Use Wireshark to analyze ICMP Packets
ICMP protocol Introduction
1. ICMP is the abbreviation of "Internet Control Message Protocol" (Internet Control Message Protocol. It is a sub-Protocol of the TCP/IP protocol family. It is used to transmit control messages between IP hosts and routers. A message control refers to a message of the network itself, such as network connectivity, host accessibility, and routing availability. Although these control messages do not transmit user data, they play an important role in transferring user data.
2. The ICMP packet is used as the data of the IP layer datagram, And the header of the datagram is added to form the datagram to be sent out.
3. There are two types of ICMP packets: ICMP error report messages and ICMP Query Packets.
Analyze an ICMP protocol interaction process using the ping program
Run ping www.bkjia.com in CMD.
Filter to display only ICMP protocol
In windows, the ping program is run four times by default. wireshark captures eight ICMP Query Packets, depending on the request and response process.
First, let's look at the format of a packet. We can see that the packet consists of an IP header and an ICMP packet. First, let's look at the header and size of the IP packet.
The blue in the red box is the IP address header, which contains 20 bytes.
It is an ICMP packet in the red box, with a total of 40 bytes.
Specific ICMP Message format
You can see
Type: 8
Code: 0
Checksum: 0x4c90
By querying the ICMP packet Type, we can see that the packet Type 8 is a bounce request (Ping request)
Use the same method to view the Echo (ping) reply package. The type is 0.
By querying the ICMP packet Type, we can see that packets with Type 0 are reply (Ping response)
For details, see
Simple use of Wireshark
Install Wireshark in Ubuntu 12.04
Starting Wireshark packet capture from common users in Linux
Install and run Wireshark in Linux
Wireshark details: click here
Wireshark: click here
This article permanently updates the link address: