Jump to content

Wireshark/ICMP Echo

From Wikiversity

Wireshark is a free and open source packet analyzer used for network troubleshooting and analysis. These activities will show you how to use Wireshark to capture and analyze Internet Control Message Protocol (ICMP) Echo traffic.

Readings

[edit | edit source]

Preparation

[edit | edit source]

To prepare for this activity:

  1. Start Windows.
  2. Log in if necessary.
  3. Install Wireshark.

Activity 1 - Capture ICMP Echo Traffic

[edit | edit source]

To capture ICMP Echo traffic:

  1. Start a Wireshark capture.
  2. Use ping <default gateway address> to ping the default gateway address.
  3. Stop the Wireshark capture.

Activity 2 - Analyze ICMP Echo Request Traffic

[edit | edit source]

To analyze ICMP Echo Request traffic:

  1. Observe the traffic captured in the top Wireshark packet list pane. Look for traffic with ICMP listed as the protocol. To view only ICMP traffic, type icmp (lower case) in the Filter box and press Enter.
  2. Select the first ICMP packet, labeled Echo (ping) request.
  3. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 4 / Internet Control Message Protocol frame.
  4. Expand Internet Control Message Protocol to view ICMP details.
  5. Observe the Type. Notice that the type is 8 (Echo (ping) request).
  6. Select Data in the middle Wireshark packet details pane to highlight the data portion of the frame.
  7. Observe the packet contents in the bottom Wireshark packet bytes pane. Notice that Windows sends an alphabet sequence during ping requests.

Activity 3 - Analyze ICMP Echo Reply Traffic

[edit | edit source]

To analyze ICMP Echo Reply traffic:

  1. In the top Wireshark packet list pane, select the second ICMP packet, labeled Echo (ping) reply.
  2. Observe the packet details in the middle Wireshark packet details pane. Notice that it is an Ethernet II / Internet Protocol Version 4 / Internet Control Message Protocol frame.
  3. Expand Internet Control Message Protocol to view ICMP details.
  4. Observe the Type. Notice that the type is 0 (Echo (ping) reply).
  5. Select Data in the middle Wireshark packet details pane to highlight the data portion of the frame.
  6. Observe the packet contents in the bottom Wireshark packet bytes pane. Notice that the reply echoes the request sequence.
  7. Close Wireshark to complete this activity. Quit without Saving to discard the captured traffic.

References

[edit | edit source]