Internet Protocol Analysis/Internet Control Message Protocol

From Wikiversity
Jump to navigation Jump to search

This lesson continues the Internet layer and looks at the Internet Control Message Protocol (ICMP and ICMPv6). Activities include using Wireshark to examine ICMP and ICMPv6 network traffic.

Readings[edit | edit source]

  1. Wikipedia: Internet Control Message Protocol
  2. Wikipedia: ICMPv6
  3. Wikipedia: Path MTU Discovery

Multimedia[edit | edit source]

  1. YouTube: ICMP Packet Capture with Michael Gregg

Activities[edit | edit source]

  1. Review Wireshark: Internet Control Message Protocol (ICMP).[1]
  2. Use Wireshark to capture and analyze ICMP Echo traffic.
  3. Use Wireshark to capture and analyze ICMP Time Exceeded traffic.
  4. Use Wireshark to capture and analyze ICMP tracert/traceroute traffic.
  5. Review Wireshark: ICMPv6.
  6. Use Wireshark to capture and analyze ICMPv6 Echo traffic.
  7. Use Wireshark to capture and analyze ICMPv6 Time Exceeded traffic.
  8. Use Wireshark to capture and analyze ICMPv6 tracert/traceroute traffic.
  9. Use ping to determine local network MTU.
  10. Use ping to determine Path MTU to an Internet host such as Google's public DNS server 8.8.8.8.
    Note that Internet routers frequently drop large ICMP packets to prevent Denial of Service attacks, so it may not be possible to capture ICMPv6 Packet Too Big messages with this approach.
  11. Consider situations in which a packet analyzer might be used to troubleshoot ICMP traffic.

Lesson Summary[edit | edit source]

  • ICMP is a core protocol operating in the Internet layer of the Internet Protocol Suite.[2]
  • ICMP messages are used for diagnostic or control purposes or generated in response to errors in IP operations.[1]
  • ICMP messages may be classified into two categories: error messages and information messages.[3]
  • ICMP errors are directed to the source IP address of the originating packet.[4]
  • ICMPv6 is an integral part of IPv6 and performs error reporting, diagnostic functions (e.g., ping), and provides a framework for extensions to implement future changes.[5]
  • ICMPv6 error messages include Destination Unreachable, Packet Too Big, Time Exceeded, and Parameter Problem.[6]
  • ICMPv6 informational messages include Echo Request, Echo Reply, and a variety of multicast messages that will be covered in the next lesson.[7]
  • The tracert (traceroute) and Pathping commands are implemented by transmitting datagrams with specially set IP TTL header fields and looking for ICMP Time Exceeded and Destination Unreachable messages generated in response.[8]
  • The ping utility is implemented using ICMP Echo Request and Echo Reply messages.[9]
  • Path MTU Discovery in IPv4 is performed by routers and supported through fragmentation.[10]
  • Path MTU Discovery in IPv6 must be performed by the sending host, because IPv6 routers do not support fragmentation.[11]

Key Terms[edit | edit source]

Destination Unreachable
An ICMP error message which is generated by the host or its inbound gateway to inform the client that the destination is unreachable for some reason.[12]
Echo Reply
An ICMP informational message response to an echo request.[13]
Echo Request
An ICMP informational message whose data is expected to be received back in an echo reply.[14]
Packet Too Big
An ICMP error message which is generated by a gateway to inform the source of a discarded datagram due to the size being too large for the link layer.[15]
Parameter Problem
An ICMP error message which is generated by a host to inform the source of a problem with a field in the IPv6 header or extension headers of a packet that has been discarded.[16]
Path MTU Discovery (PMTUD)
A standardized technique in computer networking for determining the maximum transmission unit (MTU) size on the network path between two Internet Protocol (IP) hosts, usually with the goal of avoiding IP fragmentation.[17]
Redirect Message
An ICMP message which informs a host to update its routing information (to send packets on an alternate route).[18]
Source Quench
An ICMP message which requests that the sender decrease the rate of messages sent to a router or host.[19]
Time Exceeded
An ICMP error message which is generated by a gateway to inform the source of a discarded datagram due to the time to live / hop count field reaching zero.[20]

Review Questions[edit | edit source]

Enable JavaScript to hide answers.

Click on a question to see the answer.

  1. ICMP is a core protocol operating in the _____ layer of the Internet Protocol Suite.
    ICMP is a core protocol operating in the Internet layer of the Internet Protocol Suite.
  2. ICMP messages are used for _____.
    ICMP messages are used for diagnostic or control purposes or generated in response to errors in IP operations.
  3. ICMP messages may be classified into two categories: _____ and _____.
    ICMP messages may be classified into two categories: error messages and information messages.
  4. ICMP errors are directed to _____.
    ICMP errors are directed to the source IP address of the originating packet.
  5. ICMPv6 is an integral part of IPv6 and performs _____, and provides _____.
    ICMPv6 is an integral part of IPv6 and performs error reporting, diagnostic functions (e.g., ping), and provides a framework for extensions to implement future changes.
  6. ICMPv6 error messages include _____.
    ICMPv6 error messages include Destination Unreachable, Packet Too Big, Time Exceeded, and Parameter Problem.
  7. ICMPv6 informational messages include _____.
    ICMPv6 informational messages include Echo Request, Echo Reply, and a variety of multicast messages.
  8. The _____ utilities are implemented by transmitting datagrams with specially set IP TTL header fields and looking for ICMP Time Exceeded and Destination Unreachable messages generated in response.
    The tracert (traceroute) and Pathping utilities are implemented by transmitting datagrams with specially set IP TTL header fields and looking for ICMP Time Exceeded and Destination Unreachable messages generated in response.
  9. The _____ utility is implemented using ICMP Echo Request and Echo Reply messages.
    The ping utility is implemented using ICMP Echo Request and Echo Reply messages.
  10. Path MTU Discovery in _____ is performed by routers.
    Path MTU Discovery in IPv4 is performed by routers.
  11. Path MTU Discovery in _____ must be performed by the sending host.
    Path MTU Discovery in IPv6 must be performed by the sending host.
  12. ICMP stands for _____.
    ICMP stands for Internet Control Message Protocol.

Assessments[edit | edit source]

References[edit | edit source]

Type classification: this is a lesson resource.
Completion status: this resource is considered to be complete.