What data is included in ICMP (ping) request? - ping

I know the ICMP request contains the IP address. Is the client MAC address included in an ICMP request? What other info (if any) is included in a ping request?

An ICMP request is a layered packet which is sent over the internet. It contains the Ether layer, which has the target and source MAC address in it. It also contains the IP layer, which has the source and target IP and also a couple of flags included. And at last it contains the ICMP data. This contains a type, a subtype, then a checksum and the rest of the header, which can vary from type and subtype (E.g. The code for echo is 8 and reply is 0).
There is a lot of information in a network packet. Also note that ICMP is an part of the IPv4 protocol, so it cannot officially be carried by other protocols. Although the IP protocol can be carried on a different protocol than the ethernet protocol.
The MAC address will be changed after each passing of a router. So this is never the MAC address of the source IP address on the internet. But the IP address is definitely included and on a local network, the mac address of the client is still in the packet in the Ether layer.
Wikipedia has some readable article about ICMP packets: icmp message and different protocols with readable diagrams.
If you want to see some live requests, you can install wireshark, which will show and dissect all network traffic for you. It is a very convenient and cool tool.

The ICMP 'ping' packet, officially known as 'echo request', contains whatever the originating ping executable wants to have echoed back to it. In the Bad Old Days when the internet was first getting started up, the routers they had (and all computers, really) were subject to random memory failures. In order to detect that the path between two systems was clear, they would send echo request packets and compare the contents of the request with the reply. If the contents differed, they knew that there was a problem with either of the machines involved, or the routers in between.
It's impossible to state here categorically exactly what's in any given ping packet because it changes between implementations of ping.

It is usually not possible for a person to get the MAC address of a computer from its IP address alone. These two addresses originate from different sources. Simply stated, a computer's own hardware configuration determines its MAC address while the configuration of the network it is connected to determines its IP address.
However, computers connected to the same TCP/IP local network can determine each other's MAC addresses.
Look RFC 792 for full ICMP fields.

Related

I need help in understanding Port vs protocol

my question as follows Why do we need port when there’s protocol ,- that’s exactly defining what are the terms of transferring or receiving data
Did not actually get it, i am new to web processes:)
A protocol is a specification for how two devices should exchange data in a way that they can both understand. A port is kind of a numbered 'tag' that helps a computer decide who should receive an incoming piece of data.
Many protocols have a port that they run on by default; this makes it easier to discover them or configure applications that use them. But that's not a hard rule; they could always listen on a different port, as long as anyone contacting them knew about the change.
A protocol is an agreement on how to interpret data and how to respond to messages. They generally specify message formats and legal messages. Examples of protocols include:
TCP/IP
HTTP
SSH
A port is part of socket end point in TCP and UDP. They allow the operating system to distinguish which TCP or UDP service on the host should receive incoming messages.
The confusion generally arises because, a number of ports are reserved (eg. port 80) and are generally listened to by severs expecting a particular protocol (HTTP in the case of port 80). While messages send to port 80 are generally expected to be HTTP messages, there is nothing stopping an non-HTTP server from listening on port 80 or an HTTP server from listening on an alternative port (for example 8080 or 8088).

Why is connection failing when port-forwarding with dynamic dns in same network

I have a MySQL database running on my raspberry pi.
To access it I use dynamic DNS (duckdns) when I am outside of my network, but I would like to access it with same dynamic domain name when I am inside my network. However it is not working and I always get connection refused.
I would like somehow enable it so I do not have to change in app.config MySQL server address from my dynamic domain to localhost when I am inside my local network.
You'll need a gateway router that supports NAT hairpinning. Many consumer-grade units (and some supposedly commercial-grade equipment) doesn't support this. Either yours doesn't, or you need to find an option to enable it.
When you try to connect to the public IP address from inside the network, the router probably assumes that you want to connect to the router itself.
My cable modem's built-in router at home understands how to do this. When I access my server from the laptop, and connect to the public IP from inside, the router (inside the cable modem) does a transformation on the packets so that my server sees my connection coming from the router's IP address, not my laptop's IP address.
This is what has to happen, because when the server responds, it will respond to the machine that connected to it. If it responded to the laptop's address, the laptop would reject the traffic, since it would be coming from ther server's internal IP, which is not the IP address I connected to. So, it responds to the router, which does a second transform on the packet address, replacing the server's internal IP with the external IP. Remembering the session from previous traffic, the router then sends the packet back to the laptop.
Ultimately this setup can't possibly work for you without the complicity of your router, which may not have that capability.
Some routers, however, have a DNS proxy that will allow you to create static entries. My former DSL modem could not hairpin NAT connections, but it had a way to create DNS entries that would be used to respond to internal DNS queries for a specific host... with a different IP than the one that DNS otherwise provided. That's an alternative workaround if the router supports it.

Changing IP address before web page reads it

Assume that there is a web-page called whatisyourip.com and that I have a web-page called changeip.com. A user wants to enter the site whatisyourip.com through changeip.com. Normally, changeip.com would be a proxy server so the user can hide his ip address. That's how users reach forbidden web-pages in their countries. But I want to ask, is there a way to show a different ip address to whatisyourip.com while connecting it through changeip.com without using it as a proxy server?
is there a way to show a different ip address to whatisyourip.com while connecting it through changeip.com without using it as a proxy server?
Short answer: Yes. Make changeip.com a VPN server and assign different IP addresses to those VPN clients. Ensure they send all traffic through the VPN. This usually involves modification of the local routing table on the VPN client workstations for everything to work correctly.
Longer answer... There are several reliable ways to hide IP addresses of TCP sessions...
HTTP Proxy - you already described this situation
Network address Translation - this doesn't sound likely in your scenario
VPN Tunneling - Possible solution instead of HTTP proxy, even if it's something as simple as an SSL VPN. Depending on your constraints, this could also be a viable option.
You can't. TCP connections require a 3-way handshake. You can certainly send a SYN packet to the server to start the process, then change your IP address. but when the site responds with the 2nd-stage of the handshake (SYN+ACK), that packet is now going to your old IP address and your system will drop it - it has no idea that the server is responding to something that was started on the old IP.
You could try something like the Tor network, which offers end-to-end encryption of traffic and cloaking of origins, but it's not something I'd consider "reliable".
Not unless you spoof your IP, in which case the response will go to the forged IP. So no.

dyndns equivalent for ports? (so that port changes don't require config file changes)

DynDNS et. al. are great for not having to put IP addresses in config files... I put the dyndns domain in the config and if I ever want to change the server location I just update it in one place, and the config stays the same. But what if I want to change the port number that's used? Is there an equivalent for ports - so that I can also get what port to connect to from some service just like I get the IP from DynDNS? Or what's another solution (besides not changing the ports)?
DynDNS and DNS in general has the main purpose of not having to remember a host by its IP address. The DynDNS part comes is mostly to solve the issue of people who don't have static IP addresses, and they occasionally get new IP addresses when their DHCP leases expire.
The original intention wasn't really meant to account for someone purposely changing their IP address or port numbers. Usually a service is on a well known port that doesn't change, such has 80 for http. Depending on the protocol, you could set up a well-known port, and then have it redirect to a different port. As an example, some websites will redirect port 80 to 8080, but this is protocol dependent. This also won't work for a lot of other protocols, and you're usually stuck with the port you choose.
Using DynDNS I access three different machines behind the same router by simply adding a colon and the port number just as if I were adding it to a static IP address (ie myhome-computer.dyndns.biz:1234 ). Each port points to a different internal ip in the router. This works fine with my free host account. However, I am not aware of a port identifier that could report as the DynDNS host app does.

Performance of local domain vs localhost

Is there a performance difference between TCP connections to:
localhost / 127.0.0.1
a domain which resolves to the local machine
Or more specifically, do the latter connections go through the loopback device, or over the actual network?
The reason I'm asking is I'm thinking about changing database settings in many PHP apps so they use a full domain instead of localhost. That way we could more easily move the database to a different server, if the need arises.
This is implementation and operating system dependent. On Windows, anything connecting to a local IP address, even if it is an outside-facing IP, will go over loopback. This is a documented problem for applications such as packet sniffers, because you can't sniff the loopback. (Windows doesn't treat loopback as a "device" -- it is handled at the network level.) However, in this case it would work in your favor.
Linux, in contrast, will follow whatever you have in your routing table, so packets that are destined to your local machine will go to your local machine over the network if the routing table isn't properly configured. However, in 99% of the cases the routing will be configured properly. Your packets won't go over the loopback device, but the TCP/IP stack will know that you are contacting a local IP and it will virtually go out and back in the proper ethernet device.
In a properly configured environment, the only bottleneck for using a domain name would be DNS resolution time. Contacting an outside DNS can add additional latency into your configuration. However, if you add in the domain name into your /etc/hosts file (C:\Windows\System32\drivers\etc\hosts on Windows), your system will skip the DNS resolution phase and obtain an IP directly, making this time cost moot.
That depends on how the names are resolved. The procedure is typically /etc/hosts first and then DNS if that fails. If localhost is in your /etc/hosts, putting whatever.wherever in the file as well will make it resolve with the same speed.