Linux
25 June 2011 2 Comments

Layer 2 Ping – Using the arping Tool

Introduction

The arping tool for Linux is the Layer 2 equivalent of the ping command. It is used to send ARP (Address Resolution Protocol) request messages to a destination host in a Local Area Network (LAN) . This is useful to test whether a particular IP address is in use and online in the network. The arping tool operates at OSI Layer 2, so it can only be used in local networks: ARP messages cannot be routed across routers or gateways. Many Linux distributions, including Backtrack, include arping by default.

When arping is run without parameters it will not do anything – except display the command line options:

$ arping
ARPing 2.09, by Thomas Habets <thomas@habets.pp.se>
usage: arping [ -0aAbdDeFpqrRuv ] [ -w <us> ] [ -S <host/ip> ]
 [ -T <host/ip ] [ -s <MAC> ] [ -t <MAC> ] [ -c <count> ]
 [ -i <interface> ] <host/ip/MAC | -B>
For complete usage info, use --help or check the manpage.

Arping with an IP Address Argument

Now let’s see arping in action by supplying it with an IP address to probe. This is the most common way to use arping. Say we want to send…

Tags: , , , , ,
Networking
24 June 2011 0 Comments

The ICMP Protocol for IPv4 Explained

In this post we discuss the Internet Control Message Protocol (ICMP), one of the core protocols of the TCP/IP suite [Wikipedia] [RFC 792]. Many common networking utilities are based on ICMP, including tracert and ping.

ICMP messages are typically generated in response to errors in IP datagrams or for diagnostic or routing purposes. ICMP errors are always reported to the original source IP address of the originating datagram. The protocol is implemented by both hosts and routers, albeit in different ways.

A version of ICMP for IPv6 exists: ICMPv6. The scope of this article is limited to ICMP for IPv4 (ICMPv4).

ICMP Packet Structure

Each ICMP message is encapsulated directly within a single IP datagram, and thus, like UDP, ICMP is unreliable. The structure of ICMP packets is displayed below:

 

Header Fields

The Type and Code fields are the first two fields in the header of the ICMP packet. Together these fields designate the meaning of the packet.

 

Type/Code Fields

The most common combinations of Type and Code are displayed below.

As can be seen in the table, an ICMP message can either be an error message or a query message. Query messages are two-way: when an ICMP request …

Tags: checksum, code, core protocl, echo, , icmp header, icmpv6, ipv4, packet, , traceroute, tracert,