Chapter 13

ICMP

Objectives

Upon completion of this chapter, you will be able to answer the following questions:

• How is ICMP used to test network connectivity?

• How do you use the ping and traceroute utilities to test network connectivity?

Introduction (13.0)

Imagine that you have an intricate model train set. Your tracks and trains are all connected and powered up and ready to go. You throw the switch. The train goes halfway around the track and stops. You know right away that the problem is most likely located where the train has stopped, so you look there first. It is not as easy to visualize problems with a network. Fortunately, there are tools to help you locate problem areas in a network—and they work with both IPv4 and IPv6 networks! You will be happy to know that this chapter has a couple Packet Tracer activities to help you practice using these tools, so let’s get testing!

ICMP Messages (13.1)

In this section, you will learn about the different types of Internet Control Message Protocol (ICMP) messages and the tools that are used to send them.

ICMPv4 and ICMPv6 Messages (13.1.1)

Although IP is only a best-effort protocol, the TCP/IP suite does provide for error messages and informational messages when communicating with another IP device. These messages are sent using the services of ICMP. The purpose of these messages is to provide feedback about issues related to the processing of IP packets under certain conditions—not to make IP reliable. ICMP messages are not required and are often not allowed in a network for security reasons.

ICMP is available for both IPv4 and IPv6. ICMPv4 is the messaging protocol for IPv4. ICMPv6 provides the same services for IPv6 but includes additional functionality. In this book, the term ICMP is used to refer to both ICMPv4 and ICMPv6.

The types of ICMP messages and the reasons they are sent are extensive. The ICMP messages common to both ICMPv4 and ICMPv6 and discussed in this chapter include

• Host reachability (Echo Request and Echo Reply) messages

• Destination Unreachable or Service Unreachable messages

• Time Exceeded messages

Host Reachability (13.1.2)

ICMP Echo Request and Echo Reply messages can be used to test the reachability of a host on an IP network. The local host sends an ICMP Echo Request to a host. If the host is available, the destination host responds with an Echo Reply, as shown in Figure 13-1. This use of the ICMP Echo messages is the basis of the ping utility.

Figure 13-1 Echo Request and Echo Reply

Internet Control Message Protocol (ICMP) helps in the reachability of a host in an IP network. A topology of 2 identical setups, of 2 PCs connected to a common LAN which is in-turn connected to a router is shown. In the network located in the left, one of the computers is named H1 of address 192.168.10.1/24, similarly for the network in the right, one of the computers is named H2 of address 192.168.30.1/24. The routers of both the identical setups are connected. H1 sends a Echo request to the router asking "Is H2 available?" pinging it via 192.168.30.1. The H2 sends an echo reply through the router saying "Yes, I am here."

Destination or Service Unreachable (13.1.3)

When a host or gateway receives a packet that it cannot deliver, it can use an ICMP Destination Unreachable message to notify the source that the destination or service is unreachable. This message includes a code that indicates why the packet could not be delivered.

Some of the Destination Unreachable codes for ICMPv4 are as follows:

• 0: Net unreachable

• 1: Host unreachable

• 2: Protocol unreachable

• 3: Port unreachable

Some of the Destination Unreachable codes for ICMPv6 are as follows:

• 0: No route to destination

• 1: Communication with the destination is administratively prohibited (for example, by a firewall)

• 2: Beyond scope of the source address

• 3: Address unreachable

• 4: Port unreachable

Time Exceeded (13.1.4)

A router uses an ICMPv4 Time Exceeded message to indicate that a packet cannot be forwarded because the Time-to-Live (TTL) field of the packet has been decremented to 0. If a router receives a packet and decrements the TTL field in the IPv4 packet to 0, it discards the packet and sends a Time Exceeded message to the source host.

ICMPv6 also sends a Time Exceeded message if the router cannot forward an IPv6 packet because the packet has expired. Instead of using the IPv4 TTL field, ICMPv6 uses the IPv6 Hop Limit field to determine if a packet has expired.

Note

Time Exceeded messages are used by the traceroute tool.

ICMPv6 Messages (13.1.5)

The ICMPv6 informational and error messages are very similar to the control and error messages implemented with ICMPv4. However, ICMPv6 has new features and improved functionality not found in ICMPv4. ICMPv6 messages are encapsulated in IPv6.

ICMPv6 includes four new messages as part of the Neighbor Discovery Protocol (ND or NDP).

Messages between an IPv6 router and an IPv6 device, including dynamic address allocation, are as follows:

• Router Solicitation (RS) message

• Router Advertisement (RA) message

Messages between IPv6 devices, including duplicate address detection and address resolution, are as follows:

• Neighbor Solicitation (NS) message

• Neighbor Advertisement (NA) message

Note

ICMPv6 ND also includes the redirect message, which has a similar function to the redirect message used in ICMPv4.

RA messages are sent by IPv6-enabled routers every 200 seconds to provide addressing information to IPv6-enabled hosts. An RA message can include addressing information for the host, such as the prefix, prefix length, DNS address, and domain name. A host using stateless address autoconfiguration (SLAAC) sets its default gateway to the link-local address of the router that sent the RA.

In Figure 13-2, R1 sends an RA message to ff02::1, the all-nodes multicast address, which will reach PC1.

Figure 13-2 RA Message

RA messaging in IPv6 using all-nodes multi-cast address is depicted. A router R1, a LAN, and PC1 are connected in a series in order. Router R1 sends an RA message to PC1, this is indicated by an arrow from R1 to PC1. The LLA (local-link address) at R1 is fe80::1. The network prefix between R1 and the LAN and the network prefix at the LAN is 2001:db8:acad:1::1/64.

An IPv6-enabled router also sends out an RA message in response to an RS message. In Figure 13-3, PC1 sends a RS message to determine how to receive its IPv6 address information dynamically. R1 replies to the RS with an RA message:

1. PC1 sends the RS message “Hi, I just booted up. Is there an IPv6 router on the network? I need to know how to get my IPv6 address information dynamically.”

2. R1 replies with the RA message “Hi, all IPv6-enabled devices. I’m R1, and you can use SLAAC to create an IPv6 global unicast address. The prefix is 2001:db8:acad:1::/64. By the way, use my link-local address fe80::1 as your default gateway.”

Figure 13-3 RS Message

RS messaging receiving dynamic information in IPv6 using LLA is depicted. A router R1, a LAN, and PC1 are connected in a series in order. PC1 sends an RS message to the router R1, this is indicated by an arrow from PC1 to R1 and is labeled 1. Also, router R1 sends an RA message to PC1, this is indicated by an arrow from R1 to PC1 and is labeled 2. The LLA (local-link address) at R1 is fe80::1. The network prefix between R1 and the LAN and the network prefix at the LAN is 2001:db8:acad:1::1/64.

When a device is assigned a global IPv6 unicast or link-local unicast address, it may perform duplicate address detection (DAD) to ensure that the IPv6 address is unique. To check the uniqueness of an address, the device sends an NS message with its own IPv6 address as the targeted IPv6 address, as shown in Figure 13-3.

If another device on the network has this address, it responds with an NA message that notifies the sending device that the address is in use. If a corresponding NA message is not returned within a certain amount of time, the unicast address is unique and acceptable for use.

Note

DAD is not required, but RFC 4861 recommends that DAD be performed on unicast addresses.

In Figure 13-4, PC1 sends this NS message to check the uniqueness of an address: “Will whoever has the IPv6 address 2001:db8:acad:1::10 send me your MAC address?"

Figure 13-4 NS Message

Uniqueness of an address can be determined by an NS message. A router R1, a LAN, and PC1 are connected in a series in order. PC1 sends an NS message to R1, this is indicated by an arrow from PC1 to R1. The network prefix between R1 and the LAN and the network prefix at the LAN is 2001:db8:acad:1::1/64. The network prefix between the LAN and PC1 is 2001:db8:acad:1::10/64.

Address resolution is used when a device on the LAN knows the IPv6 unicast address of a destination but does not know its Ethernet MAC address. To determine the MAC address for the destination, the device sends an NS message to the solicited node address. The message includes the known (targeted) IPv6 address. The device that has the targeted IPv6 address responds with an NA message containing its Ethernet MAC address.

In Figure 13-5, R1 sends an NS message to 2001:db8:acad:1::10, asking for its MAC address:

1. R1 sends the address resolution NS message “Will whoever has the IPv6 address 2001:db8:acad:1::10 send me your MAC address?”

2. PC1 replies with the NA message “I’m 2001:db8:acad:1::10, and my MAC address is 00:aa:bb:cc:dd:ee.”

Figure 13-5 NA Message

NS message requesting for MAC address is shown. A router R1, a LAN, and PC1 are connected in a series in order. R1 sends NS message to PC1, this is indicated by an arrow from R1 to PC1, labeled 1. PC1 sends an NA message to R1, this is indicated by an arrow from PC1 to R1, labeled 2. The network prefix between R1 and the LAN and the network prefix at the LAN is 2001:db8:acad:1::1/64. The network prefix between the LAN and PC1 is 2001:db8:acad:1::10/64. The MAC address at PC1 is 00:aa:bb:cc:dd:ee.

Check Your Understanding—ICMP Messages (13.1.6)

Refer to the online course to complete this activity.

Ping and Traceroute Tests (13.2)

This section discusses two important tools that are used to verify Layer 3 connectivity: ping and traceroute.

Ping—Test Connectivity (13.2.1)

In this section, you will learn about the situations in which the ping and traceroute (tracert) tools are used and how to use them. ping is an IPv4 and IPv6 testing utility that uses ICMP Echo Request and Echo Reply messages to test connectivity between hosts.

To test connectivity to another host on a network, an Echo Request is sent to the host address by using the ping command. If the host at the specified address receives the Echo Request, it responds with an Echo Reply. As each Echo Reply is received, ping provides feedback on the time between when the Echo Request was sent and when the Echo Reply was received. This can be a measure of network performance.

ping has a timeout value for the reply. If a reply is not received within the timeout period, ping provides a message indicating that a response was not received. This may indicate that there is a problem, but it could also indicate that security features blocking ping messages have been enabled on the network. It is common for the first ping to time out if address resolution (ARP or ND) needs to be performed before the ICMP Echo Request is sent.

After all the requests are sent, the ping utility provides a summary that includes the success rate and average round-trip time to the destination.

You can use ping to perform the following types of connectivity tests:

• Pinging the local loopback

• Pinging the default gateway

• Pinging the remote host

Ping the Loopback (13.2.2)

ping can be used to test the internal configuration of IPv4 or IPv6 on the local host. To perform this test, you ping the local loopback address 127.0.0.1 for IPv4 (::1 for IPv6), as shown in Figure 13-6.

Figure 13-6 Pinging the Loopback on a Windows Host

Configuring the windows host by pinging the loopback address for IPv4 is shown in the figure. A computer with a displaying the loopback command C:\>ping 127.0.0.1, displays a dialog box for setting ethernet properties. The networking tab is open, it displays an option for "connect using:," and a "configure" button at its top. The center of the box displays a scroll bar titled "this connection uses the following items:" with multiple check-boxes. The check-box for Internet Protocol Version 4 (TCP/IPv4) is selected and highlighted. Below it are 3 buttons such as install, uninstall (disabled), and properties. At the bottom there is a three line description followed by ok and cancel buttons.

A response from 127.0.0.1 for IPv4 or from ::1 for IPv6 indicates that IP is properly installed on the host. This response comes from the network layer. This response is not, however, an indication that the addresses, masks, or gateways are properly configured. It also does not indicate anything about the status of the lower layer of the network stack. It simply tests IP down through the network layer of IP. An error message indicates that TCP/IP is not operational on the host.

Ping the Default Gateway (13.2.3)

You can use ping to test the ability of a host to communicate on the local network. This is generally done by pinging the IP address of the default gateway of the host, as shown in Figure 13-7. A successful ping to the default gateway indicates that the host and the router interface serving as the default gateway are both operational on the local network.

Figure 13-7 Pinging the Default Gateway

Manual configuration of the default gateway in IPv4 is shown. A network connecting a computer of IP 10.0.0.1, and subnet 255.255.255.0 is connected to a LAN. The LAN is connected to an external router through interface G0/0/0, its IP is 10.0.0.254, and the subnet is 255.255.255.0. The computer displays a dialog box titled "Internet Protocol Version 4 (TCP/IPv4) Properties." It has a single tab which displays the general settings. A three-line instruction is provided on the top followed by 4 radio buttons such as, Obtain an IP address automatically, Use the following IP address (selected), Obtain DNS server address automatically, and Use the following DNS server address (selected). Below the radio button "Use the following IP address," there are three fields for entering the IP address (in which IP 10.0.0.1 is entered), the subnet mask (in which subnet 255.255.255.0 is entered), and the default gateway (in which 10.0.0.254 is entered). Also, below the radio button "Use the following DNS server address," there are two fields for entering the preferred DNS server, and the alternate DNS server. Below the radio buttons is a check-box for validating the settings upon exit. A button labeled "Advanced..." is located to the right of the check-box. The bottom right corner of the table has two buttons for ok (selected) and cancel.

For this test, the default gateway address is most often used because the router is normally always operational. If the default gateway address does not respond, a ping can be sent to the IP address of another host on the local network that is known to be operational.

If either the default gateway or another host responds, this confirms that the local host can successfully communicate over the local network. If the default gateway does not respond but another host does, this could indicate a problem with the router interface serving as the default gateway. One possibility is that the wrong default gateway address might have been configured on the host. Another possibility is that the router interface may be fully operational but might have security applied to it that prevents it from processing or responding to ping requests.

Ping a Remote Host (13.2.4)

ping can be used to test the ability of a local host to communicate across an internetwork. The local host can ping an operational IPv4 host of a remote network, as shown in Figure 13-8. The router uses its IP routing table to forward the packets.

Figure 13-8 Testing Connectivity to a Remote LAN

The routing table and topology to establish connectivity to a remote LAN is depicted. According to the routing table the interface F0 has the network address 10.0.1.0, and the interface F1 has the network address 10.0.0.0 respectively. A topology connecting a computer of IP 10.0.0.1, another computer of IP 10.0.0.2, and a printer of IP 10.0.0.253, are connected to a LAN. The LAN in-turn is connected to a router through interface F1 of IP 10.0.0.254. Similarly, another topology connecting a computer of IP 10.0.1.1, another computer of IP 10.0.1.2, and a printer of IP 10.0.1.253 are connected to a LAN. The in-turn is connected to the same router through the interface F0 of IP 10.0.1.254. All the devices in the topology belong to subnet 255.255.255.0. An echo request from computer of IP 10.0.0.1, passes through he LAN to interface F1 through the router and the through interface F0 reaches computer of IP 10.0.1.1 through the LAN as an echo reply. This echo request and reply are indicated by arrows.

If this ping is successful, the operation of a large piece of the internetwork can be verified. A successful ping across the internetwork confirms communication on the local network, the operation of the router serving as the default gateway, and the operation of all other routers that might be in the path between the local network and the network of the remote host.

In addition, the functionality of the remote host can be verified. If the remote host could not communicate outside its local network, it would not have responded.

Note

Many network administrators limit or prohibit the entry of ICMP messages into the corporate network; therefore, the lack of a ping response could be due to security restrictions.

Traceroute—Test the Path (13.2.5)

ping is used to test connectivity between two hosts but does not provide information about the details of devices between the hosts. traceroute (tracert) is a utility that generates a list of hops that were successfully reached along the path. This list can provide important verification and troubleshooting information. If the data reaches the destination, then the trace lists the interface of every router in the path between the hosts. If the data fails at some hop along the way, the address of the last router that responded to the trace can provide an indication of where the problem or security restrictions are occurring.

Round-Trip Time (RTT)

Using traceroute provides round-trip time for each hop along the path and indicates whether a hop fails to respond. The round-trip time is the time a packet takes to reach the remote host and for the response from the host to return. An asterisk (*) is used to indicate a lost packet or a packet that does not receive a reply. This information can be used to locate a problematic router in the path or may indicate that the router is configured not to reply. If the display shows high response times or data losses from a particular hop, this is an indication that the resources of the router or its connections may be stressed.

IPv4 TTL and IPv6 Hop Limit

traceroute makes use of a function of the TTL field in IPv4 and the Hop Limit field in IPv6 in the Layer 3 headers, along with the ICMP Time Exceeded message.

The first sequence of messages sent from traceroute have a TTL field value of 1. This causes the TTL to time out the IPv4 packet at the first router. This router then responds with an ICMPv4 Time Exceeded message. traceroute now has the address of the first hop.

traceroute then progressively increments the TTL field (2, 3, 4, and so on) for each sequence of messages. This provides the trace with the address of each hop as the packets time out further down the path. The TTL field continues to be increased until the destination is reached, or it is incremented to a predefined maximum.

After the final destination is reached, the host responds with either an ICMP Port Unreachable message or an ICMP Echo Reply message instead of the ICMP Time Exceeded message.

Go to the online course to view an animation of how traceroute takes advantage of TTL.

Packet Tracer—Verify IPv4 and IPv6 Addressing (13.2.6)

IPv4 and IPv6 can coexist on the same network. From the command prompt of a PC, there are some differences in the way commands are issued and in the way output is displayed.

Packet Tracer—Use Ping and Traceroute to Test Network Connectivity (13.2.7)

There are connectivity issues in this activity. In addition to gathering and documenting information about the network, you will locate the problems and implement acceptable solutions to restore connectivity.

Summary (13.3)

The following is a summary of the topics in the chapter and their corresponding online modules.

ICMP Messages

The TCP/IP suite provides for error messages and informational messages when communicating with other IP devices. These messages are sent using ICMP. The purpose of these messages is to provide feedback about issues related to the processing of IP packets under certain conditions. The ICMP messages common to both ICMPv4 and ICMPv6 are Host Reachability, Destination Unreachable or Service Unreachable, and Time Exceeded. An ICMP Echo message tests the reachability of a host on an IP network. The local host sends an ICMP Echo Request to a host. If the host is available, the destination host responds with an Echo Reply. This is the basis of the ping utility. When a host or gateway receives a packet that it cannot deliver, it can use an ICMP Destination Unreachable message to notify the source. This message includes a code that indicates why the packet could not be delivered. A router uses an ICMPv4 Time Exceeded message to indicate that a packet cannot be forwarded because the Time-to-Live (TTL) field of the packet was decremented to 0. If a router receives a packet and decrements the TTL field to zero, it discards the packet and sends a Time Exceeded message to the source host. ICMPv6 also sends a Time Exceeded in this situation. ICMPv6 uses the IPv6 Hop Limit field to determine whether the packet has expired. Time Exceeded messages are used by the traceroute tool. The messages between an IPv6 router and an IPv6 device using dynamic address allocation include RS and RA. The messages between IPv6 devices include the redirect messages (similar to those in IPv4): NS and NA.

Ping and Traceroute Testing

ping (used by IPv4 and IPv6) uses ICMP Echo Request and Echo Reply messages to test connectivity between hosts. To test connectivity to another host on a network, an Echo Request is sent to the host address, using the ping command. If the host at the specified address receives the Echo Request, it responds with an Echo Reply. As each Echo Reply is received, ping provides feedback on the time between when the request was sent and when the reply was received. After all the requests are sent, the ping utility provides a summary that includes the success rate and average round-trip time to the destination. ping can be used to test the internal configuration of IPv4 or IPv6 on the local host. You can ping the local loopback address 127.0.0.1 for IPv4 or ::1 for IPv6. You can also use ping to test the ability of a host to communicate on the local network, by pinging the IP address of the default gateway of the host. A successful ping to the default gateway indicates that the host and the router interface serving as the default gateway are both operational on the local network. ping can also be used to test the ability of a local host to communicate across an internetwork. The local host can ping an operational IPv4 host of a remote network. trace-route (tracert) generates a list of hops that were successfully reached along the path. This list provides verification and troubleshooting information. If the data reaches the destination, then the trace lists the interface of every router in the path between the hosts. If the data fails at some hop along the way, the address of the last router that responded to the trace can provide an indication of where the problem or security restrictions are occurring. The round-trip time is the time a packet takes to reach the remote host and for the response from the host to return. traceroute makes use of a function of the TTL field in IPv4 and the Hop Limit field in IPv6 in the Layer 3 headers, along with the ICMP Time Exceeded message.

Packet Tracer—Use ICMP to Test and Correct Network Connectivity (13.3.1)

In this Packet Tracer activity, you will use ICMP to test network connectivity and locate network problems. You will also correct simple configuration issues and restore connectivity to the network:

• Use ICMP to locate connectivity issues.

• Configure network devices to correct connectivity issues.

Lab—Use Ping and Traceroute to Test Network Connectivity (13.3.2)

In this lab, you will complete the following objectives:

• Part 1: Build and Configure the Network

• Part 2: Use ping Command for Basic Network Testing

• Part 3: Use tracert and traceroute Commands for Basic Network Testing

• Part 4: Troubleshoot the Topology

Practice

The following activities provide practice with the topics introduced in this chapter. The lab is available in the companion Introduction to Networks Labs & Study Guide (CCNAv7) (ISBN 9780136634454). The Packet Tracer activity instructions are also provided in the Labs & Study Guide. The PKA files are available in the online course.

Lab

Lab 13.3.2: Use Ping and Traceroute to Test Network Connectivity

Packet Tracer Activities

Packet Tracer 13.2.6: Verify IPv4 and IPv6 Addressing

Packet Tracer 13.2.7: Use ping and traceroute to Test Network Connectivity

Packet Tracer 13.3.1: Use ICMP to Test and Correct Network Connectivity

Check Your Understanding Questions

Complete all the review questions listed here to test your understanding of the topics and concepts in this chapter. The appendix “Answers to ‘Check Your Understanding’ Questions” lists the answers.

1. A user calls to report that a PC cannot access the internet. The network technician asks the user to issue the command ping 127.0.0.1 in a command prompt window. The user reports that the result is four positive replies. What conclusion can be drawn, based on this connectivity test?

1. The PC can access the network. The problem exists beyond the local network.

2. The IP address obtained from the DHCP server is correct.

3. The PC can access the Internet. However, the web browser may not work.

4. The TCP/IP implementation is functional.

2. Which command can be used to test connectivity between two devices using Echo Request and Echo Reply messages?

1. netstat

2. ipconfig

3. icmp

4. ping

3. What IPv6 field does a router use to determine that a packet has expired?

1. TTL field

2. CRC field

3. Hop Limit field

4. Time Exceeded field

4. Which protocol provides feedback from the destination host to the source host about errors in packet delivery?

1. ARP

2. BOOTP

3. DNS

4. ICMP

5. Which utility uses Internet Control Messaging Protocol (ICMP)?

1. RIP

2. DNS

3. ping

4. NTP

6. A network administrator can successfully ping the server at www.cisco.com but cannot ping the company web server located at an ISP in another city. Which tool or command would help identify the specific router where the packet was lost or delayed?

1. ipconfig

2. netstat

3. telnet

4. traceroute

7. Which protocol does IPv6 use to provide address resolution and dynamic address allocation information?

1. ICMPv4

2. NDP

3. ARP

4. DHCP

8. What message can a host send to check the uniqueness of an IPv6 address before using that address?

1. Neighbor Solicitation

2. ARP Request

3. Echo Request

4. Router Solicitation

9. A technician is troubleshooting a network where it is suspected that a defective node in the network path is causing packets to be dropped. The technician only has the IP address of the endpoint device and does not have any details about the intermediate devices. What Windows command can the technician use to identify the faulty node?

1. tracert

2. ping

3. ipconfig /flushdns

4. ipconfig /displaydns

10. A user who is unable to connect to the file server contacts the help desk. The help desk technician asks the user to ping the IP address of the default gateway that is configured on the workstation. What is the purpose of this ping command?

1. to obtain a dynamic IP address from the server

2. to request that the gateway forward the connection request to the file server

3. to test that the host has the capability to reach hosts on other networks

4. to resolve the domain name of the file server to its IP address

11. What does the Windows tracert command do that the ping command does not when these commands are used on a workstation?

1. The tracert command reaches the destination faster.

2. The tracert command shows the information of routers in the path.

3. The tracert command sends one ICMP message to each hop in the path.

4. The tracert command is used to test the connectivity between two devices.

12. Which ICMP message does the traceroute utility use during the process of finding the path between two end hosts?

1. Redirect

2. ping

3. Time Exceeded

4. Destination Unreachable

13. Which two things can be determined by using the ping command? (Choose two.)

1. the number of routers between the source and the destination device

2. the IP address of the router nearest the destination device

3. the average time it takes a packet to reach the destination and for the response to return to the source

4. the reachability of the destination device through the network

5. the average time it takes each router in the path between the source and the destination to respond

14. Which statement describes a characteristic of the traceroute utility?

1. It sends four Echo Request messages.

2. It utilizes the ICMP Source Quench messages.

3. It is primarily used to test connectivity between two hosts.

4. It identifies the routers in the path from a source host to a destination host.