Skip to main content

Briefly ICMP,Ping and Trace-Route with love UDP.


In this article, i am going to share some basic information on ICMP,Ping and Trace-Route. Also see how UDP make use of ICMP for error communication.

Firstly First ICMP.

ICMP is a very simple ,datagram-based protocol. Many other protocols rely up on ICMP to communicate the error conditions and hence it is mainly designed for error reporting and network-based troubleshooting . Now lets familiarize with ICMP code and type. The ICMP type field identifies what type of ICMP packet is being sent.
And the ICMP Code field provides much detailed information.
Common types of Code and Types are mentioned below.
Type 0 - Echo reply, which is usually the ping response.It says that the remote node is reachable over the network.
Type 3- Destination Unreachable, Which means the remote network or node is not reachable and there may be multiple reasons for that.
Btw, I have a very long story to say on ICMP Type 3, Code 3 and an affair with SNMP ,but not here :P .
Type 3 ICMP used the following codes.
  •    Code 0: Network Unreachable
  •    Code 1: Host Unreachable
  •    Code 3: Port Unreachable
  •    Code 9: Destination Network Administratively Prohibited
Here is a scenario on how other protocols uses ICMP for error communications. Since UDP is a connection-less protocol, I will use UDP in this example.
If the requested UDP port is not an open port, then a "port unreachable" code may be returned
Consider a person is sending a UDP packet to a remote destination from his machine. Assume that, there is a firewall placed on the path that blocks this UDP traffic.So the Firewall blocks the packet to the next hop for a destination and a "network unreachable" code will be returned to the sending host. Similarly,if the Firewall allows the traffic, but the destination host simply doesn't exist on the network, then a "host unreachable" code will be returned. However, if the host does exist on the network, but the requested UDP port is not an open port, then a "port unreachable" code may be returned by the intermediate device.
Type 5 - Redirect, Usually used to bring update in routing tables.
Type 8- Echo Request , So when we do a ping, ICMP type 8 packet gets initiated. And the response for this will be a Type 0.
Type 11 - Time exceeded , usually occurs during a routing loop.
There are two codes associated with type 11.
  •    Code 0: TTL Expired in transit
  •    Code 1: TTL Expired during reassembly

Next lets talk about Ping.

We all uses this ping command to check the connectivity and reach on the network. Ping sends multiple ICMP Echo Request packets to the remote node and waits for their replies(Echo reply).
The ping command keeps track of when it sends the Echo Request packet and when it receives the corresponding Echo Reply. The difference between those two times is the round trip time. This is used to calculate the latency.

And finally, Trace-route

Trace-Route in Linux and Windows works differently
Trace-route maps the route/hops through which the packet traversed to reach the destination. Lets see how the Trace-route actually works. The command works by sending a series of packets all going towards the same destination, with TIL values starting at 1.When the first packet is sent, its TTL expires at the first hop, so the router(or the intermediate device) replies with an lCMP "Destination Unreachable" or "Time Exceeded" message. The trace-route command receives this reply and looks inside the payload for the lP address of the sender, which it assumes is the first hop's router.Trace-route then sends a second packet, with a TIL of 2, which will expire at the second hop, generating another ICMP reply. Trace-route now knows the second hop as well. Similarly lt keeps sending packets this way, increment the TTL by 1 each time and getting replies from each hop until the packet reached the destination host.
In this way, it map all the hops in between and helps the administrator to see the actual path.
Once major catch here is, the Linux Trace-route and Windows Trace-route works differently, Though they may produce similar results.
Trace-route on Linux/UNIX typically send UDP datagrams to random high numbered ports on the destination host.
Windows Trace-routs typically use ICMP Echo Request packets. But both the Linux and Windows methods generate ICMP error messages at the routers giving the same results.How? Remember, UDP uses ICMP for error communication.
Hope this provides a brief overview on ICMP, Ping and Trace-Route basics.

Popular posts from this blog

Cisco ASA: Disable SSLv3 and configure TLSv1.2.

For configuring TLS v1.2, the ASA should run software version 9.3(2) or later. In earlier versions of ASA, TLS 1.2 is not supported.If you are running the old version, it's time to upgrade. But before that i will show you the config prior to the change. I am running ASA version 9.6.1 Now ,set the server-version to tlsv1.2, though ASA supports version tlsv1.1, its always better to configure the connection to more secure. Server here in the sense, the ASA will be act as the server and the client will connect to the ASA.     #ssl server-version tlsv1.2 set the client-version to tlsv1.2, if required.     #ssl client-version tlsv1.2 ssl cipher command in ASA offers 5 predefined security levels and an additional custom level.     #ssl cipher tlsv1.2 high we can see the setting of each cipher levels using #show ssl cipher command. Now set the DH group to 24, which is the strongest offered as of now in the ASA.     #ssl dh-group group24 An

How to Install Netmiko on Windows?

Netmiko, developed by kirk Byers is an open source python library  based on Paramiko which simplifies SSH management to network devices and is primarily used for network automation tasks. Installing Netmiko in linux is a matter o f one single command but if you need to use Netmiko in your Windows PC, follow this process. 1) Install the latest version of Python. 2) Install Anaconda, which is an opensource distribution platform that you can install in Windows and other OS's (https://www.anaconda.com/download/) 3) From the Anaconda Shell, run “ conda install paramiko ”. 4) From the Anaconda Shell, run “ pip install scp ”. 5) Now Install the Git for Windows. (https://www.git-scm.com/downloads) . Git is required for downloading and cloning all the Netmiko library files from Github. 6) From Git Bash window, Clone Netmiko using the following command git clone https://github.com/ktbyers/netmiko&#8221         7) Once the installation is completed, ch

RUST error: linker `link.exe` not found

While compiling Rust program in a windows environment, you may encounter the error : linker `link.exe` not found. This is because of the absence of the C++ build tools in your machine. For compiling Rust programs successfully, one of the prerequisites is the installation of the Build Tools for Visual Studio 2019.   Download the Visual Studio 2019 Build tools from the Microsoft website. After the download, while installing the Build tools, make sure that you install the required components (highlighted in Yellow) This will download around 1.2GB of required files. Once everything is successfully installed, reboot and re-run your rust program and it will compile successfully.   Read More on RUST Hello World Rust Program : Code explained RUST Cargo Package Manager Explained Data Representation in Rust.

What is a Gratuitous ARP? How is it used in Network attacks?

Many of us encountered the word "Gratuitous" while exploring the network topic on ARP, The Address Resolution Protocol. Before explaining Gratuitous ARP, here is a quick review on how ARP works. ARP provides IP communication within a Layer 2 broadcast domain by mapping an IP address to a MAC address.For example, Host B wants to send information to Host A but does not have the MAC address of Host A in its ARP cache. Host B shoots a broadcast message for all hosts within the broadcast domain to obtain the MAC address associated with the IP address of Host A. All hosts within the same broadcast domain receive the ARP request, and Host A responds with its MAC address. We can see the ARP entries on our computers by entering the command arp -a . So, back to the topic on what is a Gratuitous reply, here is a better explanation. Gratuitous arp is when a device will send an ARP packet that is not a response to a request. Ideally a gratuitous ARP request is an ARP request packe

Recovery Procedure: Alcatel-Lucent Omni-Switch not booting AOS: Going to Mini-boot prompt.

Problem: Switch not booting AOS; Going to Mini-boot prompt. Model: Alcatel-Lucent OS6850 [Note:The same procedure might be applicable for different models of Omni-Switches, However, for this illustration, i have used OS-6850 ] Reason: This problem may occurs due to corrupt AOS image files or misconfigured boot parameters. Hence switch cannot boot the images properly and will go to Mini-boot prompt.  Work Around: [Note: This zmodem procedure consumes a lot to time to finish the process.] 1.) Power off your OS6850 2.) When you switched it back on, stop it before the Miniboot (there is some counter counting down from 4). Press Enter to break. 3.) You will have the following prompt " => " 4.) Enter " setenv baudrate 115200 ”. Increasing baudrate helps to increase the data transfer speed using zmodem. 5.) Enter " saveenv " 6.) Enter " boot " 7.) The switch should run now in baud rate 115200 (so you have to change your clients ter

Google Cloud : Basic Cloud Shell commands

Google Cloud resources can be managed in multiple ways. It can be done using Cloud Console, SDK or by using Cloud Shell. A few basic Google Cloud shell commands are listed below. 1)    List the active account name gcloud auth list 2)    List the project ID gcloud config list project 3)    Create a new instance using Gcloud shell gcloud compute instances create [INSTANCE_NAME] --machine-type n1-standard-2 --zone [ZONE_NAME] Use gcloud compute machine-types list to view a list of machine types available in particular zone. If the additional parameters, such as a zone is not specified, Google Cloud will use the information from your default project. To view the default project information, use gcloud compute project-info describe 4)    SSH in to the machine gcloud compute ssh [INSTANCE_NAME] --zone [YOUR_ZONE] 5)    RDP a windows server gcloud compute instances get-serial-port-output [INSTANCE_NAME] --zone [ZONE_NAME] 6)    Command to check whether the server is ready f

Cisco Modular Policy Framework (MPF) : A brief Introduction

Modular Policy Framework (MPF) configuration defines set of rules for applying firewall features, such as traffic inspection, QoS etc. to the traffic transiting the firewall There are 3 main components in creating a MPF. 1) Class Map Class map is used to identify the type of traffic. This can be done by creating an ACL. 2) Policy Map Policy Map specifies what action the ASA should take against the traffic identified by the Class Map. 3) Service Policy Finally Service policy specifies where to apply it. The policy is applied to an interface or Globally. Udacity has special offers worldwide to help anyone learn important, higher-paying job skills during this challenging time. Click here to get your offer and start learning now! Sample Illustration Consider the following Command lines. access-list OUTSIDE-TO-INSIDE permit tcp any any eq ftp <--- The above ACL will allow FTP traffic. This ACL can be different than the Interface ACL---> class-map FTP-CLASS-MAP     match ac

Microsoft Windows NLB Feature for Stateful Applications

NLB is a software-based load balancer (Windows Feature) that resides on each member in the cluster. Load Balancing is based on number of client connection requests and the NLB algorithm does not dynamically respond to changes in the load on each cluster host (such as the CPU load or memory usage or Network Usage). Thus, If client population is less and/or the connections produce varying loads on the server, the load balancing algorithm of Microsoft NLB is less effective. Udacity has special offers worldwide to help anyone learn important, higher-paying job skills during this challenging time. Click here to get your offer and start learning now! To understand how NLB preserve the session state, first let me take you through the difference between a stateful and stateless connections: Stateless The application connection is said to be stateless if the server does not store any state about the client session instead the session data is saved at th client side. The server does n

Cisco ASA Firewall: Packet Flow/Mode of Operation

Scenario : So here is a packet initiated from Inside to the Outside [ingress to egress]. 1) A user who is sitting inside of the network is trying to access a website located at the Internet (outside) 2) The packet hits the inside interface (Ingress) of ASA. 3) Once the packet reached ASA, it will verify whether this is an existing connection by checking its internal connection table. If it is an existing connection, the ACL check (step 4) will be bypassed and move to step 5. ASA will check for the TCP flag if its a TCP packet. If the packet contains a SYN flag, then the new connection entry will be created in the connection table(connection counter gets incremented). Other than SYN flag, the packet will be discarded and a log entry will be created. "Remember the 3-way handshake process. SYN/SYN-ACK/ACK. If the TCP connection flags are not in the order as it is intended to be, ASA will simply drop the packet. Most of the scanning/attacks are done by these flag manipula

Hardening your Azure cloud platform and best practices.

A quick reference on Azure Cloud platform security baseline based on CIS. Baseline security checklist for commonly used Azure services. Please fast forward towards the end of this post, if you are looking for the CIS Microsoft Azure Foundations Security Benchmark Turn on Azure Security Center - it's free - Upgrade your Azure subscription to Azure Security Center Standard. Security Center's Standard tier helps you find and fix security vulnerabilities, apply access and application controls to block malicious activity, detect threats using analytics and intelligence, and respond quickly when under attack. Adopt CIS Benchmarks - Apply them to existing tenants. Use CIS VMs for new workloads - from Azure Marketplace. Store your keys and secrets in Azure Key Vault (and not in your source code) - Key Vault is designed to support any type of secret: passwords, database credentials, API keys and, certificates. Install a web application firewall - Web application firewall (WAF) is a feat