How the ICMP message is used to identify the IP datagram that caused the error?
The purpose of the lab is to observe an ICMP port unreachable message and to see how the ICMP message is used to identify the IP datagram that caused the error.
Open a terminal window on hostC1 and start tcpdump:
Open another terminal window on hostC1 send a single UDP datagram to a non-existent port (32000) on hostA1.
Observe the sock output
Observe the tcpdump output.
Results:
sock output:
[student@hostC1 ~]$ sock -u hostA1 32000
hello
recv error: Connection refused
tcpdump output:
[student@hostC1 ~]$ sudo tcpdump -n -v port 32000 or icmp
tcpdump: listening on e0, link-type EN10MB (Ethernet), capture size 96 bytes
15:01:23.256295 IP (tos 0x0, ttl 64, id 15731, offset 0, flags [none], proto UDP (17), length 34)
10.1.3.1.64270 > 10.1.1.1.32000: UDP, length 6
15:01:23.279295 IP (tos 0x0, ttl 62, id 15710, offset 0, flags [none], proto ICMP (1), length 56)
10.1.1.1 > 10.1.3.1: ICMP 10.1.1.1 udp port 32000 unreachable, length 36
IP (tos 0x0, ttl 62, id 15731, offset 0, flags [none], proto UDP (17), length 34)
10.1.3.1.64270 > 10.1.1.1.32000: UDP, length 6
Discussion:
In Frame 1 the IP header and the UDP header are highlighted.
Frame 2 is the ICMP port unreachable message sent by hostA1 caused by the IP datagram in Frame 1.The ICMP payload of the ICMP message is the IP header + 8 bytes of IP payload of the datagram that caused the error.
HostC1 passes the unreachable port message to the sock application on port 64270.
The Sock program prints connection refused.