$3$

ICMPv$4$ uses two categories of packets, error$-$reporting and query. Figure $19\mathrm{.}8$ in

the textbook gives the general format for each category. We also recommend to check

the extra materials for Chapter $19$ at the book website if you need to find the exact for$-$

mat for each type of packet.

In this assignment, our goal is to capture and analyze ICMPv$4$ packets $($both error$-$

reporting and query types$).$ We can easily create ICMPv$4$ query messages using a pro$-$

gram called ping as shown in Example $19\mathrm{.}11$ on Page $578$ of the textbook. Creating

error$-$reporting packets is more tricky. These packets are created automatically when

there is an error in the path. We cannot wait for an error to occur in the path, but we can

artificially force a condition to make IP create an error$-$reporting ICMP packet. This

can be done using a program called traceroute $($in Unix$-$like environment$)$ or a tracert

$($in Windows environment$)$ as shown in Figure $19\mathrm{.}10$ on Page $580$ of the textbook. We

use the ping and tracert in this document to capture ICMP packets.

$19\mathrm{.}2\mathrm{.}3$ Using The ping Utility

In this section of the assignment, we use the ping utility to capture ICMPv$4$ query

packets: echo request and echo reply $($See the extra materials for Chapter $19$ at the book

website for more information$).$ The ping utility is$,$ in fact, a client$-$server program. The

client program, which needs to be invoked at the command prompt, triggers an echo

request packets; the server program, which is running at the background all the time,

waits for a signal from an echo request message, and triggers an echo reply message.

The ping program, however, does not insert a message in the ICMPv$4$ packets, it just

simply triggers its creation and provides the values for identification and the sequence

number fields.

We have divided this section into two parts: Part I and Part II$.$ In Part I, we want to

see the messages exchanged at the ping level. In part II$,$ we want to capture frames car$-$

rying ICMPv$4$ packet, which are encapsulated in an IPv$4$ packet.

Part I: Analyzing Ping

$$ Open the Wireshark and start packet capturing. Although, we are not using the

these frames Part I, we will use them in Part II of the assignment section.

$$ Open Command Prompt and type ping hostname. The hostname can be the domain

name or the IP address of a site you know $($be sure that there is no firewall to filter

out the packets$).$ An example of the result of the ping command in the Command

Prompt window looks as shown in Figure $19\mathrm{.}1.$

$$ Return to the Wireshark window, stop packet capturing, and save the captured file.

Questions

Using the result of the ping command in the Command Prompt window, answer the fol$-$

lowing questions in your lab report.

$1.$ What is the destination IP address?

$2.$ How many ping messages are sends?

$3.$ How many bytes of data are in each ping message?

$4.$ What is the round$-$trip time for each packet?$4$

$5.$ What are the minimum, average, and maximum round trip times?

Part II: Wireshark Capture of Ping Commands

$$ Open the file you captured in Part I.

$$ In the Filter field of the Wireshark window type icmp $($lower case$)$ and click

Apply.

Questions

Using the result of the information in the captured file, answer the following questions

in your lab$-$report sheet.

$1.$ What is the destination IP address of Echo request ICMP messages? Does the

result agree with the information in Part I of the lab?

$2.$ How many Echo request ICMP packet are in the packet list pane? How many Echo

reply ICMP packets are in the packet list pane? Does the result agree with the

information in Part I of the lab?

$3.$ How many bytes of data are carried by each ICMP packet? Does the result agree

with the information in Part I of the lab?

$4.$ Evaluate the difference between the time the first Echo message was sent and the

time the first reply message was received. Does the result agree with the informa$-$

tion in Part I of the lab?

$5.$ Comparing Echo request ICMP messages with Echo reply ICMP message, deter$-$

mine

a$.$ What fields are the same? Explain the reason.

b$.$ What fields are different? Explain the reason.

$6.$ Comparing all Echo request ICMP messages, determine

a$.$ What fields are the same? Explain the reason.

Figure $19\mathrm{.}1$ Example of using ping$5$

b$.$ What fields are different? Explain the reason.

$19\mathrm{.}2\mathrm{.}4$ Using traceroute or tracert Utility

To capture some ICMPv$4$ error$-$reporting packets, we can use either the traceroute util$-$

ity $($in Unix$-$like environment$)$ or the tracert utility $($in the Windows environment$).$ The

traceroute utility is a client$-$server at the application layer that uses the services of

UDP; the tracert utility is a client$-$server program that uses the services of IP$.$ In this

assignment, we use tracert, but the ass