【Wireshark Lab v8.0】Lab9：ICMP

实验步骤均来自实验指导手册。

实验指导手册下载地址：Jim Kurose Homepage (umass.edu)

In this lab, we’ll explore several aspects of the ICMP protocol:

• ICMP messages generating by the Ping program;

• ICMP messages generated by the Traceroute program;

• the format and contents of an ICMP message.

1.ICMP and Ping

命令ping -n 10 hostnameindicates that 10 ping messages should be sent。

例如：

What hand to in：

1. What is the IP address of your host? What is the IP address of the destination host?

   src ip：192.168.1.101

   dst ip：143.89.14.34

2. Why is it that an ICMP packet does not have source and destination port numbers?

   The ICMP packet does not have source and destination port numbers because it was designed to communicate network-layer information between hosts and routers, not between application layer processes. Each ICMP packet has a "Type" and a "Code". The Type/Code combination identifies the specific message being received. Since the network software itself interprets all ICMP messages, no port numbers are needed to direct the ICMP message to an application layer process.

3. Examine one of the ping request packets sent by your host. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?

   ICMP type：8

   icmp code：0

   2 bytes

   

4. Examine the corresponding ping reply packet. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?

   ICMP type：0

   ICMP code：0

   2 bytes

   

2.ICMP and Traceroute

windows平台：tracert hostmane

5. What is the IP address of your host? What is the IP address of the target destination host?

   src ip:192.168.1.101

   dst ip:138.96.146.2

6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the probe packets? If not, what would it be?

   No. If ICMP sent UDP packets instead, the IP protocol number should be 0x11(why)

7. Examine the ICMP echo packet in your screenshot. Is this different from the ICMP ping query packets in the first half of this lab? If yes, how so?

   The ICMP echo packet has the same fields as the ping query packets

8. Examine the ICMP error packet in your screenshot. It has more fields than the ICMP echo packet. What is included in those fields?

   The ICMP error packet is not the same as the ping query packets. It contains both the IP header and the first 8 bytes of the original ICMP packet that the error is for.

9. Examine the last three ICMP packets received by the source host. How are these packets different from the ICMP error packets? Why are they different?

   The last three ICMP packets are message type 0 (echo reply) rather than 11 (TTL expired). They are different because the datagrams have made it all the way to the destination host before the TTL expired.

10. **Within the tracert measurements, is there a link whose delay is significantly longer than others? Refer to the screenshot in Figure 4, is there a link whose delay is significantly longer than others? On the basis of the router names, can you guess the location of the two routers on the end of this link?****(待补充）)