I am trying to understand the concept of ICMP and ARP... I made up the following network... and am having a tcpdump Ws1 and pinging Ws2. So by what I understand assuming all arp caches are empty and only looking at the packets that Ws1 will pick up.. Ws1 makes an arp request to R2. Receives an Arp reply from R2. then it starts sending ICMP request packets, then receives replies. Am I mistaken?
JorgeM 966
That process that you described sounds accurate and expected. Assuming the arp cache is empty from the source TCP/IP host... when you "ping" another host by IP, the source computer first does a lookup in its local routing table, it then needs to determine what interface the packet will leave and whether or not the target is on the local subnet. if the target is on a remote submit, it will arp for the gateway. For the local subnet, it will send out an arp request and wait for a host on the subnet to replay with to the arp request.
What is happening is the source host needs to know what the target MAC address is so that it can deliver the packet. It knows the target IP, but not the target MAC. The host computer is sending out the arp request basically saying.. "Who has this IP..I need your MAC". If you look at the arp request, its a broadcast packet (255.255.255.255/ffffffffffff). All computers on the local subnet will pick up the packet and the one that has a match to the IP in the arp request will respond to the source host. Now that the source host has the MAC address, it can proceed with sending out the PING packet including the destination MAC address as well as the destination IP.
additional reading: How IP Packets are Routed on a Local Area Network
Nandomo -3
One more question. So if I would have a second router to connected to net 0 and it was the default route on Ws1. I know that Ws1 will get a redirect to R2. Can you explain redirects to me.
Here's a good explaination of ICMP redirects and when they're sent:
http://www.cisco.com/c/en/us/support/docs/ip/routing-information-protocol-rip/13714-43.html
