PPA.Lab - Echo Requests and Responses

GNS3

1. Topology

2. Configure basic settings

PC-1

ip 172.16.1.1 255.255.255.0

3. Display Filters on Wireshark

 icmp

4. Sample .pcap file

5. The ping command

Basically, the ping command sends one packet at a time to a device and listens for a reply to determine whether there is connectivity to that device, as shown below.

Many of today’s firewalls limit the ability of a device to respond to ICMP packets. This is great for security because potential attackers using ping to determine whether a host is accessible might be deterred, but troubleshooting is also more difficult

6. Echo Request

The first packet shows that host 172.16.1.1 is sending a packet to 172.16.1.2.

1 When you expand the ICMP portion of this packet, you can determine the ICMP packet type by looking at the Type and Code fields. In this case, the packet is type 8 2 and the code is 0 3 , indicating an echo request.

7. Echo Reply

The second packet in this sequence is the reply to our request . The ICMP portion of the packet is type 0 1 and code 0 2, indicating that this is an echo reply. Because the sequence number and identifier in the second packet match those of the first 3, we know that this echo reply matches the echo request in the previous packet. Wireshark displays the values of these fields in big-endian (BE) and little-endian (LE) format. In other words, it represents the data in a different order based on how a particular endpoint might process the data. This reply packet also contains the same 56-byte string of data that was transmitted with the initial request 4. Once this second packet has been received by 172.16.1.1, ping will report success.

Last updated