ICMP Protocol in TCP/IP Suite

Questions and Answers

Which protocol uses ICMP messages to determine network performance by measuring the time between sending a request and receiving a reply?

• DHCP
• Ping (correct)
• ARP
• Traceroute

ICMP guarantees the reliable delivery of IP packets.

False (B)

What ICMP message type is used by a router to indicate that a packet's Time to Live (TTL) has expired?

Time Exceeded

In IPv6, a host uses ______________ to learn about available routers and network prefixes.

Router Advertisement (RA)

Match the following ICMPv6 Neighbor Discovery Protocol messages with their function:

Router Solicitation (RS) = Host attempts to discover routers on the network. Router Advertisement (RA) = Router advertises its presence and network configuration parameters. Neighbor Solicitation (NS) = Node queries for the link-layer address of a neighbor. Neighbor Advertisement (NA) = Node responds with its link-layer address.

What is a primary function of ICMP?

To provide error and informational messages during IP communication (D)

An ICMP Echo Request always guarantees a response if the destination host is reachable.

False (B)

What utility uses Time Exceeded messages to map the path packets take to a destination?

traceroute

When a host or gateway cannot deliver a packet, it sends an ICMP ______________ message to the packet's source.

Destination Unreachable

Match the ICMPv4 Destination Unreachable codes with their correct meaning:

0 - Net unreachable = The destination network is not reachable. 1 - Host unreachable = The destination host is not reachable. 2 - Protocol unreachable = The specified protocol is not supported. 3 - Port unreachable = The destination port is not open.

Which address is used to test the internal configuration of IPv4 on a local host?

127.0.0.1 (B)

ICMPv6 includes all the same functionalities as ICMPv4, with no improvements or added features.

False (B)

What type of message do IPv6-enabled routers send every 200 seconds to provide addressing information to IPv6-enabled hosts?

RA (Router Advertisement)

An IPv6 device performs ______________ to ensure that a newly assigned IPv6 address on the network is unique.

Duplicate Address Detection (DAD)

Match the following connectivity tests with their typical function:

Pinging the local loopback = Tests the internal configuration of IP on the local host. Pinging the default gateway = Tests communication between the host and the router interface on the local network. Pinging a remote host = Tests end-to-end communication across an internetwork. Traceroute = Lists the interfaces of routers between two devices.

What does an asterisk (*) typically indicate in the output of a traceroute utility?

A lost or unreplied packet (A)

If pinging the default gateway fails, it definitively indicates a problem with the router itself.

False (B)

What does the term RTT stand for when discussing network diagnostics?

Round Trip Time

In IPv6, the ______________ message is used by a node to discover the Ethernet MAC address of a neighbor.

Neighbor Solicitation (NS)

Flashcards

Role of ICMP

Provides error and informational messages during IP communications and offers feedback on IP packet processing.

ICMP Echo Message

Tests host reachability on an IP network using ICMP Echo Request and Reply messages.

Destination Unreachable

ICMP message used by a host or gateway to indicate that a packet could not be delivered, includes a code for the reason.

Time Exceeded Message

ICMPv4 message used by a router to indicate that a packet cannot be forwarded because the TTL field was decremented to 0.

Router Solicitation (RS) Message

Used for messaging between an IPv6 router and an IPv6 device, including dynamic address allocation.

Router Advertisement (RA) Message

Sent by IPv6-enabled routers to provide addressing information to IPv6-enabled hosts.

Neighbor Solicitation (NS) Message

Used by a device to perform duplicate address detection (DAD) to ensure its IPv6 address is unique.

Neighbor Advertisement (NA) Message

Used for address resolution when a device knows the IPv6 address but not the Ethernet MAC address.

Ping

Command used to test connectivity to another host on a network by sending an echo request to the host address.

Traceroute (tracert)

A utility that generates a list of hops that were successfully reached along the path to a destination.

Time to Live (TTL)

The IPv4 field that is decremented by routers, causing the packet to be dropped if it reaches zero.

IPv6 Hop Limit

The IPv6 field to determine if a packet has expired if the router cannot forward.

Round Trip Time (RTT)

Provides round-trip time for each hop and indicates if a hop fails to respond.

Study Notes

ICMP (Internet Control Message Protocol) in TCP/IP Suite

• IP is a best-effort protocol without guaranteed reliability.
• ICMP provides error and informational messages during IP communications.
• ICMP offers feedback on IP packet processing issues, but does not ensure reliability.
• Networks may restrict ICMP messages for security.
• ICMP has two versions: ICMPv4 for IPv4 and ICMPv6 for IPv6, with added functionality.
• Common ICMP Messages include Host reachability, Destination or Service Unreachable, and Time exceeded.
• ICMP encompasses both ICMPv4 and ICMPv6.

Host Reachability

• ICMP Echo Messages can test host reachability on an IP network.
• A local host sends an ICMP Echo Request, and if available, the destination responds with an Echo Reply.
• ICMP Echo messages form the basis of the ping utility.

Destination or Service Unreachable

• When a host or gateway cannot deliver a packet, it sends an ICMP Destination Unreachable message to the source.
• The message includes a code indicating the reason for the failure.
• Some ICMPv4 Destination Unreachable codes include:
  • 0 - Net unreachable
  • 1 - Host unreachable
  • 2 - Protocol unreachable
  • 3 - Port unreachable
• Some ICMPv6 Destination Unreachable codes include:
  • 0 - No route to destination
  • 1 - Communication administratively prohibited (e.g., firewall)
  • 2 - Beyond scope of the source address
  • 3 - Address unreachable
  • 4 - Port unreachable

Time Exceeded

• An ICMPv4 Time Exceeded message from a router indicates a packet could not be forwarded because the Time to Live (TTL) field decremented to 0.
• The router discards the IPv4 packet and sends the Time Exceeded message to the source.
• ICMPv6 sends a Time Exceeded message if a router cannot forward an IPv6 packet due to expiration using the IPv6 Hop Limit field.
• The traceroute tool uses Time Exceeded messages.

ICMPv6 Messages

• ICMPv6 has informational and error messages similar to ICMPv4, but has new features and functionality.
• ICMPv6 messages are encapsulated in IPv6.
• ICMPv6 includes four new protocols for Neighbor Discovery Protocol (ND or NDP).
• Messaging between an IPv6 router and an IPv6 device, including dynamic address allocation, include:
  • Router Solicitation (RS) message
  • Router Advertisement (RA) message
• Messaging between IPv6 devices, including duplicate address detection and address resolution as follows:
  • Neighbor Solicitation (NS) message
  • Neighbor Advertisement (NA) message
• IPv6-enabled routers send RA messages every 200 seconds with addressing information like prefix, prefix length, DNS address, and domain name.
• A host using Stateless Address Autoconfiguration (SLAAC) sets its default gateway to the link-local address of the router sending the RA.
• An IPv6-enabled router sends an RA message in response to an RS message.
• PC1 sends an RS message to determine how to receive its IPv6 address information dynamically.
• R1 replies to the RS with an RA message with its IPv6 global unicast address and advises to use its link-local address as a default gateway

NS Message

• When a device gets a global IPv6 unicast or link-local unicast address, it may perform Duplicate Address Detection (DAD) to ensure uniqueness.
• To check uniqueness, the device sends an NS message with its own address as the targeted IPv6 address.
• If another device uses the address, it responds with an NA message indicating the address is in use.
• The unicast address is acceptable for use if a corresponding NA message is not returned within a certain period.
• DAD is not required, but RFC 4861 recommends it for unicast addresses.

NA Message

• Address resolution is used when a device knows the IPv6 unicast address of a destination but not its Ethernet MAC address.
• A device sends an NS message to determine the MAC address for the destination using their solicited node address including the targeted IPv6 address.
• The device with the targeted IPv6 address will respond with an NA message containing its Ethernet MAC address.
• R1 sends an address resolution NS message to a device asking for its MAC address.

Ping and Traceroute Tests

• The ping command tests connectivity to another host by sending an echo request.
• Receiving an echo reply indicates the host is reachable and provides feedback on the time between request and reply as a measure of network performance.
• Ping has a timeout value, after which it indicates a response was not received, potentially due to a problem or security features blocking ping messages.
• The first ping may timeout due to the need for address resolution (ARP or ND).
• The ping utility provides a summary that includes the success rate and average round-trip time to the destination.
• Types of connectivity tests performed with ping:
  • Pinging the local loopback
  • Pinging the default gateway
  • Pinging the remote host

Ping the Loopback

• Ping can test the internal configuration of IPv4 or IPv6 by pinging the local loopback address of 127.0.0.1 for IPv4 or ::1 for IPv6.
• A response indicates that IP is properly installed but not addresses, masks, or gateways are configured correctly, nor the status of lower layers.
• An error message indicates that TCP/IP is not operational.

Ping the Default Gateway

• Ping tests the ability of a host to communicate on the local network by pinging the IP address of the host's default gateway.
• A successful ping means both the host and router interface serving as the default gateway are operational.
• Typically, the default gateway address is used because the router is always operational.
• If the default gateway address does not respond, ping another host on the local network.
• Communication over the local network is successful if either responds.
• If the gateway does not respond, there may be a problem with the router interface, a wrong default gateway address, or security configured to prevent responses to ping requests.

Ping a Remote Host

• Ping can test the ability of a local host to communicate across an internetwork using the router's IP routing table to forward packets.
• A successful ping verifies communication on the local network, the operation of the router serving as the default gateway, and the operation of all other involved routers .
• It also verifies the functionality of the remote host.
• Many network administrators limit or prohibit ICMP messages into the corporate network.

Traceroute - Test the Path

• Traceroute (tracert) generates a list of successfully reached hops that ping does not provide.
• The list provides verification and troubleshooting information.
• If data reaches the destination, the trace lists the interface of every router along the path.
• If data fails, the address of the last router responding indicates the problem’s location or security restrictions

Round Trip Time (RTT)

• Traceroute provides RTT for each hop indicating failure to respond.
• RTT indicates the problem router of connectivity issues using an asterisk (*) to indicate lost and unreplied packets.

IPv4 TTL and IPv6 Hop Limit

• Traceroute uses the TTL field in IPv4 and the Hop Limit field in IPv6 in Layer 3 headers with the ICMP Time Exceeded message.