Sniffing ICMP (Ping) Packets in GNS3 Using Wireshark

Nerd Cafe | نرد کافه

What ICMP Is

  • ICMP is a network layer (Layer 3) protocol.

  • It’s used for error reporting and network diagnostics, not for data transfer.

  • Works alongside IP, not independently.

Main Purposes of ICMP

  • Reports network errors (e.g., destination unreachable).

  • Helps with troubleshooting and testing network connectivity.

  • Provides status and control messages about IP packet delivery.

Common ICMP Message Types

  • Echo Request / Echo Reply → Used by ping.

  • Destination Unreachable → Target or route cannot be reached.

  • Time Exceeded → Packet’s TTL expired (used by traceroute).

  • Redirect → Router suggests a better route.

  • Parameter Problem → Invalid IP header field.

ICMP in Network Tools

  • Ping

    • Tests host reachability.

    • Measures round-trip time (RTT).

  • Traceroute

    • Maps the path packets take to a destination.

    • Uses TTL expiration + ICMP Time Exceeded messages.

Security Considerations

  • ICMP can be abused for DoS attacks (e.g., ping flood).

  • Often filtered or rate-limited by firewalls.

  • Blocking all ICMP is bad practice—it can break diagnostics and path MTU discovery.

Lab Objectives

  • Configure two hosts in the same subnet

  • Verify connectivity using ICMP (Ping)

  • Capture and analyze ICMP traffic

  • Understand ICMP Echo Request / Echo Reply behavior at packet level

Lab Topology

  • No switch, no router (direct L2 communication)

  • Same broadcast domain

Tools Used

  • GNS3 (or similar emulator)

  • VPCS (Virtual PC Simulator)

  • Wireshark (packet capture)

Step 1: Build the Topology

  1. Add 2 × VPCS nodes:

    • Name them PC1 and PC2

  2. Connect:

    • PC1 Ethernet0PC2 Ethernet0

  3. Start both VPCS nodes

Step 2: Configure IP Addressing

Configure PC1

Configure PC2

Both PCs are now in the same subnet (192.168.0.0/24)

Step 3: Start Packet Capture

  1. Right-click the link between PC1 ↔ PC2

  2. Select Start Capture

  3. Open capture in Wireshark

  4. Apply display filter:

Step 4: Generate ICMP Traffic

From PC1, ping PC2:

Step 5: ICMP Echo Request / Reply Flow

ICMP Echo Request

  • Source IP: 192.168.0.1

  • Destination IP: 192.168.0.2

  • Type: 8 (Echo Request)

  • TTL: 64

ICMP Echo Reply

  • Source IP: 192.168.0.2

  • Destination IP: 192.168.0.1

  • Type: 0 (Echo Reply)

  • TTL: 64

Step 6: Security & Sniffing Perspective (CEH Focus)

  • ICMP is clear-text → fully sniffable

  • Useful for:

    • Network mapping

    • Host discovery

  • Dangerous if abused:

    • Ping flood

    • ICMP tunneling

  • Often rate-limited, not fully blocked

💖 Support Our Work

If you find this post helpful and would like to support my work, you can send a donation via TRC-20 (USDT). Your contributions help us keep creating and sharing more valuable content.

circle-check

Thank you for your generosity! 🙏

Keywords

ICMP, Echo Request, Echo Reply, Ping, Traceroute, ARP, TTL, Sequence Number, Identifier, Packet Capture, Wireshark, VPCS, IP Addressing, Ethernet, Broadcast, Unicast, OSI Layer 3, Network Diagnostics, Sniffing, Latency, nerd cafe , نرد کافه

Channel Overview

🌐 Website: www.nerd-cafe.irarrow-up-right

📺 YouTube: @nerd-cafearrow-up-right

🎥 Aparat: nerd_cafearrow-up-right

📌 Pinterest: nerd_cafearrow-up-right

📱 Telegram: @nerd_cafearrow-up-right

📝 Blog: Nerd Café on Virgoolarrow-up-right

💻 GitHub: nerd-cafearrow-up-right

Last updated