WIRESHARK-ICMP Data Report Analysis

Icmp:internet Control Message Protocol
　　
ICMP is a sub-protocol of the TCP/IP protocol family that is used to pass control messages between IP hosts and routers. The control message refers to the message that the network is not accessible, whether the host is available, whether the route is available, and so on.
The ICMP protocol is sent by IP protocol, which is a kind of non-connected and unreliable packet protocol, which belongs to the Network layer protocol.
The ICMP message is transmitted within the IP datagram. Packet structure in the actual transfer: 20 byte IP header + 8 bytes ICMP header + 1472 bytes < data size >38 bytes.
ICMP message Format: IP header (20 bytes) + 8-bit type + 8-bit code + 16-bit checksum + (different types and codes, format varies). The following is the ICMP message format:
　　

types of ICMP messages

The different types are determined by the Type field and the Code field in the message, and can be divided into two types: ICMP error report message and ICMP inquiry message.

ICMP request and Response message Ping

A ping program can send a request message, and a response message is returned after the ping server receives the message.
Here is the message format for request response:

Let Wireshark start to grab the packet, with ICMP filter, open cmd window, enter ping www.youku.com, will find Wireshark start to crawl the message, ping default send 4 request message, all here will crawl to 8 messages (request and answer 4). Below you see a request message structure:

Let's take a look at the actual data fields:

Traceroute Tools

The Traceroute program allows us to see the routing of the I P datagram from one host to another, which is an important tool for detecting routing between hosts and destination hosts, and is the most convenient tool.

Traceroute Basic principle: This program uses the TTL information of the message to achieve the route acquisition. First the host sends a ttl=1 datagram to the destination host, and when the datagram arrives at the first router, ttl=0, the router sends an ICMP message back to the host, stating that the datagram timed out. The first routing address is then sent to ttl=2, which sends a datagram again, and the ICMP is returned by the second route, thereby increasing the TTL to get the routing information between the host and the destination host.

　　

Running results in Windows cmd

In Linux traceroute is optional, the type of packet (-I,-U,-T) represents the ICMP,UDP,TCP packet type, respectively. In Windows cmd, tracert is used for ICMP packets. There may be some problems in the actual test. Specific reference:

http://blog.csdn.net/lhq9220/article/details/6436984