ICMP/ Ping Echo request/replys

DANMOH009

I've been trying to do some basic research on ICMP specifically ping.

Im diagnosing the possible outcomes and what each mean.

i been working on a few and got stuck on one.

* Destination Unreachable - No Route in the routing table for the destination. <think im right here

* Echo reply/response - End device responding back. <think im right here

* TTL expired in Transit/ Request Timeout - Route has gone through maximum number of hops and no destination found, Give up looking. <<<<<<<<<<<< am i right here???? I was doing some testing, am i right in saying every-time i get a request timeout, its when my request has gone through 255 hops???

Thanks

Dan

Zartanasaurus

Destination unreachable has a lot of sub categories.

It could be that there's no route like you said. Or a route could exist, but it couldn't resolve the L2 address (PC is turned off/non existent). Or it could be that particular service isn't running IE SSH connect to something not running an SSH server. Or it could be administratively prohibited with an ACL.

You're on the right track though. Yes to your last question, although not necessarily 255 hops. Windows sends out packets with a TTL of 128. Traceroute sends out packets with a TTL of 1 and increases until it reaches the destination (this is how traceroute is able to determine the intermediate routers).

boredgamelad

DANMOH009 wrote: »

* TTL expired in Transit/ Request Timeout - Route has gone through maximum number of hops and no destination found, Give up looking. <<<<<<<<<<<< am i right here???? I was doing some testing, am i right in saying every-time i get a request timeout, its when my request has gone through 255 hops???

You're close but it's not necessarily going to be after 255 hops. The TTL is set by the sending device so you may not be using a TTL of 255 when you're using ICMP. You could be using a TTL of 1 which means you'd get a TTL exceeded response from the very first hop.

Take traceroute for example. First it sends an ICMP echo with a TTL of 1, then 2, then 3, etc. At each successive hop the TTL is decremented to 0 so an ICMP TTL exceeded (type 11 code 0) is sent in response.

Just as an example, traceroute shows my hop count to google.com is 15 hops. If I set the TTL of my outgoing packets to 14, I'll see some expired in transit messages:

ping -i 14 google.com

Pinging google.com [74.125.226.200] with 32 bytes of data:
Reply from 216.239.46.216: TTL expired in transit.
Reply from 216.239.46.216: TTL expired in transit.
Reply from 216.239.46.216: TTL expired in transit.
Reply from 216.239.46.216: TTL expired in transit.

Ping statistics for 74.125.226.200:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

In this case, my packets are getting as far as 216.239.46.216 and being dropped because the TTL has reached 0.

However, these are different than request timed out messages. Request timed out is what you'll receive when the other side doesn't respond:

ping 4.4.4.4

Pinging 4.4.4.4 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 4.4.4.4:
    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

4.4.4.4 could be behind a firewall that doesn't allow incoming pings. Or, though more unlikely, they might allow incoming echo requests but block echo replies going out. There are many other possibilities but probably most important to remember is that request timed out essentially means "the other side did not reply".

And these are both different than destination unreachable messages, which you can get for a variety of reasons. For example, if you try to ping a host on the same subnet that is offline, ARP will fail to get a response. You'll get a destination unreachable message from your own computer (67.9 is me) which indicates that ICMP never even generated a packet:

ping 10.100.67.1

Pinging 10.100.67.1 with 32 bytes of data:
Reply from 10.100.67.9: Destination host unreachable.
Reply from 10.100.67.9: Destination host unreachable.

Another reason you'll get destination unreachable is if a router along the way doesn't have a route to the destination.

As Zartanasaurus said, there are many other reasons for the above messages, but these are the most common (in my experience).

Hope this helps!

taternuts666

Hey guys thanks for the detailed responses. As someone who is studying for the CCENT I love to read this stuff.

DANMOH009

Ye cheers guys, Cleared things up massively.

Ive just noticed one last thing on a successful ping response the TTL shows a number i.e. TTL=45 is that the amount of hops taken place for the that packet to reach its destination??

boredgamelad

Close again! That's the TTL of the reply sent by the device answering your ping.

Edit: Also, I feel compelled to point out that TTL is actually (if you read the RFC for IPv4) measured in seconds. However, every device that processes the packet is required to decrease the TTL by 1, even if it takes less than a second to process it. Since it doesn't take a second to process a packet, it ended up being the case that TTL became a hop count limit mechanism, even though it was intended as a limit on the number of seconds a packet could live. The TTL field has been renamed "hop limit" in IPv6, to reflect its actual usage.

mohamedshajid

Thanks mate. But i couldn't understand How TTL Works and What is it?