27. CCNA Ch13 - ICMP Message Types in Netlab

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in cisco networking academy chapter 13 is on icmp so here's a quick video about icmp so when we're talking about icmp we're first of all we're talking about now icmp version 4 and icmp version 6 for ipv6 but let's just go over some of the general information that you'll want to know icmp is a layer 3 protocol icmp tests layers 1 through 3 unless domain names are used so in other words if you're using network utility icmp utility like ping and you're pinging an ip address like ping 192 168 8.1 you're effectively testing layers 1 2 and 3 in the osi model the physical layer the data link layer and the network layer now if you do that same test let's say but you ping mywebserver.mydomain.com well this is a domain name so this is going to take dns so now you're not just using ping which is a layer 3 protocol you're also involving dns which is a layer 7 protocol so if this ping is successful you're effectively testing layers one through seven if this ping is successful well you've effectively tested only layers one two and three so there's a difference there now what about icmp icmp or the internet control messaging protocol makes up for shortcomings in ip so ip is a best effort protocol that does not include reliability mechanisms so i p is basically you know i p addressing and the i p packet but it doesn't have error control and it has a lack of messaging mechanisms so icmp is like a companion protocol that goes with ip and it allows some error messaging and some informational messaging mechanisms there's two types of basic icmp messages there's error messages they report problems that a destination router or host may encounter and then there's informational messages or queries which help get specific information from a router or host icmp it's important to know that icmp sends notifications that means error messages or informational messages back to the original source ip address icmp does not correct errors it simply reports them and the two main icmp utilities that you will be using are ping and trace route so we'll be talking about them in a second here now the basic structure of an icmp message the datagram is called a message and the basic structure of the header is it has a type field for the the type of um the type of message code field which is kind of like a subtype of the message it has a checksum and then in this case and then it usually has like the optional data or the messaging data down here now this is actually the format of a echo request which is a ping and an echo reply which is a pong and it has not only the type and the code that checks them but it also has an identifier and a sequence number that basically are used to map the request to the reply or coordinate the request in the reply so you know that they're related and then there's optional data in this field and here's another example of an icmp message so this one has this is a destination unreachable or a time exceeded error message and it has the type field the code field the checksum it has an unused portion and then here in the messaging area you have the original ip header the basically the original packet that caused the error plus eight bytes of data in that packet so this is like you're reporting back the error and then by the way here's the information of the original packet that caused the error okay if we look at the icmp version 4 message types you've got here some error types destination unreachable error is a type 3 a source quench meant to slow down if if the end device or the destination is getting overwhelmed they could send a source quench message which is effectively saying hey we need to we need to slow down here can't process all of these packets that's a type 4 error message a time exceeded type 11 parameter problems there's a problem in the packet that's a type 12 message and a redirection which is a type 5. so these are five types of errors and then queries the main one that you'll know about is the echo request which is a type 8 you'll want to know that and an echo reply which is a type 0. you've also got a timestamp request and a timestamp reply address mask request mask reply a router solicitation and a router advertisement and then the trace route now the trace route utility there is an experimental upgrade to the trace route utility that use the type 30 but it's it's not really implemented so basically most systems are just using the old implementation of traceroute which we'll talk about also all right and then icmp version 6 message types you've got they're slightly different you've got destination unreachable pack it too big time exceeded parameter problems you have the echo request an echo reply notice the different type numbers for for icmp version 6. router solicitation router advertisement notice the neighbor solicitation and the neighbor advertisement so this is used with neighbor discovery then you've got a redirect and route renumbering and there's a bunch of other ones there's a there's actually a lot more so if you go to the iana website you can see and just search under icmp you can find a lot of information about all these different types and then there's also informational neighbor discovery protocol options which can also which are also used and those are used with for dhcp dhcp version 6 and basically ipv6 stuff all right icmp errors so here is a destination unreachable error it's when a router cannot route a datagram or host cannot deliver a datagram the datagram is discarded and the router of the host sends a destination unreachable message back to the source host that initiated the datagram and then these are some of the codes that could be in there along with the error message so you could have here like network unreachable host unreachable code one port unreachable protocol unregional maybe it's fragmentation needed and don't fragment was don't fragment was set um the destination network is unknown the destination host is unknown notice code seven so it would be fun to in to try to practice and see some of these responses which we can do here in a second okay and then for icmp errors you have also the source quench the time exceeded error message which would have two codes either the time to live was exceeded in transit and this is where you have the ttl value is decremented to zero and the packet is dropped and you would have a time exceeded message sent back this is used often times with a trace route so it's used in traceroute time exceeded message and then fragment reassembly time exceeded so if you have a packet that's too big and it needs to be fragmented and if there's a problem putting those fragments back together you would get this message time exceeded the fragment reassembly did not happen in time okay and then you've also got the parameter problems let's say there's a problem with the packet it would have one of these codes and then a redirection if there was a redirection now redirection is interesting if when there is a more efficient routing choice to a destination the router forwards the packet and sends a redirection message to the origination host so one of the things i asked myself was hey could i get the could i get the router to send um a redirect message and get that to work and i was able to it was pretty cool so i'll show you that here so in other words what i did was first is i set this up in packet tracer and i said to myself could i get this to work um and what i did was is i set up the this is the scenario you've got the router here connected to a switch and then you have two other routers connected to this switch and the interesting part is r1 wants to communicate over here to this yellow in to this interface here on this ip address so r1 wants to let's say ping 17216 1.1 which is coming off of r3 however r1 has a route to r2 and then r2 has a route to r3 to get there now this would be a scenario where a redirect message could be sent because obviously r1 should probably just go directly to r3 to get to this ip address however r1 has a bad route or an inefficient route and the route for r1 goes to r2 and then r2 routes it to r3 now what would happen here r3 responds directly to r1 however r2 could send a redirect message back to r1 saying hey there's a better route to reach this destination you should go directly to 10.10.3 if you want to get to this network don't go to me go directly there so that would be the redirect scenario so i i tried to set this up here in packet tracer and i could not get the redirect to work so what i did was i used real equipment said hey well would this work with i said basically would this work with real equipment and it does so let's check it out so in netlab here in that lab i have a similar scenario you've got r1 connected to a switch r2 and r3 and notice they're all connected and i put in the routes so r1 will route to r2 to get to r3 okay and then we could basically take a look at some of these messages now so to get this to work here basically we can go into r1 and you'll see that if i type enable and then i type ping or let's type traceroute to 172.16.1.1 let's see here we'll run a trace route and it's going to trace the path that it takes to get from r1 to r3 and we'll see here it'll show up here in a second all right first it went to 10.10.2 which is r2 up at the top and then it's gonna go to 10.10.3 notice it's sending three basically three packets and each one of these packets the first three had a time to live of one so as it reached router two the time to live was decremented to zero and router two at the top sent the time exceeded messages here and set three of them and then the next set of three packets were sent with time to live of two and so it reached 10.10.3 and was able to basically get there but as you can see it's working so if i ping 17216 1.1 you can see that it works so not only did can i ping from from this router to the r3's loopback interface at 172 16 1.1 but it goes through r2 to get there so essentially you would think that a redirect message would would be sent and it is we can see it if we go into here and let's turn on debugging so we'll say debug ip and then a question mark and you can see that if i put debug ip and then a question mark there's an icmp transactions debugging that we could turn on so that's what i'm going to do so debug ip icmp so we turn on icmp packet debugging and then this time i will issue that ping to 172 16 1.1 and notice we get this message and there it is so the the ping was successful five pings were sent five were responded but notice this first ping here's an icmp redirect received from 10.10.2 for 17216 1.1 use gateway 10.10.3 so there's the message from r2 saying you should use r3 to get here and then you can see the corresponding five pings this will also work if i run a trace route to the destination it just takes a little bit it takes a little while longer but it also works we'll see it here in a second now if you wanted to see some other types of messages you know that's good too so some let's see here well first of all we see there's time exceeded received so notice the time exceeded messages coming in from the trace route so the first sets here time exceeded arriving from 10.10.2 time exceeded from 10.10.2 and then a third one from 10.10.2 then there's the redirect message saying hey if you want to go farther you know if you want to go two hops with a ttl of two you should go directly there but anyway and then oh look at that here's a port unreachable received from 10.10.3 and another redirect and then a port unreachable and it looks like we reached our destination so you can see these different types of icmp messages so another thing that i did that was pretty interesting was is i put in the routes and what i decided to do was i tried to put in deliberately kind of weird route so notice here my route to this network has a slash 16 subnet mask so this router is saying any packet destined for 17216 network go here and then this one says any packet destined for one seven two sixteen go here so in other words the subnet mask is slash sixteen and slash sixteen however the network itself is slash twenty four so if r1 tries to ping a bad network like let's say r1 tries to ping 172 16 2.1 well r1 will still forward it because the first two numbers start with one seven two sixteen and r two will forward it because the first two numbers are one seven two sixteen the first two octets however when it gets to r3 r3 won't know that there's a one seven two sixteen two network it won't know about that so we should get a message coming back and let's check it out so what we'll do is back in matlab here what i'll do is i'll say what if i was to ping 172.16 well there is no two network over there it's only a one network however r1 and r2 are just they'll route anything that starts with one seven two sixteen so we ping it and we should get a new message and we do well first of all there goes our redirects that we get from router two but then notice at at router um at the destination 10.10.3 we get an unreachable message host unreachable so in other words r3 sends back a host unreachable destination unreachable message because there is um there is no 172 16 2 network okay now another message that we could um do is on r3 here what i've also done on r3 is if you look in here take a look at this i've also put in r3 let's see here i've put in an access list 100 deny the icmp protocol from any source to any destination so that is an access list so if i turn this on then it will deny pings and we should get a different message so that's what i'm going to do so i'm going to go into interface gigabit zero slash zero and i think that's the right interface let's just double check nope it's gigabit zero slash one that we wanna do this so i'm gonna go into hold on i'm going into global config mode interface gigabit zero slash one and i'll say ip access dash group access list 100 inbound and so now that will activate that access list on the interface of router r3 so now r3 has an access list denying icmp traffic right here on this interface so it should get denied so now if we go back to r1 and we try to ping 172.16.1.1 we should get a different message and we will okay first of all there's that redirect notice we have debugging on so we see the redirect from r2 and then there it is so um reply back to 10.10.10.1 administratively prohibited unreachable received from 10.10.3 and you can see here there it is unreachable so you can see this is an administratively prohibited unreachable so once again it's different codes so if we look back here we get on the destination unreachable message it could be for different reasons and those will be in the codes and you can kind of you can see that also if you're implementing wireshark and you're looking inside the packets you would see those in the frame fields you would see it right here under the type and code now if we want to see you know if you want to see something like that in packet tracer what you could do is you could run a simulation here and filter for icmp in the simulation and then maybe go over here to r1 and say i want to ping 172.16.1.1 and it'll set up a notice there's the the packet that's going to get sent and notice if i look into it outpound pdu details we can look at the icmp fields here and you can see it's a type 8 echo request and and so then we can step through it and it goes up here takes the wrong way however the correct route goes over to r3 and then as it comes back when it gets back here notice this the return route was a lot smarter you can look at this inbound pdu detail and you can see the icmp code type 0. so this is an echo reply and that relates to once again echo request type 8 echo reply type 0 and and then you can get different types of messages now what i was not able to do in packet tracer is get r2 to send a redirect message back to r1 because packet tracer this is just a simulator and so you're not going to get that kind of result you're not going to get all of the types of results showing up that you would on real equipment so that's why if you really want to see some of those details you kind of need to use real equipment and that's what i used here in the net lab using some real routers in a similar topology
Info
Channel: danscourses
Views: 4,133
Rating: undefined out of 5
Keywords: ICMP, ccna, messages, types, demonstration, redirect, unreachable, echo, request, reply
Id: Y1wGjlFYLbU
Channel Id: undefined
Length: 21min 15sec (1275 seconds)
Published: Wed Dec 02 2020
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.