Documente Academic
Documente Profesional
Documente Cultură
Lab Report 3
Figure 1
Ping commands were issued from PC1 to PC2, Router1 and PC4.
- What is the output on PC1 when the ping commands are issued?
The output on PC1 was:
[netlab@PC1 ~]$ ping -c 5 10.0.1.21
PING 10.0.1.21 (10.0.1.21) 56(84) bytes of
64 bytes from 10.0.1.21: icmp_seq=1 ttl=64
64 bytes from 10.0.1.21: icmp_seq=2 ttl=64
64 bytes from 10.0.1.21: icmp_seq=3 ttl=64
64 bytes from 10.0.1.21: icmp_seq=4 ttl=64
64 bytes from 10.0.1.21: icmp_seq=5 ttl=64
data.
time=0.283
time=0.253
time=0.262
time=0.252
time=0.260
ms
ms
ms
ms
ms
--- 10.0.1.21 ping statistics --5 packets transmitted, 5 received, 0% packet loss, time 4000ms
rtt min/avg/max/mdev = 0.252/0.262/0.283/0.011 ms
[netlab@PC1 ~]$ ping -c 5 10.0.2.1
connect: Network is unreachable
[netlab@PC1 ~]$ ping -c 5 10.0.3.41
connect: Network is unreachable
- Do you observe any ARP or ICMP packets? If so, what do they indicate?
Yes, ARP and ICMP packets are indicating the ping command request from PC1,
trying to reach PC2 and its response.
- Which destinations are not reachable? Explain.
The only destination reachable was PC2, because it is in the same subnet of PC1.
The others are not reachable because, besides they are in different subnets, not all the
routing configurations were not set up until this point of the experiment.
Exercise 1(B)
In this exercise, PC2 was configured as an IP router, by enabling IP forwarding using
the following command:
PC2% echo 1 > /proc/sys/net/ipv4/ip_forward/
Exercise 1(C)
Include the saved output of the routing table. Explain the entries in the routing table
and discuss the values of the fields for each entry.
The routing table for PC1 is showed below. It says that PC1 is included in the subnet
10.0.1.0 and can reach subnets 10.0.2.0 and 10.0.3.0 by the IP 10.0.1.21 that refers to
interface eth0 of PC2.
Kernel IP routing table
Destination
Gateway
Iface
10.0.1.0
0.0.0.0
10.0.2.0
10.0.1.21
10.0.3.0
10.0.1.21
Genmask
Flags
255.255.255.0
255.255.255.0
255.255.255.0
U
UG
UG
MSS Window
0 0
0 0
0 0
irtt
0 em1
0 em1
0 em1
For PC2, the table claims that subnets 10.0.1.0 and 10.0.2.0 can be reached directly
via interfaces eth0 and eth1. To reach 10.0.3.0, the next hop is 10.0.2.1.
Kernel IP routing table
Destination
Gateway
Iface
10.0.1.0
0.0.0.0
10.0.2.0
0.0.0.0
10.0.3.0
10.0.2.1
Genmask
Flags
255.255.255.0
255.255.255.0
255.255.255.0
U
U
UG
MSS Window
0 0
0 0
0 0
irtt
0 em1
0 em2
0 em2
By the table of PC3 it is possible to affirm that PC3 is directly connected to subnet
10.0.3.0 and can reach subnets 10.0.1.0 and 10.0.2.0 by the next hop 10.0.3.1.
Kernel IP routing table
Destination
Gateway
Iface
10.0.1.0
10.0.3.1
10.0.2.0
10.0.3.1
Exercise
2(A)
10.0.3.0
0.0.0.0
Genmask
Flags
255.255.255.0
255.255.255.0
255.255.255.0
UG
UG
U
MSS Window
0 0
0 0
0 0
irtt
0 em1
0 em1
0 em1
show interfaces
FastEthernet0/0 is up, line protocol is up
Hardware is AmdFE, address is 0011.92a1.ec40 (bia 0011.92a1.ec40)
Internet address is 10.0.2.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:01, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
110 packets output, 11945 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
FastEthernet0/1 is up, line protocol is up
Hardware is AmdFE, address is 0011.92a1.ec41 (bia 0011.92a1.ec41)
Internet address is 10.0.3.1/24
MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec,
reliability 255/255, txload 1/255, rxload 1/255
Encapsulation ARPA, loopback not set
Keepalive set (10 sec)
Half-duplex, 100Mb/s, 100BaseTX/FX
ARP type: ARPA, ARP Timeout 04:00:00
Last input never, output 00:00:05, output hang never
Last clearing of "show interface" counters never
Input queue: 0/75/0/0 (size/max/drops/flushes); Total output drops: 0
Queueing strategy: fifo
Output queue: 0/40 (size/max)
5 minute input rate 0 bits/sec, 0 packets/sec
5 minute output rate 0 bits/sec, 0 packets/sec
0 packets input, 0 bytes
Received 0 broadcasts, 0 runts, 0 giants, 0 throttles
0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored
0 watchdog
0 input packets with dribble condition detected
109 packets output, 11885 bytes, 0 underruns
0 output errors, 0 collisions, 1 interface resets
0 babbles, 0 late collision, 0 deferred
0 lost carrier, 0 no carrier
0 output buffer failures, 0 output buffers swapped out
show running-config
Building configuration...
Current configuration : 729 bytes
!
version 12.3
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname Router1
!
boot-start-marker
boot-end-marker
!
enable secret 5 $1$y6XH$KBfZNJZgSMWdRtbSqCv9Z/
!
no network-clock-participate slot 1
no network-clock-participate wic 0
no aaa new-model
ip subnet-zero
ip cef
!
!
!
!
!
!
!
interface FastEthernet0/0
ip address 10.0.2.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
ip address 10.0.3.1 255.255.255.0
ip helper-address 10.0.1.21
duplex auto
speed auto
!
ip http server
ip classless
ip route 0.0.0.0 0.0.0.0 10.0.2.21
!
!
dialer-list 1 protocol ip permit
!
line con 0
line aux 0
line vty 0 4
password netlab
login
!
!
end
The first output show that the interfaces were configured correctly with ip addresses
10.0.2.1 and 10.0.3.1 with netmask 255.255.255.0. Besides, it shows parameters of the
interface used. The second output refers to configurations of the interface, such as IP
addresses, duplex, speed, password and login.
Exercise 2(D)
Include the saved output of the routing table from Steps 1 and 2. Explain the fields of
the routing table entries of the Cisco router. Explain how the routing table has changed
from Step 1 to Step 3
Gateway of last resort is 10.0.2.21 to network 0.0.0.0
C
C
S*
As can be seen in the first table presented, the router is directly connected to
subnets 10.0.2.0 and 10.0.3.0 through the interfaces FastEthernet0/0 and
FastEthernet0/1, respectively. In the second table, the router can reach subnet 10.0.1.0
via gateway 10.0.2.22.
No.
Time
Source
Destination
Length Info
30 5.230997000
10.0.3.41
10.0.1.11
102
Destination unreachable (Port unreachable)
Protocol
ICMP
Frame 30: 102 bytes on wire (816 bits), 102 bytes captured (816 bits) on
interface 0
Ethernet II, Src: c8:1f:66:cb:34:74 (c8:1f:66:cb:34:74), Dst:
No.
Time
Source
Destination
Length Info
31 5.231888000
10.0.2.1
10.0.1.11
70
Time-to-live exceeded (Time to live exceeded in transit)
Protocol
ICMP
Frame 31: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) on
interface 0
Ethernet II, Src: c8:1f:66:cb:34:74 (c8:1f:66:cb:34:74), Dst:
c8:1f:66:cb:2f:a3 (c8:1f:66:cb:2f:a3)
Internet Protocol Version 4, Src: 10.0.2.1 (10.0.2.1), Dst: 10.0.1.11
(10.0.1.11)
Genmask
Flags
255.255.255.0
255.255.255.0
255.255.255.0
U
UG
UG
Genmask
Flags
255.255.255.0
255.255.255.0
255.255.255.0
U
U
UG
Genmask
Flags
255.255.255.0
255.255.255.0
255.255.255.0
UG
UG
U
MSS Window
0 0
0 0
0 0
irtt
0 em1
0 em1
0 em1
MSS Window
0 0
0 0
0 0
irtt
0 em1
0 em2
0 em2
MSS Window
0 0
0 0
0 0
irtt
0 em1
0 em1
0 em1
It is possible to note that the command traceroute works by increasing the TTL field
in the packets. When it reaches zero, the packet is destroyed by the router and an
ICMP error message containing the IP address of the router is sent to the host (Time to
Live Exceeded). Hence, the command knows the IPs of the routers in the way of the
destination, until it reaches the final point, returning a port unreachable error.
Exercise 3(C)
No.
Time
Length Info
11 6.439837000
Echo (ping) request
Source
Destination
10.0.1.11
10.0.3.41
id=0x0935, seq=5/1280, ttl=64 (reply in 12)
Protocol
ICMP
98
Frame 11: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet II, Src: c8:1f:66:cb:2f:a3 (c8:1f:66:cb:2f:a3), Dst: c8:1f:66:cb:34:74
(c8:1f:66:cb:34:74)
Internet Protocol Version 4, Src: 10.0.1.11 (10.0.1.11), Dst: 10.0.3.41
(10.0.3.41)
Internet Control Message Protocol
No.
Time
Length Info
12 6.440558000
Echo (ping) reply
Source
Destination
Protocol
10.0.3.41
10.0.1.11
ICMP
id=0x0935, seq=5/1280, ttl=62 (request in 11)
98
Frame 12: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet II, Src: c8:1f:66:cb:34:74 (c8:1f:66:cb:34:74), Dst: c8:1f:66:cb:2f:a3
(c8:1f:66:cb:2f:a3)
Internet Protocol Version 4, Src: 10.0.3.41 (10.0.3.41), Dst: 10.0.1.11
(10.0.1.11)
Internet Control Message Protocol
No.
Time
Source
Length Info
13 7.443160000
c8:1f:66:cb:34:74
Who has 10.0.1.11? Tell 10.0.1.21
Destination
Protocol
c8:1f:66:cb:2f:a3
ARP
60
Frame 13: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on
interface 0
Ethernet II, Src: c8:1f:66:cb:34:74 (c8:1f:66:cb:34:74), Dst: c8:1f:66:cb:2f:a3
(c8:1f:66:cb:2f:a3)
Address Resolution Protocol (request)
No.
Time
Source
Length Info
14 7.443186000
c8:1f:66:cb:2f:a3
10.0.1.11 is at c8:1f:66:cb:2f:a3
Destination
Protocol
c8:1f:66:cb:34:74
ARP
42
Frame 14: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on
interface 0
Ethernet II, Src: c8:1f:66:cb:2f:a3 (c8:1f:66:cb:2f:a3), Dst: c8:1f:66:cb:34:74
(c8:1f:66:cb:34:74)
A ping command is issued from PC1 to PC4. This is de data captured by PC1.
The source and destination IP addresses are 10.0.1.11 and 10.0.3.41, respectively.
The MAC addresses are c8:1f:66:cb:34:74 and c8:1f:66:cb:2f:a3.
Determine the source and destination addresses in the Ethernet and IP headers
for the Echo Request messages that were captured at PC4.
No.
Time
Length Info
10 5.633341000
Echo (ping) request
Source
Destination
10.0.1.11
10.0.3.41
id=0x0935, seq=5/1280, ttl=62 (reply in 11)
Protocol
ICMP
98
Frame 10: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface
0
Ethernet II, Src: 00:11:92:a1:ec:41 (00:11:92:a1:ec:41), Dst: c8:1f:66:ca:f7:b3
(c8:1f:66:ca:f7:b3)
Internet Protocol Version 4, Src: 10.0.1.11 (10.0.1.11), Dst: 10.0.3.41
(10.0.3.41)
Internet Control Message Protocol
No.
Time
Length Info
11 5.633389000
Echo (ping) reply
Source
Destination
Protocol
10.0.3.41
10.0.1.11
ICMP
id=0x0935, seq=5/1280, ttl=64 (request in 10)
98
Frame 11: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface
0
Ethernet II, Src: c8:1f:66:ca:f7:b3 (c8:1f:66:ca:f7:b3), Dst: 00:11:92:a1:ec:41
(00:11:92:a1:ec:41)
Internet Protocol Version 4, Src: 10.0.3.41 (10.0.3.41), Dst: 10.0.1.11
(10.0.1.11)
Internet Control Message Protocol
No.
Time
Source
Length Info
13 6.636615000
c8:1f:66:ca:f7:b3
Who has 10.0.3.1? Tell 10.0.3.41
Destination
Protocol
00:11:92:a1:ec:41
ARP
42
Frame 13: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface
0
Ethernet II, Src: c8:1f:66:ca:f7:b3 (c8:1f:66:ca:f7:b3), Dst: 00:11:92:a1:ec:41
(00:11:92:a1:ec:41)
Address Resolution Protocol (request)
No.
Time
Source
Length Info
14 6.637578000
00:11:92:a1:ec:41
10.0.3.1 is at 00:11:92:a1:ec:41
Destination
Protocol
c8:1f:66:ca:f7:b3
ARP
60
Frame 14: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface
0
Ethernet II, Src: 00:11:92:a1:ec:41 (00:11:92:a1:ec:41), Dst: c8:1f:66:ca:f7:b3
(c8:1f:66:ca:f7:b3)
Address Resolution Protocol (reply)
This is de data captured by PC4. The source and destination IP addresses are
10.0.1.11 and 10.0.3.41, respectively. The MAC addresses are c8:1f:66:ca:f7:b3 and
00:11:92:a1:ec:41.
Use your previous answers to explain how the source and destination Ethernet
and IP addresses are changed when a datagram is forwarded by a router.
Although when the packets are in transit the IP addresses do not change, the MAC
addresses change at every hop.
Exercise 3(D)
Use the saved output to indicate the number of matches for each of the preceding IP
addresses. Explain how PC1 resolves multiple matches in the routing table. Include
only relevant output data in your report to support your analysis of the data.
10.0.0.0/16 via 10.0.1.71 dev em1
10.0.1.0/24 dev em1 proto kernel
10.0.2.0/24 via 10.0.1.21 dev em1
10.0.2.0/24 via 10.0.1.11 dev em1
10.0.3.0/24 via 10.0.1.21 dev em1
10.0.3.0/24 via 10.0.1.11 dev em1
10.0.3.9 via 10.0.1.81 dev em1
scope link
src 10.0.1.11
scope link
scope link
Routes for 10.0.0.0 and 10.0.3.9 were added to the routing table of PC1. There are
3 matches to 10.0.3.9 in the table, 2 matches for 10.0.3.14 and one match for 10.0.4.1.
Issuing ping commands to 10.0.3.9, 10.0.3.14 and 10.0.4.1, it was possible to obtain
the following wireshark data:
No.
Time
Source
Length Info
3 6.341264000
c8:1f:66:cb:2f:a3
42
Who has 10.0.1.81? Tell 10.0.1.11
Destination
Protocol
ff:ff:ff:ff:ff:ff
ARP
No.
Time
Source
Length Info
9 18.462497000
c8:1f:66:cb:2f:a3
42
Who has 10.0.1.21? Tell 10.0.1.11
Destination
Protocol
c8:1f:66:cb:34:74
ARP
No.
Time
Source
Length Info
14 28.366489000
c8:1f:66:cb:2f:a3
42
Who has 10.0.1.71? Tell 10.0.1.11
Destination
Protocol
ff:ff:ff:ff:ff:ff
ARP
Frame 14: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on
interface 0
Ethernet II, Src: c8:1f:66:cb:2f:a3 (c8:1f:66:cb:2f:a3), Dst:
ff:ff:ff:ff:ff:ff (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
Issuing a ping to 10.0.3.9, the gateway used was 10.0.1.81. For 10.0.3.14, the
gateway was 10.0.1.21 and for 10.0.4.1, 10.0.1.71. It can be concluded that when there
are multiple matches for an IP address in a routing table, the longest prefix is used.
Exercise 3(E)
In this exercise, a router was issued as default from PC1 to PC2 and them from PC2
to Router1. A ping command was issued to a non-existent IP address (10.0.10.110).
At PC1, there are only request ICMP messages:
No.
Time
Source
Destination
Length Info
4 12.742910000
10.0.1.11
10.0.10.110
98
Echo (ping) request id=0x0b3c, seq=1/256, ttl=64
Protocol
ICMP
Protocol
ICMP
Unreachable network.
It travels up to the Router 1. As the destination 10.0.10.110 does not exist, the
message cannot be delivered.
Proxy ARP is a technique in which a router responds ARP requests with its own MAC
address when a request comes from a host on one of its subnets to a host in another of
its subnets. The router intercepts the packet and, then, assumes the responsibility of
forwarding it to the specified destination.
In order to observe how the proxy ARP works, we issued a ping from PC4 to PC1.
PC4% ping c 2 10.0.1.11
The network traffic was captured by Wireshark on PC1 (em1), PC2 (em2) and PC4
(em1). After the ping, the ARP table of PC4 was also saved. The outcomes are shown
in the following tables:
ARP table of PC4:
? (10.0.1.11) at 00:11:92:a1:ec:41 [ether] on em1
Protocol
ICMP
98
Frame 7: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface
0
Ethernet II, Src: c8:1f:66:cb:34:74 (c8:1f:66:cb:34:74), Dst: c8:1f:66:cb:2f:a3
(c8:1f:66:cb:2f:a3)
Internet Protocol Version 4, Src: 10.0.3.41 (10.0.3.41), Dst: 10.0.1.11
(10.0.1.11)
Internet Control Message Protocol
No.
Time
Source
Destination
Length Info
8 28.246607000
10.0.1.11
10.0.3.41
Echo (ping) reply
id=0x08db, seq=1/256, ttl=64 (request in 7)
Protocol
ICMP
98
Frame 8: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface
0
Ethernet II, Src: c8:1f:66:cb:2f:a3 (c8:1f:66:cb:2f:a3), Dst: c8:1f:66:cb:34:74
(c8:1f:66:cb:34:74)
Internet Protocol Version 4, Src: 10.0.1.11 (10.0.1.11), Dst: 10.0.3.41
(10.0.3.41)
Internet Control Message Protocol
No.
Time
Length Info
98
Source
Destination
Protocol
9 29.247611000
10.0.3.41
10.0.1.11
ICMP
Echo (ping) request id=0x08db, seq=2/512, ttl=62 (reply in 10)
Frame 9: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface
0
No.
Time
Source
Destination
Protocol
Ethernet
II, Src: c8:1f:66:cb:34:74
(c8:1f:66:cb:34:74),
Dst: c8:1f:66:cb:2f:a3
Length Info
(c8:1f:66:cb:2f:a3)
10 29.247653000
10.0.1.11
10.0.3.41
ICMP10.0.1.11
98
Internet
Protocol Version
4, Src: 10.0.3.41
(10.0.3.41), Dst:
Echo (ping) reply
id=0x08db, seq=2/512, ttl=64 (request in 9)
(10.0.1.11)
Internet Control Message Protocol
Frame 10: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet II, Src: c8:1f:66:cb:2f:a3 (c8:1f:66:cb:2f:a3), Dst: c8:1f:66:cb:34:74
(c8:1f:66:cb:34:74)
Internet Protocol Version 4, Src: 10.0.1.11 (10.0.1.11), Dst: 10.0.3.41
(10.0.3.41)
Internet Control Message Protocol
Protocol
ICMP
98
Frame 12: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet II, Src: 00:11:92:a1:ec:40 (00:11:92:a1:ec:40), Dst: c8:1f:66:cb:34:75
(c8:1f:66:cb:34:75)
Internet Protocol Version 4, Src: 10.0.3.41 (10.0.3.41), Dst: 10.0.1.11
(10.0.1.11)
Internet Control Message Protocol
No.
Time
Source
Destination
Length Info
13 44.608180000
10.0.1.11
10.0.3.41
Echo (ping) reply
id=0x08db, seq=1/256, ttl=63 (request in 12)
Protocol
ICMP
98
Frame 13: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet II, Src: c8:1f:66:cb:34:75 (c8:1f:66:cb:34:75), Dst: 00:11:92:a1:ec:40
(00:11:92:a1:ec:40)
Internet Protocol Version 4, Src: 10.0.1.11 (10.0.1.11), Dst: 10.0.3.41
(10.0.3.41)
Internet Control Message Protocol
No.
Time
Source
Destination
Length Info
14 45.608928000
10.0.3.41
10.0.1.11
Echo (ping) request id=0x08db, seq=2/512, ttl=63 (reply in 15)
Protocol
ICMP
98
Frame 14: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet II, Src: 00:11:92:a1:ec:40 (00:11:92:a1:ec:40), Dst: c8:1f:66:cb:34:75
(c8:1f:66:cb:34:75)
Internet Protocol Version 4, Src: 10.0.3.41 (10.0.3.41), Dst: 10.0.1.11
(10.0.1.11)
Internet Control Message Protocol
No.
Time
Length Info
15 45.609290000
Source
10.0.1.11
Destination
10.0.3.41
Protocol
ICMP
98
Destination
ff:ff:ff:ff:ff:ff
Protocol
ARP
42
Frame 3: 42 bytes on wire (336 bits), 42 bytes captured (336 bits) on interface
0
Ethernet II, Src: c8:1f:66:ca:f7:b3 (c8:1f:66:ca:f7:b3), Dst: ff:ff:ff:ff:ff:ff
(ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
No.
Time
Source
Length Info
4 4.555258000
00:11:92:a1:ec:41
10.0.1.11 is at 00:11:92:a1:ec:41
Destination
c8:1f:66:ca:f7:b3
Protocol
ARP
60
Frame 4: 60 bytes on wire (480 bits), 60 bytes captured (480 bits) on interface
0
Ethernet II, Src: 00:11:92:a1:ec:41 (00:11:92:a1:ec:41), Dst: c8:1f:66:ca:f7:b3
(c8:1f:66:ca:f7:b3)
Address Resolution Protocol (reply)
No.
Time
Source
Destination
Protocol
Length Info
5 4.555276000
10.0.3.41
10.0.1.11
ICMP
98
Echo (ping) request id=0x08db, seq=1/256, ttl=64 (reply in 6)
Frame 5: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet
II,
Src:
c8:1f:66:ca:f7:b3
(c8:1f:66:ca:f7:b3),
Dst:
00:11:92:a1:ec:41 (00:11:92:a1:ec:41)
Internet Protocol Version 4, Src: 10.0.3.41 (10.0.3.41), Dst: 10.0.1.11
(10.0.1.11)
Internet Control Message Protocol
No.
Time
Source
Destination
Protocol
Length Info
6 4.556064000
10.0.1.11
10.0.3.41
ICMP
98
Echo (ping) reply
id=0x08db, seq=1/256, ttl=62 (request in 5)
Frame 6: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet
II,
Src:
00:11:92:a1:ec:41
(00:11:92:a1:ec:41),
Dst:
c8:1f:66:ca:f7:b3 (c8:1f:66:ca:f7:b3)
Internet Protocol Version 4, Src: 10.0.1.11 (10.0.1.11), Dst: 10.0.3.41
(10.0.3.41)
Internet Control Message Protocol
No.
Time
Source
Destination
Protocol
Length Info
7 5.556285000
10.0.3.41
10.0.1.11
ICMP
98
Echo (ping) request id=0x08db, seq=2/512, ttl=64 (reply in 8)
Frame 7: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet
II,
Src:
c8:1f:66:ca:f7:b3
(c8:1f:66:ca:f7:b3),
Dst:
00:11:92:a1:ec:41 (00:11:92:a1:ec:41)
Internet Protocol Version 4, Src: 10.0.3.41 (10.0.3.41), Dst: 10.0.1.11
(10.0.1.11)
Internet Control Message Protocol
No.
Time
Source
Destination
Protocol
Length Info
8 5.557204000
10.0.1.11
10.0.3.41
ICMP
98
Echo (ping) reply
id=0x08db, seq=2/512, ttl=62 (request in 7)
Frame 8: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet
II,
Src:
00:11:92:a1:ec:41
(00:11:92:a1:ec:41),
Dst:
c8:1f:66:ca:f7:b3 (c8:1f:66:ca:f7:b3)
Internet Protocol Version 4, Src: 10.0.1.11 (10.0.1.11), Dst: 10.0.3.41
(10.0.3.41)
Internet Control Message Protocol
Looking into the captured traffic on the hosts, it is possible to see that when PC4
broadcasts an ARP request asking who is at IP address 10.0.1.11, the Router 1
answers saying its own MAC address, which leads PC4 to believe that PC1
(10.0.1.11) has the routers MAC address. Hence, when issuing a ping to PC1, PC4
sends the ICMP request message for the router. The router, then, forwards the packets
to their destination.
Therefore, we can notice that this configuration allows that hosts in different networks
talk to each other. When the Proxy ARP is disabled in the Router 1, PC4 is not able to
issue a ping to PC1.
Is there a difference between the contents of the routing table and the routing
cache immediately after the ICMP Route Redirect message?
After the ICMP Route Redirect message, the routing table is not updated, while the
routing cache is.
When you viewed the cache a few minutes later, what did you observe?
An entry in the routing cache is deleted after a few minutes without use. Hence, it
became empty later.
Describe how the ICMP route redirect works using the output you saved.
Protocol
ICMP
Frame 27: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet
II,
Src:
c8:1f:66:cb:34:74
(c8:1f:66:cb:34:74),
Dst:
00:11:92:a1:ec:41 (00:11:92:a1:ec:41)
Internet Protocol Version 4, Src: 10.0.2.10 (10.0.2.10), Dst: 10.0.3.10
(10.0.3.10)
Internet Control Message Protocol
No.
Time
Length Info
28 49.932773000
70
Redirect
Source
Destination
Protocol
10.0.2.1
10.0.2.10
(Redirect for host)
ICMP
Frame 28: 70 bytes on wire (560 bits), 70 bytes captured (560 bits) on
interface 0
Ethernet
II,
Src:
00:11:92:a1:ec:41
(00:11:92:a1:ec:41),
Dst:
c8:1f:66:cb:34:74 (c8:1f:66:cb:34:74)
Internet Protocol Version 4, Src: 10.0.2.1 (10.0.2.1), Dst: 10.0.2.10
(10.0.2.10)
Internet Control Message Protocol
No.
Time
Source
Destination
Length Info
29 49.932817000
10.0.2.10
10.0.3.10
98
Echo (ping) request id=0x0984, seq=1/256, ttl=63
Protocol
ICMP
Frame 29: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet
II,
Src:
00:11:92:a1:ec:41
(00:11:92:a1:ec:41),
Dst:
00:11:92:74:db:41 (00:11:92:74:db:41)
Internet Protocol Version 4, Src: 10.0.2.10 (10.0.2.10), Dst: 10.0.3.10
(10.0.3.10)
Internet Control Message Protocol
No.
Time
Source
Destination
Length Info
32 50.932984000
10.0.2.10
10.0.3.10
98
Echo (ping) request id=0x0984, seq=2/512, ttl=64
Protocol
ICMP
Frame 32: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on
interface 0
Ethernet
II,
Src:
c8:1f:66:cb:34:74
(c8:1f:66:cb:34:74),
Dst:
00:11:92:74:db:41 (00:11:92:74:db:41)
Internet Protocol Version 4, Src: 10.0.2.10 (10.0.2.10), Dst: 10.0.3.10
(10.0.3.10)
Internet Control Message Protocol
Analyzing the outcome, we could see an ICMP Route Redirect message from Router1
to PC2, in the packet number 28. Then, the Router1 sends the ICMP Echo Request
that was previously sent to it to the Router2, which is the best route to reach PC3. We
can also see the other four ICMP Echo Request messages going from PC2 to Router,
after PC2 has updated its routing cache.
Explain how Router1, in the previous examples, knows that datagrams destined to
network 10.0.3.10 should be forwarded to 10.0.2.2?
Before issuing the ping, we added a new static routing entry on Router1. This entry
stated that the packets whose destination was any host inside the network 10.0.3.0
must have the host 10.0.2.2 as the next hop.
Part 6. Routing Loops
At this moment in the lab we configured the routing tables of the hosts and routers to
create a routing loop. The network traffic of PC4 was captured by wireshark and two
packets are showed in details below.
No.
Time
Source
Destination
Length Info
2 0.000588000
10.0.4.10
10.0.1.10
98
Echo (ping) request id=0x08a4, seq=1/256, ttl=61
Protocol
ICMP
64 de 04 00 00 00 00 00 10 11 12 13 14 15 16 17
d...............
18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27
........ !"#$%&'
28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37
()*+,-./01234567
Data: 64de040000000000101112131415161718191a1b1c1d1e1f...
[Length: 48]
No.
Time
Source
Destination
Length Info
3 0.000934000
10.0.4.10
10.0.1.10
98
Echo (ping) request id=0x08a4, seq=1/256, ttl=58
Protocol
ICMP
64 de 04 00 00 00 00 00 10 11 12 13 14 15 16 17
d...............
18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27
........ !"#$%&'
28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37
()*+,-./01234567
Data: 64de040000000000101112131415161718191a1b1c1d1e1f...
[Length: 48]
Why does the ICMP Echo Request packet not loop forever in the network?
The packets header has a field called Time-to-Live (TTL) which defines the number
of hops the packets can stay in the network before being discarded.
Part 7. Netmask and Routing
3c
Routing table PC1:
default via 10.0.1.1 dev em1
10.0.1.0/24 dev em1 proto kernel
scope link
src 10.0.1.10
scope link
src 10.0.2.10
scope link
src 10.0.2.137
3d.
Routing table PC1:
default via 10.0.1.1 dev em1
10.0.1.0/24 dev em1 proto kernel
scope link
src 10.0.1.10
scope link
src 10.0.2.10
4c
default via 10.0.2.138 dev em1
10.0.2.136/29 dev em1 proto kernel
4d.
scope link
src 10.0.2.137