ICMPv4 - Internet Control Message Protocol version 4 ====================================================== .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **What is ICMPv4?** ICMP stands for Internet Control Message Protocol. It is the version 4. It’s a network protocol used by devices like routers and computers to send error messages and operational information. .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Why is ICMPv4 useful?** ICMP is essential for network diagnostics and troubleshooting. It helps: * Detect unreachable hosts or networks * Report routing issues * Measure network latency and packet loss * Support tools like ping and traceroute .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **How it works?** * Device sends a message – e.g., a computer sends a ping (ICMP Echo Request) to another device * Target responds – If reachable, target replies with ICMP Echo Reply * Error reporting – Routers/hosts send ICMP messages on issues (Destination Unreachable, Time Exceeded) * No data transfer – ICMP only sends control and error messages, not user data .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Where is ICMPv4 used?** * Ping command – To check host reachability and response time * Traceroute – To trace packet path to destination * Routers/gateways – Report unreachable destinations or TTL expiry * Network monitoring tools – Assess network health and performance .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow **Which OSI layer does this protocol belong to?** * Works closely with IP to report packet delivery issues * Deals with routing and delivery errors, not application data * Manages and controls IP-based network behavior .. panels:: :container: container pb-4 :column: col-lg-12 p-2 :card: shadow Topics in this section, * :ref:`Learnings in this section ` * :ref:`Terminology ` * :ref:`Version Info ` * :ref:`ICMPv4 Version&RFC Details ` * :ref:`ICMPv4 Basic Setup on Ubuntu using IPv4 ` * :ref:`ICMPv4 Protocol Packet Details ` * :ref:`ICMPv4 Usecases ` * :ref:`ICMPv4 Basic Features ` * :ref:`ICMPv4 Feature : Diagnostic Tools Support ` * :ref:`ICMPv4 Feature : Message Types and Codes ` * :ref:`ICMPv4 Feature : Error Reporting ` * :ref:`ICMPv4 Feature : Lightweight Protocol ` * :ref:`ICMPv4 Feature : No Reliability Mechanism ` * :ref:`ICMPv4 Feature : Control and Informational Messages ` * :ref:`ICMPv4 Feature : Stateless Operation ` * :ref:`ICMPv4 Feature : Security Considerations ` * :ref:`Reference links ` .. _ICMPv4_step1: .. tab-set:: .. tab-item:: Learnings in this section * In this section, you are going to learn .. _ICMPv4_step2: .. tab-set:: .. tab-item:: Terminology * Terminology .. _ICMPv4_step3: .. tab-set:: .. tab-item:: Version Info * Version Info .. _ICMPv4_step5: .. tab-set:: .. tab-item:: ICMPv4 Version&RFC Details .. csv-table:: :file: ./ICMPv4/ICMPv4_Version_RFC_details.csv :widths: 10,10,10,30 :header-rows: 1 .. _ICMPv4_step18: .. tab-set:: .. tab-item:: ICMPv4 Basic Setup on Ubuntu using IPv4 **Testcase 1: Ping Test** * Step-1 : Launch GNS3 and Create Network Topology .. note:: * Use GNS3 to simulate two Ubuntu virtual machines. * Connect both VMs using a virtual Ethernet cable. 1. Open GNS3 2. Add **two Ubuntu VMs** to the canvas 3. Connect the VMs using an **Ethernet link** 4. Start both virtual machines * Step-2 : Assign Static IPv4 Addresses .. code-block:: shell VM1:~$ sudo ifconfig enp0s8 192.168.1.10 up VM2:~$ sudo ifconfig enp0s8 192.168.1.20 up .. note:: * Both machines must be on the **same subnet** * Replace `enp0s8` with your actual interface name (check via `ifconfig`) * Step-3 : Verify Interface Configuration .. code-block:: shell VM1:~$ ip a show enp0s8 VM2:~$ ip a show enp0s8 * expected output : * inet 192.168.1.10/24 (on VM1) * inet 192.168.1.20/24 (on VM2) * Step-4 : Start Wireshark Capture in GNS3 * Right-click the Ethernet link between VM1 and VM2 * Click **Start Capture** * Step-5 : Test ICMPv4 Connectivity .. code-block:: shell VM2:~$ ping 192.168.1.10 PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data. 64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.503 ms 64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.412 ms 64 bytes from 192.168.1.10: icmp_seq=3 ttl=64 time=0.421 ms 64 bytes from 192.168.1.10: icmp_seq=4 ttl=64 time=0.395 ms --- 192.168.1.10 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 0.395/0.432/0.503/0.043 ms .. note:: * This confirms successful ICMPv4 communication from VM2 to VM1 * Step-6 : Capture and Inspect ICMPv4 Traffic .. note:: * You will observe: - **ICMP Echo Request** from 192.168.1.20 to 192.168.1.10 - **ICMP Echo Reply** from 192.168.1.10 to 192.168.1.20 * Wireshark Capture :download:`Download wireshark capture ` **Testcase 2: Fast Ping Test** * Step-1 : Launch GNS3 and Create Network Topology .. note:: * Use GNS3 to simulate two Ubuntu virtual machines. * Connect both VMs using a virtual Ethernet cable. 1. Open GNS3 2. Add **two Ubuntu VMs** to the canvas 3. Connect the VMs using an **Ethernet link** 4. Start both virtual machines * Step-2 : Assign Static IPv4 Addresses .. code-block:: shell VM1:~$ sudo ifconfig enp0s8 192.168.1.10 up VM2:~$ sudo ifconfig enp0s8 192.168.1.20 up .. note:: * Both machines must be on the **same subnet** * Replace `enp0s8` with your actual interface name (check via `ifconfig`) * Step-3 : Verify Interface Configuration .. code-block:: shell VM1:~$ ip a show enp0s8 VM2:~$ ip a show enp0s8 * expected output : * inet 192.168.1.10/24 (on VM1) * inet 192.168.1.20/24 (on VM2) * Step-4 : Start Wireshark Capture in GNS3 * Right-click the Ethernet link between VM1 and VM2 * Click **Start Capture** * Step-5 : Test ICMPv4 Connectivity with fast ping. .. code-block:: shell VM2:~$ sudo ping -f 192.168.1.10 PING 192.168.1.10 (192.168.1.10) 56(84) bytes of data. ................................................................................................................................................................... --- 192.168.1.10 ping statistics --- 5000 packets transmitted, 5000 received, 0% packet loss, time 471ms rtt min/avg/max/mdev = 0.043/0.097/1.203/0.054 ms, ipg/ewma 0.094/0.091 ms // Can see ICMP echo request from 192.168.1.20 to 192.168.1.10 // Can see ICMP echo reply from 192.168.1.10 to 192.168.1.20 .. note:: * This uses high-speed flooding to test ICMPv4 throughput and stability. * Useful for performance testing or triggering firewall/IDS logs. * Step-6 : Capture and Inspect Fast ICMPv4 Traffic .. note:: * You will observe: * A burst of **ICMP Echo Requests** from 192.168.1.20 to 192.168.1.10 * Corresponding **ICMP Echo Replies** from 192.168.1.10 to 192.168.1.20 * High frequency and low latency if the network is stable. * Wireshark Capture :download:`Download wireshark capture ` **Testcase 3: Jumbo Packet Ping Test** * Step-1 : Launch GNS3 and Create Network Topology .. note:: * Use GNS3 to simulate two Ubuntu virtual machines. * Connect both VMs using a virtual Ethernet cable. 1. Open GNS3 2. Add **two Ubuntu VMs** to the canvas 3. Connect the VMs using an **Ethernet link** 4. Start both virtual machines * Step-2 : Assign Static IPv4 Addresses .. code-block:: shell VM1:~$ sudo ifconfig enp0s8 192.168.1.10 up VM2:~$ sudo ifconfig enp0s8 192.168.1.20 up .. note:: * Both machines must be on the **same subnet** * Replace `enp0s8` with your actual interface name (check via `ifconfig`) * Step-3 : Verify Interface Configuration .. code-block:: shell VM1:~$ ip a show enp0s8 VM2:~$ ip a show enp0s8 * expected output : * inet 192.168.1.10/24 (on VM1) * inet 192.168.1.20/24 (on VM2) * Step-4 : Start Wireshark Capture in GNS3 * Right-click the Ethernet link between VM1 and VM2 * Click **Start Capture** * Step-5 : Test ICMPv4 Connectivity with Jumbo Packets .. code-block:: shell VM2:~$ ping -s 1472 -M do 192.168.1.10 PING 192.168.1.10 (192.168.1.10) 1472(1500) bytes of data. 1480 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=0.768 ms 1480 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=0.752 ms 1480 bytes from 192.168.1.10: icmp_seq=3 ttl=64 time=0.719 ms 1480 bytes from 192.168.1.10: icmp_seq=4 ttl=64 time=0.702 ms --- 192.168.1.10 ping statistics --- 9 packets transmitted, 9 received, 0% packet loss, time 3006ms rtt min/avg/max/mdev = 0.702/0.735/0.768/0.026 ms .. note:: * -s 1472: Specifies the ICMP payload size in bytes * (1472 bytes is used because 1500 - IP header (20) - ICMP header (8) = 1472) * -M do: Sets the "Don't Fragment" (DF) bit in the IP header * Can see ICMP echo request from 192.168.1.20 to 192.168.1.10 * Can see ICMP echo reply from 192.168.1.10 to 192.168.1.20 * Can see data size as 1472 in ICMP packets .. note:: * This test validates whether larger ICMP packets can be transmitted without fragmentation. * It also checks MTU boundaries and DF bit handling on the network path. * Step-6 : Capture and Inspect Jumbo ICMPv4 Traffic .. note:: * You will observe: * ICMP Echo Requests with 1472-byte payload (1480 bytes total) * Echo Replies of the same size * DF (Don't Fragment) flag set in packet headers * Wireshark Capture :download:`Download wireshark capture ` **Testcase 4: Destination Unreachable (Port Unreachable)** * Step-1 : Launch GNS3 and Create Network Topology .. note:: * Use GNS3 to simulate two Ubuntu virtual machines. * Connect both VMs using a virtual Ethernet cable. 1. Open GNS3 2. Add **two Ubuntu VMs** to the canvas 3. Connect the VMs using an **Ethernet link** 4. Start both virtual machines * Step-2 : Assign Static IPv4 Addresses .. code-block:: shell VM1:~$ sudo ifconfig enp0s8 192.168.1.10 up VM2:~$ sudo ifconfig enp0s8 192.168.1.20 up .. note:: * Both machines must be on the **same subnet** * Replace `enp0s8` with your actual interface name (check via `ifconfig`) * Step-3 : Verify Interface Configuration .. code-block:: shell VM1:~$ ip a show enp0s8 VM2:~$ ip a show enp0s8 * expected output : * inet 192.168.1.10/24 (on VM1) * inet 192.168.1.20/24 (on VM2) * Step-4 : Start Wireshark Capture in GNS3 * Right-click the Ethernet link between VM1 and VM2 * Click **Start Capture** * Step-5 : Trigger ICMP Destination Unreachable (Port Unreachable) .. code-block:: shell VM2:~$ nc -u 192.168.1.10 9999 hello * expected behavior:: - No service is running on **UDP port 9999** of VM1. - VM1 replies with **ICMP Type 3, Code 3** (Destination Unreachable – Port Unreachable). - The `hello` string is sent as a UDP probe. - Wireshark captures an ICMP error packet generated by VM1. .. note:: * Ensure **no UDP service is running** on port 9999 of VM1. * If you run `nc -u -l 9999` on VM1, this test will **not** work as intended. * Step-6 : Capture and Inspect ICMP Destination Unreachable Packet .. note:: * You will observe: * UDP packet from 192.168.1.20 to 192.168.1.10:9999 * ICMP response from 192.168.1.10 to 192.168.1.20 * Type 3 (Destination Unreachable), Code 3 (Port Unreachable) * The payload of the original UDP packet is echoed back inside the ICMP error * Wireshark Capture :download:`Download wireshark capture ` **Testcase 5: Broadcast Ping (No Response Found)** * Step-1 : Launch GNS3 and Create Network Topology .. note:: * Use GNS3 to simulate two Ubuntu virtual machines. * Connect both VMs using a virtual Ethernet cable. 1. Open GNS3 2. Add **two Ubuntu VMs** to the canvas 3. Connect the VMs using an **Ethernet link** 4. Start both virtual machines * Step-2 : Assign Static IPv4 Addresses .. code-block:: shell VM1:~$ sudo ifconfig enp0s8 192.168.1.10 up VM2:~$ sudo ifconfig enp0s8 192.168.1.20 up .. note:: * Both machines must be on the **same subnet** * Replace `enp0s8` with your actual interface name (check via `ifconfig`) * Step-3 : Verify Interface Configuration .. code-block:: shell VM1:~$ ip a show enp0s8 VM2:~$ ip a show enp0s8 * expected output : * inet 192.168.1.10/24 (on VM1) * inet 192.168.1.20/24 (on VM2) * Step-4 : Start Wireshark Capture in GNS3 * Right-click the Ethernet link between VM1 and VM2 * Click **Start Capture** * Step-5 : Send Broadcast ICMPv4 Echo Request from VM2 .. code-block:: shell VM2:~$ ping -b 192.168.1.255 WARNING: pinging broadcast address PING 192.168.1.255 (192.168.1.255) 56(84) bytes of data. --- 192.168.1.255 ping statistics --- 6 packets transmitted, 0 received, 100% packet loss, time 5114ms .. note:: * This is a **directed broadcast** to the subnet's broadcast address (192.168.1.255) * Most modern systems and networks **drop broadcast pings** for security reasons * You will see **ICMP Echo Requests**, but **no Echo Replies** * expected behavior : - ICMP Echo Request packets are sent by VM2 to 192.168.1.255 - No reply is received from any host, including VM1 - Wireshark confirms presence of Echo Requests only * Step-6 : Capture and Inspect ICMP Broadcast Behavior .. note:: * You will observe: * Multiple ICMP Echo Requests to 192.168.1.255 from 192.168.1.20 * No ICMP Echo Replies from any host * Indicates that **broadcast ping response is suppressed** * Wireshark Capture :download:`Download wireshark capture ` **Testcase 6: Broadcast Ping with Delayed Response** * Step-1 : Launch GNS3 and Create Network Topology .. note:: * Use GNS3 to simulate two Ubuntu virtual machines. * Connect both VMs using a virtual Ethernet cable. 1. Open GNS3 2. Add **two Ubuntu VMs** to the canvas 3. Connect the VMs using an **Ethernet link** 4. Start both virtual machines * Step-2 : Assign Static IPv4 Addresses .. code-block:: shell VM1:~$ sudo ifconfig enp0s8 192.168.1.10 up VM2:~$ sudo ifconfig enp0s8 192.168.1.20 up .. note:: * Both machines must be on the **same subnet** * Replace `enp0s8` with your actual interface name (check via `ifconfig`) * Step-3 : Verify Interface Configuration .. code-block:: shell VM1:~$ ip a show enp0s8 VM2:~$ ip a show enp0s8 * expected output : * inet 192.168.1.10/24 (on VM1) * inet 192.168.1.20/24 (on VM2) * Step-4 : Enable Broadcast Echo Replies .. code-block:: shell VM1 & VM2:~$ sudo nano /etc/sysctl.conf # Add this line at the end: net.ipv4.icmp_echo_ignore_broadcasts=0 # Apply changes immediately VM1 & VM2:~$ sudo sysctl -p * expected output : * net.ipv4.icmp_echo_ignore_broadcasts = 0 .. note:: * This allows Linux systems to respond to ICMP Echo Requests sent to a broadcast address. * Step-5 : Start Wireshark Capture in GNS3 * Right-click the Ethernet link between VM1 and VM2 * Click **Start Capture** * Step-6 : Send Broadcast Ping from VM2 .. code-block:: shell VM2:~$ ping -b 192.168.1.255 WARNING: pinging broadcast address PING 192.168.1.255 (192.168.1.255) 56(84) bytes of data. 64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=3.12 ms 64 bytes from 192.168.1.10: icmp_seq=1 ttl=64 time=5.87 ms 64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=3.05 ms 64 bytes from 192.168.1.10: icmp_seq=2 ttl=64 time=6.34 ms 64 bytes from 192.168.1.10: icmp_seq=3 ttl=64 time=2.89 ms 64 bytes from 192.168.1.10: icmp_seq=3 ttl=64 time=5.76 ms --- 192.168.1.255 ping statistics --- 3 packets transmitted, 3 received, +3 duplicates, 0% packet loss, time 2005ms rtt min/avg/max/mdev = 2.89/4.83/6.34 ms, pipe 2 .. note:: * VM1 replies to the broadcast ICMP Echo Requests since `icmp_echo_ignore_broadcasts=0` * Duplicate replies may be observed due to how Linux handles replies and timing in virtualized environments * Delay is possible in GNS3/VM due to scheduling or emulation latency * expected behavior : - ICMP Echo Requests are sent from VM2 to 192.168.1.255 - VM1 responds with ICMP Echo Replies - Duplicate responses or delayed responses may occur * Step-7 : Capture and Inspect ICMP Broadcast Responses .. note:: * You will observe: * ICMP Echo Requests from 192.168.1.20 to 192.168.1.255 * ICMP Echo Replies from 192.168.1.10 to 192.168.1.20 * Duplicates and out-of-order timing are possible * Wireshark Capture :download:`Download wireshark capture ` .. _ICMPv4_step6: .. tab-set:: .. tab-item:: ICMPv4 Protocol Packet Details **ICMPv4 Echo Request Packet** .. csv-table:: :file: ./ICMPv4/ICMPv4_Packetdetails1.csv :widths: 10,20,30,10 :header-rows: 1 **ICMPv4 Echo Reply Packet** .. csv-table:: :file: ./ICMPv4/ICMPv4_Packetdetails2.csv :widths: 10,20,30,10 :header-rows: 1 **ICMPv4 Destination Unreachable Packet** .. csv-table:: :file: ./ICMPv4/ICMPv4_Packetdetails3.csv :widths: 10,20,30,10 :header-rows: 1 **ICMPv4 Time Exceeded Packet** .. csv-table:: :file: ./ICMPv4/ICMPv4_Packetdetails4.csv :widths: 10,20,30,10 :header-rows: 1 **ICMPv4 Redirect Packet** .. csv-table:: :file: ./ICMPv4/ICMPv4_Packetdetails5.csv :widths: 10,20,30,10 :header-rows: 1 **ICMPv4 Parameter Problem Packet** .. csv-table:: :file: ./ICMPv4/ICMPv4_Packetdetails6.csv :widths: 10,20,30,10 :header-rows: 1 .. _ICMPv4_step7: .. tab-set:: .. tab-item:: ICMPv4 Usecases .. csv-table:: :file: ./ICMPv4/ICMPv4_Use_Cases.csv :widths: 10,20,30 :header-rows: 1 .. _ICMPv4_step8: .. tab-set:: .. tab-item:: ICMPv4 Basic Features .. csv-table:: :file: ./ICMPv4/ICMPv4_Basic_Features.csv :widths: 10,10,30 :header-rows: 1 .. _ICMPv4_step9: .. tab-set:: .. tab-item:: ICMPv4 Feature : Diagnostic Tools Support **Diagnostic Tools Support - Testcases** .. csv-table:: :file: ./ICMPv4/ICMPv4_Feature1_Diagnostic_Tools_Support_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _ICMPv4_step10: .. tab-set:: .. tab-item:: ICMPv4 Feature : Message Types and Codes **Message Types and Codes - Testcases** .. csv-table:: :file: ./ICMPv4/ICMPv4_Feature2_Message_Types_Codes_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _ICMPv4_step11: .. tab-set:: .. tab-item:: ICMPv4 Feature : Error Reporting **Error Reporting - Testcases** .. csv-table:: :file: ./ICMPv4/ICMPv4_Feature3_Error_Reporting_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _ICMPv4_step12: .. tab-set:: .. tab-item:: ICMPv4 Feature : Lightweight Protocol **Lightweight Protocol - Testcases** .. csv-table:: :file: ./ICMPv4/ICMPv4_Feature4_Lightweight_Protocol_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _ICMPv4_step13: .. tab-set:: .. tab-item:: ICMPv4 Feature : No Reliability Mechanism **No Reliability Mechanism - Testcases** .. csv-table:: :file: ./ICMPv4/ICMPv4_Feature5_No_Reliability_Mechanism_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _ICMPv4_step14: .. tab-set:: .. tab-item:: ICMPv4 Feature : Control and Informational Messages **Control and Informational Messages - Testcases** .. csv-table:: :file: ./ICMPv4/ICMPv4_Feature6_Control_Informational_Messages_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _ICMPv4_step15: .. tab-set:: .. tab-item:: ICMPv4 Feature : Stateless Operation **Stateless Operation - Testcases** .. csv-table:: :file: ./ICMPv4/ICMPv4_Feature7_Stateless_Operation_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _ICMPv4_step16: .. tab-set:: .. tab-item:: ICMPv4 Feature : Security Considerations **Security Considerations - Testcases** .. csv-table:: :file: ./ICMPv4/ICMPv4_Feature8_Security_Considerations_TestCases.csv :widths: 10,10,30,20 :header-rows: 1 .. _ICMPv4_step17: .. tab-set:: .. tab-item:: Reference links * Reference links