search

Sniffing ICMP (Ping) Packets in GNS3 Using Wireshark

Nerd Cafe | نرد کافه

hashtag
What ICMP Is

  • ICMP is a network layer (Layer 3) protocol.

  • It’s used for error reporting and network diagnostics, not for data transfer.

  • Works alongside IP, not independently.

hashtag
Main Purposes of ICMP

  • Reports network errors (e.g., destination unreachable).

  • Helps with troubleshooting and testing network connectivity.

  • Provides status and control messages about IP packet delivery.

hashtag
Common ICMP Message Types

  • Echo Request / Echo Reply → Used by ping.

  • Destination Unreachable → Target or route cannot be reached.

  • Time Exceeded → Packet’s TTL expired (used by traceroute).

  • Redirect → Router suggests a better route.

  • Parameter Problem → Invalid IP header field.

hashtag
ICMP in Network Tools

  • Ping

    • Tests host reachability.

    • Measures round-trip time (RTT).

  • Traceroute

    • Maps the path packets take to a destination.

    • Uses TTL expiration + ICMP Time Exceeded messages.

hashtag
Security Considerations

  • ICMP can be abused for DoS attacks (e.g., ping flood).

  • Often filtered or rate-limited by firewalls.

  • Blocking all ICMP is bad practice—it can break diagnostics and path MTU discovery.

hashtag
Lab Objectives

  • Configure two hosts in the same subnet

  • Verify connectivity using ICMP (Ping)

  • Capture and analyze ICMP traffic

  • Understand ICMP Echo Request / Echo Reply behavior at packet level

hashtag
Lab Topology

  • No switch, no router (direct L2 communication)

  • Same broadcast domain

hashtag
Tools Used

  • GNS3 (or similar emulator)

  • VPCS (Virtual PC Simulator)

  • Wireshark (packet capture)

hashtag
Step 1: Build the Topology

  1. Add 2 × VPCS nodes:

    • Name them PC1 and PC2

  2. Connect:

    • PC1 Ethernet0PC2 Ethernet0

  3. Start both VPCS nodes

hashtag
Step 2: Configure IP Addressing

hashtag
Configure PC1

hashtag
Configure PC2

Both PCs are now in the same subnet (192.168.0.0/24)

hashtag
Step 3: Start Packet Capture

  1. Right-click the link between PC1 ↔ PC2

  2. Select Start Capture

  3. Open capture in Wireshark

  4. Apply display filter:

hashtag
Step 4: Generate ICMP Traffic

From PC1, ping PC2:

hashtag
Step 5: ICMP Echo Request / Reply Flow

hashtag
ICMP Echo Request

  • Source IP: 192.168.0.1

  • Destination IP: 192.168.0.2

  • Type: 8 (Echo Request)

  • TTL: 64

hashtag
ICMP Echo Reply

  • Source IP: 192.168.0.2

  • Destination IP: 192.168.0.1

  • Type: 0 (Echo Reply)

  • TTL: 64

hashtag
Step 6: Security & Sniffing Perspective (CEH Focus)

  • ICMP is clear-text → fully sniffable

  • Useful for:

    • Network mapping

    • Host discovery

  • Dangerous if abused:

    • Ping flood

    • ICMP tunneling

  • Often rate-limited, not fully blocked

hashtag
💖 Support Our Work

If you find this post helpful and would like to support my work, you can send a donation via TRC-20 (USDT). Your contributions help us keep creating and sharing more valuable content.

circle-check

TRC-20 Address: TAAVVf9ZxUpbyvTa6Gd5SGPmctBdy4PQwf

Thank you for your generosity! 🙏

hashtag
Keywords

ICMP, Echo Request, Echo Reply, Ping, Traceroute, ARP, TTL, Sequence Number, Identifier, Packet Capture, Wireshark, VPCS, IP Addressing, Ethernet, Broadcast, Unicast, OSI Layer 3, Network Diagnostics, Sniffing, Latency, nerd cafe , نرد کافه

hashtag
Channel Overview

🌐 Website: www.nerd-cafe.irarrow-up-right

📺 YouTube: @nerd-cafearrow-up-right

🎥 Aparat: nerd_cafearrow-up-right

📌 Pinterest: nerd_cafearrow-up-right

📱 Telegram: @nerd_cafearrow-up-right

📝 Blog: Nerd Café on Virgoolarrow-up-right

💻 GitHub: nerd-cafearrow-up-right

PreviousNetwork Traffic Analysis with Wireshark in GNS3NextSniffing DHCP in GNS3: Wireshark Capture of DORA Process

Last updated