Tell us why there are two length fields (IP header length, IP datagram length) in the IP header?
The size of the IP header is not fixed. Depending on the IP options present, the size of the IP header will vary. A separate field for the IP header length is added so that the destination system can separate the IP datagram header from the payload.
In the IP header, there are indeed two fields related to length:
1. **IP Header Length (IHL)**: This field specifies the length of the IP header in 32-bit words. The value of this field indicates the size of the IP header, which can vary depending on the options present in the header. Since the IP header has a variable length, this field is necessary to determine where the actual data (payload) starts within the IP packet.
2. **IP Datagram Length (Total Length)**: This field specifies the total length of the IP datagram, including both the header and the payload (data). It indicates the overall size of the IP packet, including the IP header and the encapsulated protocol data unit (PDU). The maximum value for this field is 65,535 bytes, as it is a 16-bit field.
Having two separate length fields in the IP header serves the following purposes:
1. **Flexibility**: By specifying the length of the IP header separately from the total length of the IP datagram, the protocol allows for variable-length headers. This flexibility accommodates different header options or extensions that may be included in the IP header without affecting the overall length of the datagram.
2. **Efficiency**: Separating the header length from the total length allows for more efficient processing of IP packets. Network devices and routers can quickly determine the size of the IP header using the IHL field, which facilitates header parsing and forwarding decisions. Additionally, the Total Length field enables routers and hosts to process and fragment IP packets efficiently based on the available network MTU (Maximum Transmission Unit) size.
In summary, the presence of both the IP Header Length (IHL) and IP Datagram Length (Total Length) fields in the IP header allows for variable-length headers, efficient packet processing, and flexibility in handling IP packets with different sizes and configurations.
Explain how is the TTL field used to prevent indefinite looping of IP datagrams?
The TTL field contains a counter value set by the source host. Each gateway that processes this datagram, decreases the TTL value by one. When the TTL value reaches zero, the datagram is discarded.
In STP what device acts as a guide to setting the best paths between switches?
In STP, first, a central switch (or bridge, as it is called in STP) is selected - the "root bridge". All other switches calculate the shortest path to this root bridge.
Tell me what is the byte order used for transmitting datagram headers in the TCP/IP protocol suite?
All the datagram headers in the TCP/IP protocol suite are transmitted in the "big endian" byte order. i.e. The most significant byte is transmitted first. This is also called as "network byte order".
Which device or devices should have the Spanning Tree Protocol enabled to prevent host traffic from creating a broadcast storm?
Core_S1, Access_S2, and Access_S3
How does Spanning Tree Protocol aid network architecture?
Allows for redundant links by eliminating loops.
Tell us is the datagram identifier field unique for each IP datagram?
Yes. The IP datagram identifier field is different for each IP datagram transmitted. The fragments of an IP datagram will have the same identifier value.
Explain What is the typical value for the TTL field?
The typical value for a TTL field is 32 or 64.
What happens to an undeliverable datagram?
An undeliverable datagram is discarded and an ICMP error message is sent to the source host.
Which part of the IP datagram is used for calculating the checksum?
The checksum field in the IP header covers only the IP header. The payload data is not used for calculating this checksum.
What do you mean by IP is an unreliable protocol?
IP is an unreliable protocol because it does not guarantee the delivery of a datagram to its destination. The reliability must be provided by the upper layer protocols like TCP. IP does not support flow control, retransmission, acknowledgment and error recovery.
Is there a limitation on the minimum size of an IP datagram a network can handle?
Yes. All IP networks must be able to handle datagrams of at least 576 bytes in length.
Yes, there is a minimum size limit for an IP datagram that a network can handle. In the context of IPv4, the Minimum Transmission Unit (MTU) defines the smallest size of an IP datagram that a network can transmit without fragmentation.
The MTU represents the maximum size of the data payload (including the IP header) that can be transmitted over a particular network link without being divided into smaller fragments. If an IP datagram exceeds the MTU of a network link, it must be fragmented into smaller packets to fit within the MTU constraints.
The MTU size can vary depending on the underlying network technology and configuration. For example:
1. For Ethernet networks, the default MTU size is typically 1500 bytes, excluding the 14-byte Ethernet header and 4-byte Frame Check Sequence (FCS). Therefore, the maximum size of the IP datagram (including the IP header) that can be transmitted over an Ethernet network is 1500 bytes.
2. For Point-to-Point Protocol (PPP) links, the default MTU size is often set to 576 bytes due to historical reasons and to ensure compatibility with older networks and devices. Therefore, the maximum size of the IP datagram that can be transmitted over a PPP link is 576 bytes.
It's important to note that while there is a minimum size limit imposed by the MTU, there is no strict minimum size requirement for an IP datagram itself. However, in practice, most IP datagrams will have some minimum size to accommodate the IP header and the data payload, which must be at least large enough to contain the IP header fields and any encapsulated protocol data (e.g., TCP or UDP headers).
How is the value for datagram identifier calculated?
The IP datagram identifier is just a sequence number assigned by the transmitting host. The algorithm for assigning value to this field is not specified by the IP protocol.
Which RFC discusses IP?
RFC 791 discusses about the IP protocol version 4.
Is it possible for an IP datagram to be duplicated?
Yes. A host may receive the same copy of an IP datagram twice. It is up to the higher layer protocols to discard the duplicate copy of the datagram.
What is the minimum and maximum size of an IP datagram header?
The minimum size of an IP datagram header is 20 bytes. The maximum IP datagram header size is 60 bytes.
In IPv4, the minimum and maximum size of an IP datagram header are as follows:
1. **Minimum Size**: The minimum size of an IPv4 header is 20 bytes. This size includes the mandatory fields of the IPv4 header, such as the version, header length, type of service (TOS), total length, identification, flags, fragment offset, time to live (TTL), protocol, header checksum, source IP address, and destination IP address.
2. **Maximum Size**: The maximum size of an IPv4 header is 60 bytes. This size includes the mandatory fields as well as optional fields such as options and padding. Options are rarely used and typically only present when necessary, such as for specific routing or debugging purposes. The header length field (IHL) indicates the size of the header, allowing for variable-length headers.
Therefore, the IPv4 header can vary in size between 20 and 60 bytes, depending on the presence and size of optional fields and options. Most IPv4 headers encountered in typical network traffic are 20 bytes in size, as they only contain the mandatory fields required for routing and forwarding of IP packets.
How higher-level data is carried by IP to a destination host?
The data from higher-level protocols like TCP, UDP is encapsulated in an IP datagram and transmitted to the destination host. IP will not modify the higher-level data.
What is the difference between flow control and error control?
* Flow control: adjust and confirm data flow rate for successful transmission.
* Error Control: a way to recover corrupted data.
How do applications coexist over TCP and UDP?
Each application running over TCP or UDP distinguishes itself from other applications using the service by reserving and using a 16-bit port number. Destination and source port numbers are placed in the UDP and TCP headers by the originator of the packet before it is given to IP, and the destination port number allows the packet to be delivered to the intended recipient at the destination system.
Where do I find assigned port numbers?
The IANA allocates and keeps track of all kinds of arbitrary numbers used by TCP/IP, including well-known port numbers. The entire collection is published periodically in an RFC called the Assigned Numbers RFC, each of which supersedes the previous one in the series. The current Assigned Numbers RFC is RFC 1700
Data link layer is sub-divide into how many groups?
The Data link layer is divided into two groups:-
1)MAC Layer: MAC may refer to the sublayer that determines who is allowed to access the media at any one time (usually CSMA/CD). Other times it refers to a frame structure with MAC addresses inside.
2)LLC Layer: The uppermost sublayer, LLC, multiplexes protocols running atop the data link layer, and optionally provides flow control, acknowledgment, and error notification. The LLC provides addressing and control of the data link.
How does TCP try to avoid network meltdown?
TCP includes several mechanisms that attempt to sustain good data transfer rates while avoiding placing excessive load on the network. TCP's "Slow Start", "Congestion Avoidance", "Fast Retransmit" and "Fast Recovery" algorithms are summarised in RFC 2001. TCP also mandates an algorithm that avoids "Silly Window Syndrome" (SWS), an undesirable condition that results in very small chunks of data being transferred between sender and receiver. SWS Avoidance is discussed in RFC 813. The "Nagle Algorithm", which prevents the sending side of TCP from flooding the network with a train of small frames is described in RFC 896.
How does ARP response the request?
ARP sents the request in broadcast, response is unicast
When a source sends arp request the switch broadcast the arp req. if it doesn't have the destination mac address in its mac address table, if the destination mac is known then switch simply forwards the request to that particular host and the host sends the arp response to the switch and the switch will further send the arp response to the source requesting the mac address.
How can I detect that the other end of a TCP connection has crashed? Can I use "keepalives" for this?
when you send or transfer data on another end then you get acknowledgment if data is received. but if you are not getting any response or any acknowledgment from another side then it is understood that another side has been crashed.
Differentiate between forward lookup and reverse lookup in DNS?
Forward lookup convert: Host name to IP address.
Reverse lookup convert: IP address to Host name.
What is ifconfig?
By running ifconfig, you can see your current interface setup:
What is SIP? how does it work? what are the alternatives if any? current and future practice and application standards? references(books,urls,rfcs etc)
SIP is meant for Session Initiation Protocol. It works in the application layer. It especially used for initiating, modifying and terminating a session. you can find all details in rfc3261
Explain How does traceroute work? Now how does traceroute make sure that the packet follows the same path that a previous (with ttl - 1) probe packet went in?
First of all see traceroute works using ICMP packets. First source sends an ICMP packet with Time to Live (TTL) field as 1 to the destination address. Now intermediate router receives the packet and sees that TTL field has expired, so it sends a ICMP TTL expired reply. Now the source machine again sends the ICMP packet with TTL field as 2. This time second intermediate router replies. This process is repeated till destination is reached. That way the source can get the entire route upto destination.
Explain How do we use RSA for both authentication and secrecy?
RSA is based upon public key/private key concept. For authentication one can encrypt the hash (MD5/SHA) of the data with his private key. This is known as digital signature. And secrecy is achieved by encrypting the data with the public key of the target user. Generally we dont use RSA for encryption because of key size (1024 bits). Rather a symmetric session key (128/256 bit) is established between communicating parties and is used for encryption.
RSA -- Authentication can be achieved by using nonce value (prime number).
Eg: A wanna communicate with B
The val An1 is encrypted with private key of A and then with pub key of B. so B can decrypt it and then B should send back the An1 to A stating it none other than B
Secrecy is also maintained because they use their own private keys for decryption
Explain What is meant by port blocking within LAN?
Restricting the users from accessing a set of services within the local area network is called port blocking.
Explain Difference between broadcast domain and collision domain?
BROADCAST DOMAIN:
A broadcast domain is a logical division of a computer network, in which all nodes can reach each other by broadcast at the data link layer. A broadcast domain can be within the same LAN segment or it can be bridged to other LAN segments.
COLLIONS DOMAIN:
A collision domain is a section of a network where data packets can collide with one another when being sent on a shared medium or through repeaters, in particular, when using early versions of Ethernet. A network collision occurs when more than one device attempts to send a packet on a network segment at the same time. Collisions are resolved using carrier sense multiple access with collision detection in which the competing packets are discarded and re-sent one at a time. This becomes a source of inefficiency in the network.
What is Structured Query Langauge (SQL)?
SQL is a powerful set-oriented language which was developed by IBM research for the databases that adhere to the relational model. It consists of a short list of powerful, yet highly flexible, commands that can be used to manipulate information collected in tables. Through SQL, we can manipulate and control sets of records at a time.
You have two files in two different directories with the same inode. What type of link is involved?
Answer: hard
Hard links all have the same inode number, unlike symbolic links.
What daemon is responsible for tracking events on your system?
The syslogd daemon is responsible for tracking system information and saving it to specified log files.
What account is created when you install Linux?
Whenever you install Linux, only one user account is created. This is the superuser account also known as root.
How does the kernel differentiate device files and ordinary files?
Kernel checks 'type' field in the file's inode structure.
What is relative path and absolute path.
absolute path - absolute path is that path which starts from root /.
relative path - it is that path which starts from current directory.
What is the purpose of exchanging beginning sequence numbers during the connection in the TCP client-server model?
To ensure that any data lost during data transfer can be retransmitted.
Q: Can a router run multiple routing protocols?
A: Yes, routers can be configured with more than one protocol.
Q: Can a single routing table contain routes supplied by different routing protocols?
A: Yes, a routing table can have routes from many different sources and routings protocols. This is where the administrative distance comes into play. The administrative distance will show how trustworthy routes from different sources are.
Q: What is required to support discontiguous networks?
A: To support discontiguous networks, a routing protocol must send subnet mask information in its routing updates.
Q: What’s the difference between classful and classless routing protocols?
A: Classless routing protocols send subnet
Q: What’s the difference between a regular area and a stub area?
A: Stub areas must have only one path in and path out of the area.
Q: What’s the difference between an autonomous system and an area?
A: Autonomous systems are subdivided into smaller segments called areas.
Q: Can EIGRP be used on non-Cisco equipment?
A: No, EIGRP is only available on Cisco equipment.
Why does OSPF require all traffic between non-backbone areas to pass through a backbone area (area 0)?
Comparing three fundamental concepts of link state protocols, concepts that even most OSPF beginners understand, easily derives the answer to the question.
The first concept is this:
Every link state router floods information about itself, its links, and its neighbors to every other router. From this flooded information each router builds an identical link state database. Each router then independently runs a shortest-path-first calculation on its database – a local calculation using distributed information – to derive a shortest-path tree. This tree is a sort of map of the shortest path to every other router.
One of the advantages of link-state protocols is that the link state database provides a “view” of the entire network, preventing most routing loops. This is in contrast to distance vector protocols, in which route information is passed hop-by-hop through the network and a calculation is performed at each hop – a distributed calculation using local information. Each router along a route is dependent on the router before it to perform its calculations correctly and then correctly pass along the results. When a router advertises the prefixes it learns to its neighbors it’s basically saying, “I know how to reach these destinations.” And because each distance vector router knows only what its neighbors tell it, and has no “view” of the network beyond the neighbors, the protocol is vulnerable to loops.
The second concept is this:
When link state domains grow large, the flooding and the resulting size of the link state database becomes a scaling problem. The problem is remedied by breaking the routing domain into areas: That first concept is modified so that flooding occurs only within the boundaries of an area, and the resulting link state database contains only information from the routers in the area. This, in turn, means that each router’s calculated shortest-path tree only describes the path to other routers within the area.
The third concept is this:
OSPF areas are connected by one or more Area Border Routers (the other main link state protocol, IS-IS, connects areas somewhat differently) which maintain a separate link state database and calculate a separate shortest-path tree for each of their connected areas. So an ABR by definition is a member of two or more areas. It advertises the prefixes it learns in one area to its other areas by flooding Type 3 LSAs into the areas that basically say, “I know how to reach these destinations.”
Wait a minute – what that last concept described is not link state, it’s distance vector. The routers in an area cannot “see” past the ABR, and rely on the ABR to correctly tell them what prefixes it can reach. The SPF calculation within an area derives a shortest-path tree that depicts all prefixes beyond the ABR as leaf subnets connected to the ABR at some specified cost.
And that leads us to the answer to the question:
Because inter-area OSPF is distance vector, it is vulnerable to routing loops. It avoids loops by mandating a loop-free inter-area topology, in which traffic from one area can only reach another area through area 0.
To see every process on the system using standard syntax:
ps -e
ps -ef
ps -eF
ps -ely
To see every process on the system using BSD syntax:
ps ax
ps axu
rpm is a powerful Package Manager, which can be used to build, install, query, verify, update, and erase individual software packages. A package consists of an
archive of files and meta-data used to install and erase the archive files. The meta-data includes helper scripts, file attributes, and descriptive information
about the package. Packages come in two varieties: binary packages, used to encapsulate software to be installed, and source packages, containing the source code
and recipe necessary to produce binary packages.
how to retrieve the ip address from the URL ( eg. www.google.com )
$ nslookup www.google.com
Server: 218.186.2.16
Address: 218.186.2.16#53
Non-authoritative answer:
Name: www.google.com
Address: 173.194.38.147
Name: www.google.com
Address: 173.194.38.146
Name: www.google.com
nslookup www.google.com | awk '/Address/&&!/#/'
3.1. Addresses without a special prefix
3.1.1. Localhost address
This is a special address for the loopback interface, similiar to IPv4 with its "127.0.0.1". With IPv6, the localhost address is:
0000:0000:0000:0000:0000:0000:0000:0001
or compressed:
::1
Packets with this address as source or destination should never leave the sending host.
3.1.2. Unspecified address
This is a special address like "any" or "0.0.0.0" in IPv4 . For IPv6 it's:
0000:0000:0000:0000:0000:0000:0000:0000
or:
::
These addresses are mostly used/seen in socket binding (to any IPv6 address) or routing tables.
Note: the unspecified address cannot be used as destination address.
3.1.3.1. IPv4-mapped IPv6 address
IPv4-only IPv6-compatible addresses are sometimes used/shown for sockets created by an IPv6-enabled daemon, but only binding to an IPv4 address.
These addresses are defined with a special prefix of length 96 (a.b.c.d is the IPv4 address):
0:0:0:0:0:ffff:a.b.c.d/96
or in compressed format
::ffff:a.b.c.d/96
For example, the IPv4 address 1.2.3.4 looks like this:
::ffff:1.2.3.4
3.1.3.1. IPv4-mapped IPv6 address
IPv4-only IPv6-compatible addresses are sometimes used/shown for sockets created by an IPv6-enabled daemon, but only binding to an IPv4 address.
These addresses are defined with a special prefix of length 96 (a.b.c.d is the IPv4 address):
0:0:0:0:0:ffff:a.b.c.d/96
or in compressed format
::ffff:a.b.c.d/96
For example, the IPv4 address 1.2.3.4 looks like this:
::ffff:1.2.3.4
3.1.3.2. IPv4-compatible IPv6 address
Used for automatic tunneling (RFC 2893 / Transition Mechanisms for IPv6 Hosts and Routers), which is being replaced by 6to4 tunneling.
0:0:0:0:0:0:a.b.c.d/96
or in compressed format
::a.b.c.d/96
3.2. Network part, also known as prefix
Designers defined some address types and left a lot of scope for future definitions as currently unknown requirements arise. RFC 4291 / IP Version 6 Addressing Architecture defines the current addressing scheme.
Now let's take a look at the different types of prefixes (and therefore address types):
3.2.1. Link local address type
These are special addresses which will only be valid on a link of an interface. Using this address as destination the packet would never pass through a router. It's used for link communications such as:
*
anyone else here on this link?
*
anyone here with a special address (e.g. looking for a router)?
They begin with ( where "x" is any hex character, normally "0")
fe8x: <- currently="currently" in="in" o:p="o:p" one="one" only="only" the="the" use.="use.">
fe9x:
feax:
febx:
An address with this prefix is found on each IPv6-enabled interface after stateless auto-configuration (which is normally always the case).
3.2.2. Site local address type
These are addresses similar to the RFC 1918 / Address Allocation for Private Internets in IPv4 today, with the added advantage that everyone who use this address type has the capability to use the given 16 bits for a maximum number of 65536 subnets. Comparable with the 10.0.0.0/8 in IPv4 today.
Another advantage: because it's possible to assign more than one address to an interface with IPv6, you can also assign such a site local address in addition to a global one.
It begins with:
fecx: <- commonly="commonly" most="most" o:p="o:p" used="used">
fedx:
feex:
fefx:
(where "x" is any hex character, normally "0")
This address type is now deprecated RFC 3879 / Deprecating Site Local Addresses, but for a test in a lab, such addresses are still a good choice in my humble opinion.
3.2.3. Unique Local IPv6 Unicast Addresses
Because the original defined site local addresses are not unique, this can lead to major problems, if two former independend networks would be connected later (overlapping of subnets). This and other issues lead to a new address type named RFC 4193 / Unique Local IPv6 Unicast Addresses.
It begins with:
fdxx:
fcxx:
A part of the prefix (40 bits) are generated using a pseudo-random algorithm and it's improbably, that two generated ones are equal.
Example for a prefix (generated using a web-based tool: Goebel Consult / createLULA):
fd0f:8b72:ac90::/48
EIGRP
======
1) Why Update is confirmed by Ack?
EIGRP's main goal is to let all routers share a commonly knowldege of reachable routes across EIGRP network. This is done by sending Update to neighboring routers. If Update is not delivered reliably, then routes won't be synchronized. Packet would be forwarded incorrectly due to inconsistent routing tables in EIGRP routers. This is unacceptable.
Therefore, it is critical that Update is delivered reliably.
The simplest reliable transfer mechanisms is Update - Ack. EIGRP expects each Update to be confirmed by an Ack within a time interval. If Ack is not received when timeout, the router will retransmit Update.
2) Why not using TCP to provide reliable transport for Update?
TCP runs above network layer and provides reliable transport. But it is costly to set up and tear down a connection. When connection is up, it uses a sophisticated algorithm to assure reliable transport in a congested network. Therefore, TCP is more suitable for data transfer.
In case of EIGRP, the needs of reliable transport for Update is short and bursty. A simple Update-Ack does it well. Using TCP to deliver Update is an overkill,
1) What are the roles of neighbor table, topology table, and routing table?
- Neighbor table: Router uses this table to track neghbors discovered from exchanging Hello. It then sends
Update to tell neighbors its routing information to its neighbors.
- Topology table: For all reachable destinations discovered from neighbor's Update, the router tracks
all routes via different next hops and metrics.
- Routing table. Routing engine uses topology table to calculate the best route for each reachable subnet and
place best routes in routing table. Best route is the topology table entry with lowest FD.
2) What are FD and AD in topology table?
- FD: The metric of reaching destination from this router
- AD: Themetric fo reaching the destination from the neighbor router.
1) What is the formulat to calculate EIGRP metric?
metric = [K1*bw+(K2*bw)/(256-load)+K3*delay]*[K/(Relaibility+K4)] // Default K values are: K=1, K3=1, K2, K4, K5=0
EIGRP metric is based on bandwidth, load, delay, reliability, and MTU.
- Use "show ip protocol" to see K values.
1) What is FD?
FD (Feasible Distance) is the lowest metric to each destination listed in topology table.
2) What is FS?
FS (Feaible sucessor) is a backup route, stored in the topology table
3) What is Successor?
Successor is the neighbor router that has been selected as the next hop for a given destination
and its FD metric is the lowest.
1) What is DUAL?
DUAL stands for Diffusing Update Algorithm. It is a loop-free routing algorithm. During transitional routing changes, DUAL disallow arbitrary routing when FD, successor, FS are not ready.
2) How does DUAL make routing loop free?
Dual uses FD, FS to avoid loop.
- FD (Feasible Distance): The route with smallest metric to reach a destination is elected as FD.
- Successor. The next hop router of FD.
- FS (Feasible Successor): If a route's AD metric is smaller than the elected FD's metric, then the route is a FS. Or, the backup FD.
1) What is Null0 route?
EIGRP creates a route to the Null0 interface when it summarizes a group of routes. The intention is to drop packet via Null0 interface to avoid looping.
2) Why auto-summary may case looping?
If a router receives traffic for the summary address and the packets' destination IP addresses fall outside the pre-summary address, router may forward such packets incorrectly. In addition, default route with summary routing can increase the odd of mis-forwarding. And mis-forwarding often yields to looping.
EIGRP is designed to be a loop-free routing protocol. So it enforces Null0 route for summarized routes.
1. What is encapsulation?
When a computer uses Internet to transmit a message to another computer, it adds several headers in front of the message and transmits them together. A header contains network control information that is used by network devices. For examples, addresses, session ID, protocol type. The process of encoding headers is called encapsulation.2. Why encapsulation? The short answer: To comply with OSI layered reference model. Now the longer answer. This question is really about "Why OSI model?" Network is complicated. The same function can be done by different technologies. And technology changes fast. We often need to integrate unproven new technologies without destabilizing existing implementations. To deal with this problem, OSI proposed a 7 layer reference model. It breaks down network into 7 layers. Each layer serves one purpose. OSI model defines layer interfaces. This way, changes inside a layer won't affect the layer above and below it. Each layer has a set of layer-specific network control parameters. They are encoded into a corresponding header. This is called encapsulation. Commonly used headers are link, network, transport, and protocol. They are corresponding to OSI layer 2, 3, 4, 5 respectively. For example, link layer is implemented by many layer 2 technologies. When delivering a packet through several hops, the packet's link header may be encapsulated several times due to different link technologies used between hops. For example, point-to-point serial link, Ethernet link, wireless link, and ATM link.
ICMP
====
Overview. ICMP (Internet Control Message Protocol) is used to send error messages between hosts and routers. For example, a requested service is not available, a host or router could not be reached. Commonly used ICMP tools are Ping and Traceroute.
* Ping is used to check reachability of a remote node. We often see ping prints results like ...!! What does that mean? What are the common causes of ping failure?
* Traceroute is used to show the route taken by packets. It displays individual routers on the routing path to reach the target host.
* ICMP Redirect is used by the default gateway router to inform the sending host that a better gateway is available for its destination specific traffic flow.
* ICMP Type: It indicate the message type. Commonly used types are: 3 for Destination unreachable, 11 for Time exceeded. It's a field in ICMP header (1 byte)
* ICMP Code: It is used with type to narrow down the type of error message. For example, Type 3 is destination unreachable, type 3 and code 0 is net unreachable, type 3 and code 1 is host unreachable.
* RTT: Round-trip Time. It measure network delay time between sending a message to a node and receiving the response from that node.
* TTL: Time to Live. It's a field in packet's IP header to indicate the time a packet can stay in network. TTL is decremented by 1 when a router receives the packet. The packet is droped when TTL is 1.
* Ping. A tool to check remote host reachability,
* Traceroute. A tool to discover intermediate routers along the routing path between two hosts.
1. What is ping?
Ping is a network diagnostic tool. It is used to test whether a remote node is up or down. A technical term is called reachability.2. How does ping work?Ping's network header contains a destination IP. When a router receives ping, it uses the destination IP to lookup its routing table and determines how to forward ping to next router (next hop). Ping is being delivered to the target node with hop-by-hop forwarding. When ping arrives at the target node, it sends echo back to the sender. And the sender knows that the target is reachable. 3. Why ping? The Internet is loosely managed, persistent, but unreliable. Remote servers can be down for many reasons. If we can't access a remote site, we often use ping to quickly verify whether it is a transient error.4. Why do we often see ping's result is "...!!"...!! means the first 3 pings fails and the 4th and 5th ping succeed. A remote node is reachable or not depends on the final result of a burst of pings. This is because many ping errors are transient. Try again, the error is gone.5. What is ARP miss? Before sending a packet, we need to encapsulate its headers. If the ARP table does not contain the MAC address of next hop, then the link header cannot be completed, and the packet cannot be transmitted. ARP miss is one of the most common transient ping errors.
1. What is router?
Router forwards receives packets to other interfaces in order to deliver the packet to its destination.
2. How does router forward packets?
Router uses routing table to determine which interface to forward the arriving packet. Routing table contains entrees like (destination network address, next hop interface). Router forwarding packets as follows:
- extract the destination IP address from arriving packet.
- compare the destination IP address with routing table's destination address.
- If a match is found, forward the packet to the entry's next hop interface. Otherwise, drop the packet.
3. What's router forwarding to do with ping?
Routing table lookup failure is a common cause of ping failure. Fir example, when a link is down, routing table gets into a transient state. Arriving packets may be dropped due to routing table lookup failure or get miss-forwarded to a next hop incorrectly.
4. How to determine that a ping failure is caused by router?
You can run traceroute to locate which router cause problem to reach the destination.
