How to check the contents of a return packet in ICMP Ping / Echo?
When checking ping echo, it seems that utilities / libraries often only check the checksum of the packet and do not actually confirm that the payload sent matches the payload returned. For example, the Wireshark ICMP parser only checks for checksums and that everything Ruby net-ruby also checks.
I am debugging an issue with a low level network driver and I need to confirm that no data is being processed when received, so I want to test my driver using a low level request like ICMP Echo . However, my existing Ping tools are not sufficient because I am afraid that while the checksum may match the data contained in the echo reply, the data in the echo reply does not match the data in the echo request. So even if they have valid checksums (there is no error in the checksum code), an error occurs in the receive data portion, so that my driver does not receive what the host thinks it is sending.
How can I test the echo payload to confirm that it is the same as what I sent? If there is a standalone "paranoid ping" utility that I can use, that's fine too - I just need to be able to change the ping length and frequency as I only see the problem when the network is flooded.
I would prefer it as a Ruby / snippet library, but any language or standalone application is acceptable as long as I can run it on Windows.
Thank!
source to share
@Tom: Thanks for the answer. You said:
The receiver recalculates the checksum from the data and compares it with the sent one.
But then you also said:
The ICMP checksum does not include TCP headers, only ICMP type fields, code, checksum, and data.
The ICMP type differs between echo request / response (one is 0, the other is 8 I think). So by definition (and in practice if you look into Wireshark) ICMP checksums do not match between send request and echo reply.
My problem was that if the ping utilities / libraries were checking anything (and often they didn't), they were only checking to make sure the checksum matches the data. It looks like only people actually check the submitted data with the echo'd response to make sure the two payloads are identical. It is possible that both the request and the response might have valid checksums, but different payloads, and most Ping routines I have seen did not check for such a condition (but it looks like this is the error I have on my device at the moment ).
Thanks for looking at my question and answering, although it is very valuable.
@All:
In response to my own question, I was able to use the robust .NET Ping class as it gives me ready access to (unlike most other Ping libraries I have found).
source to share
I think you are missing the checksum point. The purpose of the checksum is to check if there is any data. The sender computes a checksum from the data and transmits it with the data. The receiver recalculates the checksum from the data and compares it with the one that was sent. If they don't match, then the data is not intact or one of them miscalculates. More often than not, bad checksums do not lead to dropped packets, because there are a lot of broken protocol stacks and of course packet agents and which do not capture the checksum, but if both parties do it correctly, then the checksum check reports that the data is not damaged.
Are you looking at TCP checksum or ICMP checksum? The ICMP checksum does not include TCP headers, only ICMP type fields, code, checksum, and data. A TCP checksum error does not necessarily mean that the ICMP content is not intact, it can mean that the TCP headers have been corrupted (possibly broken NAT).
source to share