Hello everyone, nice to see you again. I am your friend, Full Stack Jun. Today, we’ll be talking about Wireshark ICMP packets.
As observed, the default ping on Windows executes four times, hence Wireshark captures 8 ICMP query packets. Let’s look at the process of a single request and response.
The blue section represents the IP header, totaling 20 bytes.
The blue section represents the ICMP packet, totaling 40 bytes.
By checking the ICMP packet type, it is known that Type 8 is a echo request (Ping request).
Using the same method, look at the Echo (ping) reply packet, the type is identified as 0.
By checking the ICMP packet type, it is known that Type 0 is an echo reply (Ping reply).
Each packet is encapsulated through three layers of protocols: the Data Link Layer (DLC) protocol, the IP protocol, and the ICMP protocol. The purpose and source address of the DLC protocol are MAC addresses, and the IP protocol’s destination and source addresses are IP addresses. This layer primarily sends the received information from upper layers. The ICMP protocol mainly uses Type and Code to identify, where “Type: 8, Code: 0” represents a diagnostic message request test packet and “Type: 0, Code: 0” represents the diagnostic message type response packet. ICMP provides various message types to offer network fault information feedback to source nodes; the message types can be summarized as follows:
(1) Diagnostic Message (Type: 8, Code: 0; Type: 0, Code: 0);
(2) Destination Unreachable Message (Type: 3, Code: 0-15);
(3) Redirect Message (Type: 5, Code: 0–4);
(4) Time Exceeded Message (Type: 11, Code: 0–1);
(5) Information Message (Type: 12–18).
