Solved: Re: icmp codes - Page 2

sarahr202 · ‎06-23-2009

Hi every body!

My book shows the following code:

! echo reply received.

N network unreachable

U destination unreachable

M can not fragment the packet

? unknown packet received.

=============================

Who sends these codes? the destination machine or the router connected to destination machine?

for example:

R1--------------R2--------------H3

let say i ping h3(3.3.3.3) from R1. Assume the host H3 is not powered on, so R2 interface connected to H3 is down as well. Since R2 has no path/route for 3.0.0.0 as the int is down, R3 will send the reply with code " U" to source(R1). In this case the last router(R2) not the intended destination (H3) sent the reply with code " u".

The replies with codes " N,U,M " are sent by routers not hosts( e.g win xp).

Any correction?

Thanks a lot and have a nice day!

wandering_997 · ‎07-01-2009

hi Sarah,

In your scenario, r(router) will send arp request to the segment which h2 is in, it will keep sending arp request untill there's no traffic destinated to h2.

And the most important information you should understand is, only router (routing device) can tell others network/host unreachable.

suggest you read <> - chapter 9. ip routing.

Wandering

Edison Ortiz · ‎07-02-2009

Sarah,

Please take a look at this URL:

http://wiki.wireshark.org/Gratuitous_ARP

The router will know about the existence of H2.

__

Edison.

wandering_997 · ‎07-02-2009

[h1]----(R1)-----(R2)-----[h2]

h1: ping 10.217.15.3

R2: 10.217.15.1

h2: my laptop (10.217.15.87)

10.217.15.3 does not exist.

===

wandering@d630:~> sudo tcpdump -i eth0 -nvve $ icmp or arp $ and $ dst 10.217.15.3 or dst 10.217.15.1 $

tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes

09:41:44.238743 00:1d:71:43:ce:c9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.3 tell 10.217.15.1

09:41:47.259010 00:1d:71:43:ce:c9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.3 tell 10.217.15.1

09:41:49.485934 00:11:43:b5:a7:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.1 tell 10.217.15.72

09:41:49.641599 00:11:43:b5:a7:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.1 tell 10.217.15.72

09:41:51.299262 00:1d:71:43:ce:c9 > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.3 tell 10.217.15.1

09:42:02.486285 00:11:43:b5:a7:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.1 tell 10.217.15.72

09:42:02.563333 00:11:43:b5:a7:ff > ff:ff:ff:ff:ff:ff, ethertype ARP (0x0806), length 60: arp who-has 10.217.15.1 tell 10.217.15.72

^C

7 packets captured

7 packets received by filter

0 packets dropped by kernel

wandering@d630:~>

===

-bash-2.05b$ ping -c 10 10.217.15.3

PING 10.217.15.3 (10.217.15.3): 56 data bytes

--- 10.217.15.3 ping statistics ---

10 packets transmitted, 0 packets received, 100% packet loss

-bash-2.05b$

===

where's gratuitous arp?