Hot Downloads

Welcome, Guest
Username: Password: Remember me
  • Page:
  • 1
  • 2

TOPIC: ICMP from one PC to another

ICMP from one PC to another 7 years 5 months ago #30161

  • puppy
  • puppy's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
Hi,

Topology: PC A is connected to a switch and then connected to a router then to a switch and then connected to PC B

can you tell me exactly how this ICMP packet is generated in PC A the way it reaches PC B. can you also explain all the fields that will change along the route.

Thanks in advance :)
The administrator has disabled public write access.

Re: ICMP from one PC to another 7 years 5 months ago #30167

  • Arani
  • Arani's Avatar
  • Offline
  • Moderator
  • Posts: 745
  • Thank you received: 10
  • Karma: 4
Hi Puppy,

Shouldn't PC B be connected to the router via another switch?

Anyway, ICMP is a protocol, and works like a client server application, where commands like ping or even tracert are the client side utilities. Have a read of the stuff under the following link.
www.erg.abdn.ac.uk/users/gorry/course/inet-pages/icmp.html
Picking pebbles on the shore of the networking ocean
The administrator has disabled public write access.

Re: ICMP from one PC to another 7 years 5 months ago #30170

  • puppy
  • puppy's Avatar
  • Offline
  • New Member
  • Posts: 3
  • Karma: 0
Hi Arani,

Thank you for you post. You are right i missed out the switch.

I went through the link, it hepled some what but not exactly...

If i say ping x.x.x.x ( IP of PC B) i want to know how the packet is generated , how it passes through each layer the field changes, when it reaches how ARP works and the fields that get changed along the way..... this was a question i was asked and i am finding a littlee difficulty in putting all the bits and pieces finall together.

Thanks a bunch for your time :)
The administrator has disabled public write access.

What happens in a ping request 7 years 5 months ago #30178

  • Arani
  • Arani's Avatar
  • Offline
  • Moderator
  • Posts: 745
  • Thank you received: 10
  • Karma: 4
Hi, I am going to use some specific information to describe what happens when you type 'ping xxx.xxx.xxx.xxx'.

You have PC-A in subnet 192.168.1.0/24, PC-B in subnet 192.168.2.0/24 and a router connected to both subnets. You need to check if PC-A can connect to PC-B.

I will use both IP addresses and MAC address for this topic.

PC-A
192.168.1.10 MAC Address 00:00:00:00:00:10
Default Gateway 192.168.1.15

Router Interface E0
192.168.1.15 MAC Address 00:00:00:00:00:15

Router Interface E1
192.168.2.20 MAC Address 00:00:00:00:00:20

PC-B
192.168.2.25 MAC Address 00:00:00:00:00:25
Default Gateway 192.168.2.20

A user on PC-A types in “ping 192.168.2.25”

The first thing to happen is that ICMP (Internet Control Management Protocol) creates data. This is just the alphabet. IP (Internet Protocol) on PC-A creates a packet containing the Destination IP Address (192.168.2.25), the Source IP Address (192.168.1.10), the data, and a protocol field. The protocol field informs the receiving host where to pass the data to, in this example the protocol field would be set to 0x1h to indicate ICMP. (0x indicates that the following is an hexadecimal number)

Once the packet has been created ARP (Address Resolution Protocol) is then used to identify the MAC (Media Access Control / Hardware address / Burned Address) address of the destination host. This can happen in a number of ways, the first to happen is that ARP checks it’s cache to see if it has a match to the Destination IP Address. If not then ARP sends out an ARP broadcast to the Ethernet MAC broadcast address (FF:FF:FF:FF:FF:FF)

“Who has 192.168.2.25? Please tell 000000000010”

You will notice that PC-A is asking for replies to be sent to the MAC address. This is because computers communicate only with MAC addresses on LANs (Local Area Networks)

If no response is received by PC-A, then ARP & IP assume that 192.168.2.25 is on a remote subnet and therefore would require routing. At this point the IP address and the MAC address of the default gateway is required. In a Windows machine the registry is consulted in order to get the IP address of the default gateway (192.168.1.15). ARP then consults it’s cache to see if it has match to the IP address of the default gateway, if not then another ARP broadcast is sent

“Who has 192.168.1.15? Please tell 000000000010”

Because this is a broadcast ALL hosts on the 192.168.1.0/24 subnet will receive this frame. The router interface E0 will read the frame and identify itself as the interface with the requested IP address. The router will then reply;

“I have 192.168.1.15. MAC address is 000000000015”

As the request asked for a reply direct to PC-A the frame sent from the router will be directed towards PC-A and not sent as a broadcast. The router will also cache the MAC address of PC-A, which it received via the broadcast sent by ARP to locate the MAC address of the router.

Once IP at PC-A as received the message from the router interface it will pass the packet created earlier and the MAC Destination address down to the Data Link Layer.

The Data Link Layer creates a frame containing the Destination MAC address, the Source MAC address, A FCS (Frame Check Sequence, used to verify the data has not been corrupted) and an Ether_Type field, in this example the field will be set to 0x8 to indicate IP. This Frame encapsulates the packet passed down from IP at the Network Layer. The MAC address of the router is also cached into the ARP cache on PC-A

Once the frame has been created it is passed down to the Physical Layer where the frame is placed onto the wire one bit at a time. Every host on subnet 192.168.1.0/24 will receive this frame, build it, and check the Destination MAC address, if it is not a match the frame is discarded. At the router interface, E0, the Destination MAC address is a match. The router then checks the Ether_Type field (0x8 = IP) pulls the packet from the frame, discards the frame and passes the packet up to IP at the Network Layer.

At the Network Layer the Destination IP address is checked to see if it is a match, in this example the Destination IP address is 192.168.2.25, however the IP address of the router interface which received the frame is 192.168.1.15, and is not a match. The router then consults it’s routing table for the destination IP network address (192.168.2.0). If there is no match in the routing table the packet is discarded and a “Destination Network unavailable” message is returned to PC-A

If there is a match in the routing table then the router will switch the packet to the interface configured to send information to the destination IP Network Address, in this example E1.

Interface E1 now needs to know the MAC address of the machine with IP address 192.168.2.25. The first thing it does is check the ARP cache, no match in the cache, E1 then send out an ARP broadcast.

“Who has 192.168.2.25? Please tell 000000000020”

Because PC-B is on the same subnet as E1, PC-B responds

“I have 192.168.2.25. MAC address is 0000000025”

IP at Interface E1, on the router, then passes the packet (created at PC-A) and the Destination MAC address for 192.168.2.25 down to the Data Link Layer. The Data Link Layer then creates a frame containing the Destination MAC address, Source MAC address, FCS and an Ether_Type field (again set to 0x1h to indicate IP), which encapsulates the IP packet.
(The MAC address of PC-B is placed into the ARP cache on Interface E1, and the MAC address of interface E1 is placed into the cache of PC-B)

The frame is then passed down to the Physical Layer to be placed on the wire one bit at a time. Again all hosts on the 192.168.2.0/24 subnet will receive the frame, build it, check it, discard it with the exception of PC-B which will match the Destination MAC address. PC-B will then check the Ether_Type field, pull the packet from the frame, discard the frame and pass the packet to the protocol indicated in the Ether_Type field, in this example IP.

IP then checks the Destination IP address in the packet and finds a match. It will then check the Protocol field (0x1h = ICMP) and pass the data to ICMP. ICMP recognises that the data sent is an echo request, and will then create an echo response message.

The echo response is then passed to IP, which will then build a packet, consisting of the Destination IP address (192.168.1.10), the Source IP address (192.168.2.25) the data from ICMP, and the protocol field. Once the packet is built the MAC address of the IP address 192.168.1.10 is required. ARP checks it’s cache, if there is no match an ARP broadcast is sent.

“Who has 192.168.1.10? Please tell 000000000025”

Because 192.168.1.10 is on a remote subnet, and routers do not pass broadcasts there is no response.

The default gateway is then required for PC-B. The default gateway is configured as 192.168.2.20 and the ARP cache is checked. As PC-B cached the MAC address of interface E1, a match is found and there is no need to send out an ARP broadcast.

Now that the MAC address of the default gateway has been resolved the packet and the Destination MAC address is then passed down to the Data Link Layer.

At the Data Link Layer a frame is built which consists of the Destination MAC address, the Source MAC address, the FCS and the Ether_Type field (again set to 0x8 to indicate IP). The frame encapsulates the packet passed down from IP. The complete frame is then passed down to the Physical Layer to be put onto the wire one bit at a time.

At Interface E1 of the router, the frame is received, the Destination MAC address is then checked and found to be a match. The Ether_Type field is then checked, the packed is pulled from the frame, the frame is discarded and the packed passed to IP, as indicated in the Ether_Type field.

IP on E1 checks the IP destination address and finds it is not a match. It then consults the routing table for the IP Network Address (192.168.1.0/24), if a match is found the packet is switched to the Interface configured for the 192.168.1.0/24 network, in this example E0.

If no match is found then the packet is discarded. PC-A will receive a time-out error in this case, as the time set to receive replies has been exceeded. A destination network unavailable message is NOT sent to PC-A. If the message could be sent to PC-A then the router would obviously have a route to PC-A’s network and then would not need to generate the message!!

On Interface E0, the interface configured for 192.168.1.0/24, IP and ARP will then locate the MAC address for the IP address 192.168.1.10. ARP checks the cache, because the MAC address for PC-A was cached on the outgoing trip, there is a match and the packet and frame are then passed down to the Data Link Layer.

The Data Link Layer will then build a frame, consisting of the Destination MAC address, the Source MAC address, Ether_Type field and the FCS. This frame encapsulates the packet passed down from IP and then passes the frame down to the Physical Layer to be placed onto the wire, one bit at a time.

PC-A receives the frame sent from interface E0 on the router, checks the MAC address, finds a match, reads the Ether_Type field, pulls the packet from the frame, discards the frame and passes the packet to IP as indicated in the Ether_Type field. IP checks the Destination IP address and finds a match. IP will then read the Protocol field (0x1h = ICMP) and passes the data to ICMP.

ICMP recognises the data as an echo response, ICMP acknowledges receipt by sending information to the user interface, (“!” with Cisco routers, “Reply from 192.168.2.25…….” and additional information in Windows), and then builds another echo request and the whole process begins again.
Picking pebbles on the shore of the networking ocean
The administrator has disabled public write access.

Re: What happens in a ping request 7 years 5 months ago #30184

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Posts: 1577
  • Thank you received: 7
  • Karma: 3
A Great detailed explanation Arani :D, couldn't do it better.

Few points that I might argue about here if you don't mind.
“Who has 192.168.2.25? Please tell 000000000010”

You will notice that PC-A is asking for replies to be sent to the MAC address. This is because computers communicate only with MAC addresses on LANs (Local Area Networks)

If no response is received by PC-A, then ARP & IP assume that 192.168.2.25 is on a remote subnet and therefore would require routing.

A PC can know if the destination IP is part of it's own subnet or on a remote subnet by using it's internal routing table. (on windows you can view it using route print). The destination IP is compared to this routing table (just like a router does). If the IP is remote, the default route will be used which basically directs the packet to be sent to the gateway IP.

Hence, the PC-A does NOT have to ARP for the IP of PC-B (192.168.2.25). It will immediately ARP for the IP of the gateway (192.168.1.15). Same applies for the ICMP echo reply.

Once the frame has been created it is passed down to the Physical Layer where the frame is placed onto the wire one bit at a time. Every host on subnet 192.168.1.0/24 will receive this frame, build it, and check the Destination MAC address, if it is not a match the frame is discarded.

Since this example is using switches (not hubs). Only the router interface E0 will receive this frame because the switch has added the MAC address of the E0 interface to it's CAM table (The CAM table maps MAC addresses to the physical ports on the switch). This happened before, when the router sent an ARP reply to PC-A, the switch sniped the source MAC address into the CAM table.

Thats as far as I know, please correct me if I'm wrong.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx
The administrator has disabled public write access.

ICMP 7 years 5 months ago #30185

  • Arani
  • Arani's Avatar
  • Offline
  • Moderator
  • Posts: 745
  • Thank you received: 10
  • Karma: 4
Hi S0lo,

Both valid, both accepted, this was a big typing exercise for me, and maybe I just missed out on both occassions.

Still can't imagine I made that error on switches, yes it's true, it's not a hub, hence it won't be a broadcast.
Picking pebbles on the shore of the networking ocean
The administrator has disabled public write access.
  • Page:
  • 1
  • 2
Time to create page: 0.086 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup