Task 3: Wireshark Lab: ICMP v7.0
In this task, you will explore several aspects of the ICMP protocol using WIRESHARK. Wireshark is a free and open-source packet analyzer. It is used for network troubleshooting, analysis, software and communications protocol development, and education.
• ICMP messages generating by the Ping program; 1. ICMP and Ping
Let’s begin our ICMP adventure by capturing the packets generated by the Ping program. The Ping program is simple tool that allows anyone (for example, a network administrator) to verify if a host is live or not. The Ping program in the source host sends a packet to the target IP address; if the target is live, the Ping program in the target host responds by sending a packet back to the source host. As you might have guessed (given that this lab is about ICMP), both Ping packets are ICMP packets.
Do the following1:
Let’s begin this adventure by opening the Windows Command Prompt application. You can also use the MacOS or Linux terminal.
Start up the Wireshark packet sniffer and begin Wireshark packet capture.
The ping command is in c:\windows\system32, so type either “ping –n 10 hostname” in the MS-DOS command line (without quotation marks), where hostname is a host on another
continent. For example: www.biadu.com
MacOS/Linux ping -c 10 www.biadu.com (Should also work)
Try ping multiple times some of the packets will get lost that is ok.
When the Ping program terminates, stop the packet capture in Wireshark.
At the end of the experiment, your Terminal Window should look something like Figure 1. In this example, the source ping program is in Australia and the destination Ping program is in China. From this window we see that the source ping program sent 10 query packets and received 10 responses. Note also that for each response, the source calculates the round-trip time (RTT).
1 If you are unable to run Wireshark live on a computer, please follow online tutorials.
Copyright © 2020 VIT, All Rights Reserved.
MITS4004 Assignment 3
Figure 1 Command prompt window after entering Ping command.
Figure 2 provides a screenshot of the Wireshark output, after “icmp” has been entered the filter display window. Note that the packet listing shows 20 packets: the 10 Ping queries sent by the source and the 10 Ping responses received by the source. Also note that the source’s IP address is a private address (behind a NAT) of the form 192.168/12; the destination’s IP address is that of the Web server at destination. Now let’s zoom in on the first packet (sent by the client); in the figure below, the packet contents area provides information about this packet. We see that the IP datagram within this packet has protocol number 01, which is the protocol number for ICMP. This means that the payload of the IP datagram is an ICMP packet.
Figure 2 Wireshark output for Ping program with Internet Protocol expanded.
Figure 3 focuses on the same ICMP but has expanded the ICMP protocol information in the packet contents window. Observe that this ICMP packet is of Type 8 and Code 0 - a so-called ICMP “echo request” packet. Also note that this ICMP packet contains a checksum, an identifier, and a sequence number.
Copyright © 2020 VIT, All Rights Reserved.
MITS4004 Assignment 3
Figure 3 Wireshark capture of ping packet with ICMP packet expanded. What to submit in TASK 3?
• You should hand in a screen shot of the Command Prompt/Terminal window similar to Figure 1 above. Annotate the ScreenShot2 to explain your answer. To print a packet, use File- >Print, choose Selected packet only, choose Packet summary line, and select the minimum amount of packet detail that you need to answer the question.
You should answer the following questions:
What is the IP address of your host? What is the IP address of the destination host?
Examine one of the ping request packets sent by your host. What are the ICMP type and
code numbers? What other fields does this ICMP packet have? How many bytes are the
checksum, sequence number and identifier fields?
Examine the corresponding ping reply packet. What are the ICMP type and code numbers?
What other fields does this ICMP packet have? How many bytes is the checksum field?
Wireshark is a software that analyses packets sent throughout a network. In your opinion,
why analysing a network in a real time is necessary?