
different from the ICMP error packets? Why are they different?

We can see from fig 7 that the last three ICMP packets are message type 0 (echo rply)
rather than 11 (TTL exceded in transient). They are different because the datagrams have made
it to the destination host before the TTL exceded in transient.

Figure 8
Q10: Within the tracert measurements, is there a link whose delay is significantly longer than
others? Refer to the screenshot in Figure 8, is there a link whose delay is significantly longer
than others? On the basis of the router names, can you guess the location of the two routers on
the end of this link?

We can see in fig 8 that the longest delay is between 8th and 9th packet. We can see
from the fig that this is the link from pie.net.pk to palermo7.pal.seabn.net and it is longest link.