Use Wireshark to analyze ICMP Packets

Source: Internet
Author: User

Use Wireshark to analyze ICMP Packets

ICMP protocol Introduction

1. ICMP is the abbreviation of "Internet Control Message Protocol" (Internet Control Message Protocol. It is a sub-Protocol of the TCP/IP protocol family. It is used to transmit control messages between IP hosts and routers. A message control refers to a message of the network itself, such as network connectivity, host accessibility, and routing availability. Although these control messages do not transmit user data, they play an important role in transferring user data.

2. The ICMP packet is used as the data of the IP layer datagram, And the header of the datagram is added to form the datagram to be sent out.

3. There are two types of ICMP packets: ICMP error report messages and ICMP Query Packets.

Analyze an ICMP protocol interaction process using the ping program

Run ping www.bkjia.com in CMD.

Filter to display only ICMP protocol

In windows, the ping program is run four times by default. wireshark captures eight ICMP Query Packets, depending on the request and response process.

First, let's look at the format of a packet. We can see that the packet consists of an IP header and an ICMP packet. First, let's look at the header and size of the IP packet.

The blue in the red box is the IP address header, which contains 20 bytes.

It is an ICMP packet in the red box, with a total of 40 bytes.

Specific ICMP Message format

You can see

Type: 8

Code: 0

Checksum: 0x4c90

By querying the ICMP packet Type, we can see that the packet Type 8 is a bounce request (Ping request)

Use the same method to view the Echo (ping) reply package. The type is 0.

By querying the ICMP packet Type, we can see that packets with Type 0 are reply (Ping response)

For details, see

Simple use of Wireshark

Install Wireshark in Ubuntu 12.04

Starting Wireshark packet capture from common users in Linux

Install and run Wireshark in Linux

Wireshark details: click here
Wireshark: click here

This article permanently updates the link address:

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.