Wireshark Lab: ICMP

Ping –n 10 www.ust.hk


1. What is the IP address of your host? What is the IP address of the destination
host?  
Host IP:  192.168.2.3
Destination IP : 143.89.14.34

2. Why is it that an ICMP packet does not have source and destination port
numbers?
ICMP is a session less protocol so it does not use port numbers.



3. Examine one of the ping request packets sent by your host. What are the ICMP
type and code numbers? What other fields does this ICMP packet have? How
many bytes are the checksum, sequence number and identifier fields?

The ICMP type is 8 and it is code 0.
The ICMP packet also has am identifier field and a sequence number field



4. Examine the corresponding ping reply packet. What are the ICMP type and code
numbers? What other fields does this ICMP packet have? How many bytes are the
checksum, sequence number and identifier fields?

The ICMP type is 0 and the code is 0
The other fields are checksum, identifier and sequence number




5. What is the IP address of your host? What is the IP address of the target
destination host?  

Host ip address 192.168.2.3
Destination ip address 193.51.193.149




6. If ICMP sent UDP packets instead (as in Unix/Linux), would the IP protocol
number still be 01 for the probe packets? If not, what would it be?

If the ICMP sent a UDP packet instead then the ip protocol number would not be 01 it would be 0x11


7. Examine the ICMP echo packet in your screenshot. Is this different from the
ICMP ping query packets in the first half of this lab? If yes, how so?

The  ICMP echo packet and the ping query packet have the same fields.

8. Examine the ICMP error packet in your screenshot. It has more fields than the
ICMP echo packet. What is included in those fields?

It contains the information of the packet that was in error and It also includes all of the ipv4 fields


9. Examine the last three ICMP packets received by the source host. How are these
packets different from the ICMP error packets? Why are they different?


The last three ICMP packets received by the source host have are type 0 unlike the error packets which are type 8
10. Within the tracert measurements, is there a link whose delay is significantly
longer than others?  Refer to the screenshot in Figure 4, is there a link whose
delay is significantly longer than others?  On the basis of the router names, can
you guess the location of the two routers on the end of this link?

There is a link whose delay is significantly longer than the others at 9 to 10. The link is clearly in new York city as it includes the abbreviation nyc.