Icmp

Icmp is a nice protocol but often filtered by a firewall. When you are able to ping or traceroute to a host it would be nice to know what is on the other side. What kind of machine is talking and can you get all the way to the destination.
One way to make it to the destination is to use TCP traceroute instead of ICMP (ms) which is the default in Netscantools pro
when I do a traceroute with icmp to www.novell.com I will end in 192.94.118.247 but when I do a nslookup at www.novell.com I get back 130.57.5.25 so I never made it to the destination. Now try with TCP traceroute:
voila I get all the way to 130.57.5.25 www.novell.com

There is another interesting thing with ICMP. Always look at the payload. When you capture ICMP traffic and looking in Wireshark you might find what the "other" side OS is

E.g. take a look at the following tracefile icmp_payload.pcap

when you look at the payload of the packets you will see an alphabet abcdefghijklmnopqrstuvwabcdefghi but it stops at the w. This is a typical Microsoft host responding so voila the destination responding is MS.

Hope that you learned something (all copyright to Laura Chappell !)

Unless otherwise stated, the content of this page is licensed under Creative Commons Attribution-ShareAlike 3.0 License