PART 2 - ICMP - Ping • Open the Windows Command Prompt application (which can be

Question

PART 2 - ICMP - Ping

• Open the Windows Command Prompt application (which can be found in your Accessories folder).
• Start up the Wireshark, and begin Wireshark packet capture.
• The ping command is in c:windowssystem32, so type either “ping –n 10 hostname” or “c:windowssystem32ping –n 10 hostname” in the MS-DOS command line (without quotation marks), where hostname is a host on another continent. You may want to enter www.ust.hk i.e. a Hong Kong University webserver or www.cnn.com or any other legitimate website’s web server. The argument “-n 10” indicates that 10 ping messages should be sent. Then run the Ping program by typing return.
• When the Ping program terminates, stop the packet capture in Wireshark

1. What is the purpose of ping protocol? How does a ping protocol work? On which layer of the OSI model it is based.

2. Examine one of the ping request packets sent by the source host. What are the ICMP type and code numbers? What other fields does this ICMP packet have? How many bytes are the checksum, sequence number and identifier fields?

ICMP – Tracert
• Open the Windows Command Prompt application (which can be found in your Accessories folder).

• Start up the Wireshark, and begin Wireshark packet capture.

• The tracert command is in c:windowssystem32, so type either “tracert hostname” or “c:windowssystem32 racert hostname” in the MS-DOS command line (without quotation marks), where hostname is a host on another continent.

• (Note that on a Windows machine, the command is “tracert” and not “traceroute”.)

• Create a screen shot of the Command Prompt window

• When the Traceroute program terminates, stop packet capture in Wireshark.

3. What is the hostname that you have used? What is the purpose of tracert command? Is it based on UDP or TCP protocol or neither?

4. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol number still be 01 for the probe packets? If not, what would it be?

5. Try to capture ICMP echo packet. Is this different from the ICMP ping query packets in the first half of this experiment? If yes, how so?

Explanation / Answer

1)
ping is used to test reachability of host on an IP ( internet protocol) and measure
round trip time.
ping works by sending packet requests to target host and waiting for ICMP reply.
So that we can calculate round trip time. IT works on network layer.

2)
consider ping request of website .. www.example.com
host address is: 93.184.216.119
total bytes recieved is 56 data bytes.
other fields observed are: icmp_seq number, ttl, time in ms , packets recieved,
packets transmitted, round trip time.

3) I used example as hostname. Tracert command to show the path of the packet of information takes from your computer. It uses UDP protocol.

4) No, not always, the IP protocol number should be 0x11

5) NO, ICMP packet has same fields as ping query packets.

Related Questions

Navigate

• Browse (All)
• Browse P
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.