icmp codes

Answered Question
Jun 23rd, 2009

Hi every body!

My book shows the following code:

! echo reply received.

N network unreachable

U destination unreachable

M can not fragment the packet

? unknown packet received.

=============================

Who sends these codes? the destination machine or the router connected to destination machine?

for example:

R1--------------R2--------------H3

let say i ping h3(3.3.3.3) from R1. Assume the host H3 is not powered on, so R2 interface connected to H3 is down as well. Since R2 has no path/route for 3.0.0.0 as the int is down, R3 will send the reply with code " U" to source(R1). In this case the last router(R2) not the intended destination (H3) sent the reply with code " u".

The replies with codes " N,U,M " are sent by routers not hosts( e.g win xp).

Any correction?

Thanks a lot and have a nice day!

I have this problem too.
0 votes
Correct Answer by Edison Ortiz about 7 years 5 months ago

Sarah,

Please take a look at this URL:

http://wiki.wireshark.org/Gratuitous_ARP

The router will know about the existence of H2.

__

Edison.

Correct Answer by Edison Ortiz about 7 years 5 months ago

R would have an ip address associated to a mac-address on its arp table (same segment). If that information is missing from the arp table is the R's job to reply to any request as R is the last hop routing device.

__

Edison.

Correct Answer by Edison Ortiz about 7 years 5 months ago

R will send the ICMP information back to the source.

R holds the subnet for 2.0.0.0/8 but on this example, H2 is not a router so from R to H2 is a simply Layer2 connection. H2 is not providing any routing information to R and viceversa.

If you change your scenario and have H2 as a router, the answer would be different.

Correct Answer by Edison Ortiz about 7 years 5 months ago

The reason 'R' is able to send back 'u' code to h1 is due to having h2 on its routing table.

On a typical environment, if h2 was a subnet announced on 'R' and h2 is turned off, the subnet would disappear. Again the answer depend upon what 'R' knows.

If 'R' has reachability information towards h2, it thinks it could get there but in reality it doesn't. In addition, 'R' is still announcing 'h2' as a reachable network thru him so when the packet comes to 'R', it's 'R' job to tell everyone, that it can't reach that network hence 'u' packet.

You would see this kind of behavior on FW environment, where the route is on the routing table but devices are unable to reach it due to FW rules.

Hope this is clear enough and if it isn't I suggest labbing it up :)

Correct Answer by Edison Ortiz about 7 years 5 months ago

If 'R' has a route to h2 and h2 isn't replying to ping packets, on 'R' device the message will be 'request time-out' but 'R' will inform any device that uses 'R' as transit that the destination is unreachable.

The reason 'R' has to reply with an ICMP 'Destination Unreachable' is that 'R' is still drawing traffic for that destination. If 'R' had no routes towards that destination, then all adjacent devices would timeout on their own.

Correct Answer by Edison Ortiz about 7 years 5 months ago

! is sent by the destination

N can be sent by any router in the path

U same as N

M same as N but also can be sent by the destination.

? same as N but also can be sent by the destination.

HTH,

__

Edison.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (6 ratings)
Loading.
Correct Answer
Edison Ortiz Tue, 06/23/2009 - 07:19

! is sent by the destination

N can be sent by any router in the path

U same as N

M same as N but also can be sent by the destination.

? same as N but also can be sent by the destination.

HTH,

__

Edison.

sarahr202 Sun, 06/28/2009 - 06:36

Thanks Edison !

Just one more question came to mind.

The book says " the code 'u' is returned when the destination is not reachable"

you said the router will return this code..

But how?

For example

h1-------f1Rf2-------sw---------h2

Ip address:

h1; 1.1.1.1

h2: 2.2.2.2

f2: 2.2.2.1

f1: 1.1.1.2

Assume h2 is powered off. Though the h2 is powered off, the router is not aware of it.

The routing table at R;

c 1.0.0.0/8 f1

c 2.0.0.0/8 f2

========================

h1 sends ping to h2

R receives the ping and sends this out of f2. R does not know that h2 is not powered on.

In order for R to send ' u' code back to h1, R must know if the destination is reachable( up and running).My understanding is 'r' maintains routing table not hosts's status i.e if they are powered on or off.

So if "R" does not know if h2 is powered off, therefore unreachable, then how can router send 'u' code to h1, the ping- source?

thanks a lot and have a nice weekend!

dario.didio Sun, 06/28/2009 - 23:54

Hi,

in this case the ICMP request will jsut time-out, and a dot(.) will be seen instead of a !

HTH,

Dario

sarahr202 Tue, 06/30/2009 - 10:46

Thanks Dairo.

The issue we are focus on . is when the cose" U" is used.

Correct Answer
Edison Ortiz Mon, 06/29/2009 - 04:44

If 'R' has a route to h2 and h2 isn't replying to ping packets, on 'R' device the message will be 'request time-out' but 'R' will inform any device that uses 'R' as transit that the destination is unreachable.

The reason 'R' has to reply with an ICMP 'Destination Unreachable' is that 'R' is still drawing traffic for that destination. If 'R' had no routes towards that destination, then all adjacent devices would timeout on their own.

sarahr202 Tue, 06/30/2009 - 11:07

Thanks Edison.

But i still did not understand it.

Let me briefly recap.

h1------r-----------sw----h2

h2 is powered off.

1) h1(1.1.1.1) sends the ping to h2(2.2.2.2)

2) r has a route for 2.2.2.2. r simply forwards this ping packet to h2

3) h2 is powered off so ping packet is lost.

====================================

"The reason 'R' has to reply with an ICMP 'Destination Unreachable' is that 'R' is still drawing traffic for that destination. If 'R' had no routes towards that destination, then all adjacent devices would timeout on their own.

"

In our case 'r' has a route but h2 is powered off. I am particularly interested in following:

"The reason 'R' has to reply with an ICMP 'Destination Unreachable' is that 'R' is still drawing traffic for that destination."

Based on the above, the reason "r" is able to send back " u" code to h1 is because r is getting traffic for h2 from other sources as well.

My question is what about if i just plug the h2 out of the box into sw which is connected to r?

==================================

Second issue is that is giving me trouble is :

"If 'R' has a route to h2 and h2 isn't replying to ping packets, on 'R' device the message will be 'request time-out' but 'R' will inform any device that uses 'R' as transit that the destination is unreachable."

My understanding is transit routers just receive ip packets then route them if they a path. In case of ping, " time-out" concept applies to source which issues the ping.

Had "R" issued the ping and h2 had been powered off, the ping request will be timed out. r would act like a regular host. Like a regular host, if r does not recive any ping reply within required time, it will simply show " dot" and won't inform its adjacent routers.

Thanks a lot and have a nice weekend!

Correct Answer
Edison Ortiz Tue, 06/30/2009 - 11:44

The reason 'R' is able to send back 'u' code to h1 is due to having h2 on its routing table.

On a typical environment, if h2 was a subnet announced on 'R' and h2 is turned off, the subnet would disappear. Again the answer depend upon what 'R' knows.

If 'R' has reachability information towards h2, it thinks it could get there but in reality it doesn't. In addition, 'R' is still announcing 'h2' as a reachable network thru him so when the packet comes to 'R', it's 'R' job to tell everyone, that it can't reach that network hence 'u' packet.

You would see this kind of behavior on FW environment, where the route is on the routing table but devices are unable to reach it due to FW rules.

Hope this is clear enough and if it isn't I suggest labbing it up :)

sarahr202 Tue, 06/30/2009 - 12:15

Thanks Edison.

"On a typical environment, if h2 was a subnet announced on 'R' and h2 is turned off, the subnet would disappear. Again the answer depend upon what 'R' knows."

If h2 is directly connected to router port, then then subnet will disappear.

But if h2 is connected to router via switch as shown below:

r-----sw-------h2

Then even h2 is powered off, router will have an entry for subnet, h2 is on.

example:

If there are two hosts h2 and h3

h2 2.2.2.2/8

h3 2.2.2.3/8

both these hosts are connected to router via L2 switch, and even if both hosts are powered off, then router still, will have an entry:

c 2.0.0.0/8 connected f0

Router does not hold individual host's ip, rather it stores the subnet/network hosts are on.

I understand the following:

"it is 'R' job to tell everyone, that it can't reach that network hence 'u' packet".

it will only applies if router does not have a route/subnet for destined ping packet. Things will be different if h2 is powered off and connected to router via switch. In such situation, the h2's subnet will be present in routing table and R upon receving ip ping for h2, will route this packet.

Excuse my ignorance what is " FW enviroment" ?

Sorry for being stubborn .

thanks a lot and have a nice 4th of july!

Edison Ortiz Tue, 06/30/2009 - 12:28

Sarah,

On this example, that's not a destination network but a host. I thought you were having H2 emulate a whole subnet but now I see the picture a bit clearer.

On this case, all routers will receive a 'request time-out' generic ICMP message.

FW = Firewall environment, where reaching devices need to traverse a secured firewall device.

Happy July 4th :)

__

Edison.

sarahr202 Wed, 07/01/2009 - 10:20

Thanks Edison for your reply and greeting.

The issue was who will send " U" code If destination( host) is powered off.

h1------r---sw-----h2

h1 1.1.1.1/8

h2 2.2.2.2/8

Though h2 is powered off, router"r" still hold the subnet 2.0.0.0/8 in its routing table.

when h1 sends the ping to h2, router " r" receives it and finds a match(2.0.0.0/8). Router then simply forwards it to h2. Since h2 is powered off, ping packet is lost. In this case, and according to your reply, code " U" will be sent to source (h1). But the question is how as router has no awareness of h2 being powered off.

Thanks for being so stoic with my ever repeating questions.

Correct Answer
Edison Ortiz Wed, 07/01/2009 - 10:25

R will send the ICMP information back to the source.

R holds the subnet for 2.0.0.0/8 but on this example, H2 is not a router so from R to H2 is a simply Layer2 connection. H2 is not providing any routing information to R and viceversa.

If you change your scenario and have H2 as a router, the answer would be different.

sarahr202 Wed, 07/01/2009 - 14:09

thanks Edison

"R will send the ICMP information back to the source."

How does "R" determine the host(h2) is powered off and it(R) has to send icmp info back to source ?

thanks

Correct Answer
Edison Ortiz Wed, 07/01/2009 - 14:27

R would have an ip address associated to a mac-address on its arp table (same segment). If that information is missing from the arp table is the R's job to reply to any request as R is the last hop routing device.

__

Edison.

sarahr202 Wed, 07/01/2009 - 23:01

Thanks Edison!

Based on your reply , another question popped up in my mind.

h1-------r----sw----h2

h1 1.1.1.1/8

h2 2.2.2.2/8

Let say i just unpacked and configured host (h2) with ip address and ip default gateway. Just out of box,h2 has not communicated to router and any other host which means router 's arp table has no entry for h2. Keeping this scenario in mind, h1 pings h2.

Based on your reply, router ,having checked its arp table and finding no entry for h2, should send icmp message back to h1 though h2 is powered on. That also means pings to host such as h2 which has not communicated with any hosts or gateway, should fail.

thanks once again for your patience.

I would definately have a happy 4th of july once i resolve this issue .

wandering_997 Wed, 07/01/2009 - 23:57

hi Sarah,

In your scenario, r(router) will send arp request to the segment which h2 is in, it will keep sending arp request untill there's no traffic destinated to h2.

And the most important information you should understand is, only router (routing device) can tell others network/host unreachable.

suggest you read <> - chapter 9. ip routing.

Wandering

wandering_997 Thu, 07/02/2009 - 17:29

[h1]----(R1)-----(R2)-----[h2]

h1: ping 10.217.15.3

R2: 10.217.15.1

h2: my laptop (10.217.15.87)

10.217.15.3 does not exist.

===

[email protected]:~> sudo tcpdump -i eth0 -nvve \( icmp or arp \) and \( dst 10.217.15.3 or dst 10.217.15.1 \)

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

09:41:44.238743 00:1d:71:43:ce:c9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.3 tell 10.217.15.1

09:41:47.259010 00:1d:71:43:ce:c9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.3 tell 10.217.15.1

09:41:49.485934 00:11:43:b5:a7:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.1 tell 10.217.15.72

09:41:49.641599 00:11:43:b5:a7:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.1 tell 10.217.15.72

09:41:51.299262 00:1d:71:43:ce:c9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.3 tell 10.217.15.1

09:42:02.486285 00:11:43:b5:a7:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.1 tell 10.217.15.72

09:42:02.563333 00:11:43:b5:a7:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.1 tell 10.217.15.72

^C

7 packets captured

7 packets received by filter

0 packets dropped by kernel

[email protected]:~>

===

-bash-2.05b$ ping -c 10 10.217.15.3

PING 10.217.15.3 (10.217.15.3): 56 data bytes

--- 10.217.15.3 ping statistics ---

10 packets transmitted, 0 packets received, 100% packet loss

-bash-2.05b$

===

where's gratuitous arp?

Actions

This Discussion