ICMP: Ping and Trace 2 172.30.1.20 172.30.1.25 3 Ping • Uses ICMP message encapsulated within an IP Packet – Protocol field = 1 • Both are layer 3 protocols. (ICMP is considered as a network layer protocol.) • Does not use TCP or UDP, but may be acted upon by the receiver using TCP or UDP. Format • ping ip address (or ping <cr> for extended ping) • ping 172.30.1.25 Ethernet Header (Layer 2) IP Header (Layer 3) ICMP Message (Layer 3) Ether. Tr. Ethernet Destination Address (MAC) Ethernet Source Address (MAC) Frame Type Source IP Add. Dest. IP Add. Protocol field Type 0 or 8 Code 0 Check- sum ID Seq. Num. Data FCS 4 Echo Request • The sender of the ping, transmits an ICMP message, “Echo Request” Echo Request - Within ICMP Message • Type = 8 • Code = 0 Ethernet Header (Layer 2) IP Header (Layer 3) ICMP Message - Echo Request (Layer 3) Ether. Tr. Ethernet Destination Address (MAC) Ethernet Source Address (MAC) Frame Type Source IP Add. 172.30.1.20 Dest. IP Add. 172.30.1.25 Protocol field 1 Type 8 Code 0 Check- sum ID Seq. Num. Data FCS 5 172.30.1.20 172.30.1.25 6 Echo Reply • The IP address (destination) of the ping, receives the ICMP message, “Echo Request” • The ip address (destination) of the ping, returns the ICMP message, “Echo Reply” Echo Reply - Within ICMP Message • Type = 0 • Code = 0 Ethernet Header (Layer 2) IP Header (Layer 3) ICMP Message - Echo Reply (Layer 3) Ether. Tr. Ethernet Destination Address (MAC) Ethernet Source Address (MAC) Frame Type Source IP Add. 172.30.1.25 Dest. IP Add. 172.30.1.20 Protocol field 1 Type 0 Code 0 Check- sum ID Seq. Num. Data FCS 7 Q: Are pings forwarded by routers? A: Yes! This is why you can ping devices all over the Internet. Q: Do all devices forward or respond to pings? A: No, this is up to the network administrator of the device. Devices, including routers, can be configured not to reply to pings (ICMP echo requests). This is why you may not always be able to ping a device. Also, routers can be configured not to forward pings destined for other devices. Routers and Pings 8 Traceroute • Traceroute is a utility that records the route (router IP addresses) between two devices on different networks. 9 Tracroute • http://en.wikipedia.org/wiki/Traceroute • On modern Unix and Linux-based operating systems, the traceroute utility by default uses UDP datagrams with a destination port number starting at 33434. • The traceroute utility usually has an option to specify use of ICMP echo request (type 8) instead. • The Windows utility uses ICMP echo request, better known as ping packets. • Some firewalls on the path being investigated may block UDP probes but allow the ICMP echo request traffic to pass through. • There are also traceroute implementations sending out TCP packets, such as tcptraceroute or Layer Four Trace. • In Microsoft Windows, traceroute is named tracert. • A new utility, pathping, was introduced with Windows NT, combining ping and traceroute functionality. All these traceroutes rely on ICMP (type 11) packets coming back. 10 • Trace ( Cisco = traceroute, tracert,…) is used to trace the probable path a packet takes between source and destination. • Probable, because IP is a connectionless protocol, and different packets may take different paths between the same source and destination networks, although this is not usually the case. • Trace will show the path the packet takes to the destination, but the return path may be different. – This is more likely the case in the Internet, and less likely within your own autonomous system. • Linux/Unix Systems – Uses ICMP message within an IP Packet – Both are layer 3 protocols. – Uses UDP as a the transport layer. – We will see why this is important in a moment. Trace (Traceroute) [...].. .Trace 10.0.0.0/8 172.16.0.0/16 RTA RTB 1 2 192.168.10.0/24 RTC 1 2 RTD 1 2 Format (trace, traceroute, tracert) • RTA# traceroute ip address RTA# traceroute 192.168.10.2 11 Trace 10.0.0.0/8 172.16.0.0/16 RTA RTB 1 2 192.168.10.0/24 RTC 1 2 RTD 1 2 DA = 192.168.10.2, TTL = 1 Data Link Header (Layer 2) Data Link Data Link Destination Source Address Address …… How it works • Traceroute • Traceroute... and does not send any more traces (echo requests) RTA# traceroute 192.168.10.2 Type escape sequence to abort Tracing the route to 192.168.10.2 1 10.0.0.2 4 msec 4 msec 4 msec 2 172.16.0.2 20 msec 16 msec 16 msec 3 192.168.10.2 16 msec 16 msec 16 msec 25 Recommended Reading For more information on ICMP and other TCP/IP topics, I recommend: • TCP/IP Illustrated, Volume I – R.W Stevens 26 ICMP: Ping and. .. time RTB decrements the TTL by 1 and it is NOT 0 (It is 1.) • So it looks up the destination ip address in its routing table and forwards it on to the next router RTC • RTC however decrements the TTL by 1 and it is 0 • RTC notices the TTL is 0 and sends back the ICMP Time Exceeded message back to the source • RTC’s IP header includes its own IP address (source IP) and the sending host’s IP address... (It is 2.) • So it looks up the destination ip address in its routing table and forwards it on to the next router RTC • This time RTC decrements the TTL by 1 and it is NOT 0 (It is 1.) • So it looks up the destination ip address in its routing table and forwards it on to the next router RTD • RTD however decrements the TTL by 1 and it is 0 • However, RTD notices that the Destination IP Address of 192.168.0.2... IP Header (Layer 3) Source IP Add 172.16.0.2 Dest IP Add 10.0.0.1 Protocol field 1 Type 11 Code 0 Chk sum ID Seq Nu m Data The sending host, RTA: • The traceroute program uses this information (Source IP Address) and displays the second hop RTA# traceroute 192.168.10.2 Type escape sequence to abort Tracing the route to 192.168.10.2 1 10.0.0.2 4 msec 4 msec 4 msec 2 172.16.0.2 20 msec 16 msec 16 msec... Header (Layer 3) Source IP Add 10.0.0.1 Dest IP Add 192.168.10.2 Protocol field 1 TTL 3 ICMP Message - Echo Request (trace) Type 8 Chk sum ID Seq Num Data UDP (Layer 4) DestPort 35,000 DataLink Tr FCS Code 0 The sending host, RTA: • The traceroute program increments the TTL by 1 (now 3 ) and resends the Packet 20 10.0.0.0/8 172.16.0.0/16 RTA 192.168.10.0/24 RTB 1 RTC 2 1 RTD 2 1 2 DA = 192.168.10.2, TTL... Address …… IP Header (Layer 3) Source IP Add 10.0.0.1 Dest IP Add 192.168.10.2 Protocol field 1 TTL 2 ICMP Message - Echo Request (trace) Type 8 Chk sum ID Seq Num Data UDP (Layer 4) DestPort 35,000 DataLink Tr FCS Code 0 RTA • The traceroute program increments the TTL by 1 (now 2 ) and resends the ICMP Echo Request packet 16 10.0.0.0/8 172.16.0.0/16 RTA RTB 1 2 192.168.10.0/24 RTC 1 2 RTD 1 2 DA = 192.168.10.2,... Message – Port Unreachable Type 3 Code 3 Chk sum ID Seq Nu m Data DataLink Tr FCS Sending host, RTA • RTA receives the ICMP Port Unreachable message • The traceroute program uses this information (Source IP Address) and displays the third hop • The traceroute program also recognizes this Port Unreachable message as meaning this is the destination it was tracing 24 10.0.0.0/8 172.16.0.0/16 RTA RTB 1 2... Add 10.0.0.1 Dest IP Add 192.168.10.2 Protocol field 1 TTL 1 ICMP Message - Echo Request (trace) Type 8 Chk sum ID Seq Num Data UDP (Layer 4) DestPort 35,000 DataLink Tr FCS Code 0 (using UDP) - Fooling the routers & host! uses ping (echo requests) sets the TTL (Time To Live) field in the initially to “1” 12 Trace 10.0.0.0/8 172.16.0.0/16 RTA RTB 1 2 192.168.10.0/24 RTC 1 2 RTD 1 2 DA = 192.168.10.2,... Message - Echo Request (trace) Type 8 Chk sum ID Seq Num Data UDP (Layer 4) DestPort 35,000 DataLink Tr FCS Code 0 21 10.0.0.0/8 172.16.0.0/16 RTA RTB 1 2 192.168.10.0/24 RTC 1 2 RTD 1 2 DA = 192.168.10.2, TTL = 1 ICMP Time Exceeded, SA = 10.0.0.2 DA = 192.168.10.2, TTL = 2 ICMP Time Exceeded, SA = 172.16.0.2 DA = 192.168.10.2, TTL = 3 RTB • This time RTB decrements the TTL by 1 and it is NOT 0 (It is . packets, such as tcptraceroute or Layer Four Trace. • In Microsoft Windows, traceroute is named tracert. • A new utility, pathping, was introduced with Windows NT, combining ping and traceroute functionality moment. Trace (Traceroute) 11 Format (trace, traceroute, tracert) • RTA# traceroute ip address RTA# traceroute 192.168.10.2 10.0.0.0/8 172.16.0.0/16 192.168.10.0/24 .1 .1 .1.2 .2 .2 RTA RTB RTC RTD Trace 12 How. functionality. All these traceroutes rely on ICMP (type 11) packets coming back. 10 • Trace ( Cisco = traceroute, tracert,…) is used to trace the probable path a packet takes between source and destination. • Probable,