cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2488
Views
0
Helpful
17
Replies

icmp codes

sarahr202
Level 5
Level 5

Hi every body!

My book shows the following code:

! echo reply received.

N network unreachable

U destination unreachable

M can not fragment the packet

? unknown packet received.

=============================

Who sends these codes? the destination machine or the router connected to destination machine?

for example:

R1--------------R2--------------H3

let say i ping h3(3.3.3.3) from R1. Assume the host H3 is not powered on, so R2 interface connected to H3 is down as well. Since R2 has no path/route for 3.0.0.0 as the int is down, R3 will send the reply with code " U" to source(R1). In this case the last router(R2) not the intended destination (H3) sent the reply with code " u".

The replies with codes " N,U,M " are sent by routers not hosts( e.g win xp).

Any correction?

Thanks a lot and have a nice day!

6 Accepted Solutions

Accepted Solutions

Edison Ortiz
Hall of Fame
Hall of Fame

! is sent by the destination

N can be sent by any router in the path

U same as N

M same as N but also can be sent by the destination.

? same as N but also can be sent by the destination.

HTH,

__

Edison.

View solution in original post

If 'R' has a route to h2 and h2 isn't replying to ping packets, on 'R' device the message will be 'request time-out' but 'R' will inform any device that uses 'R' as transit that the destination is unreachable.

The reason 'R' has to reply with an ICMP 'Destination Unreachable' is that 'R' is still drawing traffic for that destination. If 'R' had no routes towards that destination, then all adjacent devices would timeout on their own.

View solution in original post

The reason 'R' is able to send back 'u' code to h1 is due to having h2 on its routing table.

On a typical environment, if h2 was a subnet announced on 'R' and h2 is turned off, the subnet would disappear. Again the answer depend upon what 'R' knows.

If 'R' has reachability information towards h2, it thinks it could get there but in reality it doesn't. In addition, 'R' is still announcing 'h2' as a reachable network thru him so when the packet comes to 'R', it's 'R' job to tell everyone, that it can't reach that network hence 'u' packet.

You would see this kind of behavior on FW environment, where the route is on the routing table but devices are unable to reach it due to FW rules.

Hope this is clear enough and if it isn't I suggest labbing it up :)

View solution in original post

R will send the ICMP information back to the source.

R holds the subnet for 2.0.0.0/8 but on this example, H2 is not a router so from R to H2 is a simply Layer2 connection. H2 is not providing any routing information to R and viceversa.

If you change your scenario and have H2 as a router, the answer would be different.

View solution in original post

R would have an ip address associated to a mac-address on its arp table (same segment). If that information is missing from the arp table is the R's job to reply to any request as R is the last hop routing device.

__

Edison.

View solution in original post

Sarah,

Please take a look at this URL:

http://wiki.wireshark.org/Gratuitous_ARP

The router will know about the existence of H2.

__

Edison.

View solution in original post

17 Replies 17

Edison Ortiz
Hall of Fame
Hall of Fame

! is sent by the destination

N can be sent by any router in the path

U same as N

M same as N but also can be sent by the destination.

? same as N but also can be sent by the destination.

HTH,

__

Edison.

Thanks Edison !

Just one more question came to mind.

The book says " the code 'u' is returned when the destination is not reachable"

you said the router will return this code..

But how?

For example

h1-------f1Rf2-------sw---------h2

Ip address:

h1; 1.1.1.1

h2: 2.2.2.2

f2: 2.2.2.1

f1: 1.1.1.2

Assume h2 is powered off. Though the h2 is powered off, the router is not aware of it.

The routing table at R;

c 1.0.0.0/8 f1

c 2.0.0.0/8 f2

========================

h1 sends ping to h2

R receives the ping and sends this out of f2. R does not know that h2 is not powered on.

In order for R to send ' u' code back to h1, R must know if the destination is reachable( up and running).My understanding is 'r' maintains routing table not hosts's status i.e if they are powered on or off.

So if "R" does not know if h2 is powered off, therefore unreachable, then how can router send 'u' code to h1, the ping- source?

thanks a lot and have a nice weekend!

Hi,

in this case the ICMP request will jsut time-out, and a dot(.) will be seen instead of a !

HTH,

Dario

Thanks Dairo.

The issue we are focus on . is when the cose" U" is used.

If 'R' has a route to h2 and h2 isn't replying to ping packets, on 'R' device the message will be 'request time-out' but 'R' will inform any device that uses 'R' as transit that the destination is unreachable.

The reason 'R' has to reply with an ICMP 'Destination Unreachable' is that 'R' is still drawing traffic for that destination. If 'R' had no routes towards that destination, then all adjacent devices would timeout on their own.

Thanks Edison.

But i still did not understand it.

Let me briefly recap.

h1------r-----------sw----h2

h2 is powered off.

1) h1(1.1.1.1) sends the ping to h2(2.2.2.2)

2) r has a route for 2.2.2.2. r simply forwards this ping packet to h2

3) h2 is powered off so ping packet is lost.

====================================

"The reason 'R' has to reply with an ICMP 'Destination Unreachable' is that 'R' is still drawing traffic for that destination. If 'R' had no routes towards that destination, then all adjacent devices would timeout on their own.

"

In our case 'r' has a route but h2 is powered off. I am particularly interested in following:

"The reason 'R' has to reply with an ICMP 'Destination Unreachable' is that 'R' is still drawing traffic for that destination."

Based on the above, the reason "r" is able to send back " u" code to h1 is because r is getting traffic for h2 from other sources as well.

My question is what about if i just plug the h2 out of the box into sw which is connected to r?

==================================

Second issue is that is giving me trouble is :

"If 'R' has a route to h2 and h2 isn't replying to ping packets, on 'R' device the message will be 'request time-out' but 'R' will inform any device that uses 'R' as transit that the destination is unreachable."

My understanding is transit routers just receive ip packets then route them if they a path. In case of ping, " time-out" concept applies to source which issues the ping.

Had "R" issued the ping and h2 had been powered off, the ping request will be timed out. r would act like a regular host. Like a regular host, if r does not recive any ping reply within required time, it will simply show " dot" and won't inform its adjacent routers.

Thanks a lot and have a nice weekend!

The reason 'R' is able to send back 'u' code to h1 is due to having h2 on its routing table.

On a typical environment, if h2 was a subnet announced on 'R' and h2 is turned off, the subnet would disappear. Again the answer depend upon what 'R' knows.

If 'R' has reachability information towards h2, it thinks it could get there but in reality it doesn't. In addition, 'R' is still announcing 'h2' as a reachable network thru him so when the packet comes to 'R', it's 'R' job to tell everyone, that it can't reach that network hence 'u' packet.

You would see this kind of behavior on FW environment, where the route is on the routing table but devices are unable to reach it due to FW rules.

Hope this is clear enough and if it isn't I suggest labbing it up :)

Thanks Edison.

"On a typical environment, if h2 was a subnet announced on 'R' and h2 is turned off, the subnet would disappear. Again the answer depend upon what 'R' knows."

If h2 is directly connected to router port, then then subnet will disappear.

But if h2 is connected to router via switch as shown below:

r-----sw-------h2

Then even h2 is powered off, router will have an entry for subnet, h2 is on.

example:

If there are two hosts h2 and h3

h2 2.2.2.2/8

h3 2.2.2.3/8

both these hosts are connected to router via L2 switch, and even if both hosts are powered off, then router still, will have an entry:

c 2.0.0.0/8 connected f0

Router does not hold individual host's ip, rather it stores the subnet/network hosts are on.

I understand the following:

"it is 'R' job to tell everyone, that it can't reach that network hence 'u' packet".

it will only applies if router does not have a route/subnet for destined ping packet. Things will be different if h2 is powered off and connected to router via switch. In such situation, the h2's subnet will be present in routing table and R upon receving ip ping for h2, will route this packet.

Excuse my ignorance what is " FW enviroment" ?

Sorry for being stubborn .

thanks a lot and have a nice 4th of july!

Sarah,

On this example, that's not a destination network but a host. I thought you were having H2 emulate a whole subnet but now I see the picture a bit clearer.

On this case, all routers will receive a 'request time-out' generic ICMP message.

FW = Firewall environment, where reaching devices need to traverse a secured firewall device.

Happy July 4th :)

__

Edison.

Thanks Edison for your reply and greeting.

The issue was who will send " U" code If destination( host) is powered off.

h1------r---sw-----h2

h1 1.1.1.1/8

h2 2.2.2.2/8

Though h2 is powered off, router"r" still hold the subnet 2.0.0.0/8 in its routing table.

when h1 sends the ping to h2, router " r" receives it and finds a match(2.0.0.0/8). Router then simply forwards it to h2. Since h2 is powered off, ping packet is lost. In this case, and according to your reply, code " U" will be sent to source (h1). But the question is how as router has no awareness of h2 being powered off.

Thanks for being so stoic with my ever repeating questions.

R will send the ICMP information back to the source.

R holds the subnet for 2.0.0.0/8 but on this example, H2 is not a router so from R to H2 is a simply Layer2 connection. H2 is not providing any routing information to R and viceversa.

If you change your scenario and have H2 as a router, the answer would be different.

thanks Edison

"R will send the ICMP information back to the source."

How does "R" determine the host(h2) is powered off and it(R) has to send icmp info back to source ?

thanks

R would have an ip address associated to a mac-address on its arp table (same segment). If that information is missing from the arp table is the R's job to reply to any request as R is the last hop routing device.

__

Edison.

Thanks Edison!

Based on your reply , another question popped up in my mind.

h1-------r----sw----h2

h1 1.1.1.1/8

h2 2.2.2.2/8

Let say i just unpacked and configured host (h2) with ip address and ip default gateway. Just out of box,h2 has not communicated to router and any other host which means router 's arp table has no entry for h2. Keeping this scenario in mind, h1 pings h2.

Based on your reply, router ,having checked its arp table and finding no entry for h2, should send icmp message back to h1 though h2 is powered on. That also means pings to host such as h2 which has not communicated with any hosts or gateway, should fail.

thanks once again for your patience.

I would definately have a happy 4th of july once i resolve this issue .

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco