www.unix.org.ua

[Django]

Hi,

I am taking practice exams for my CCENT exam using Boson exam environment that came with the Cisco Press ICND1 & ICND2 books. I am asked a question on the ICND1 practice test that is not covered at all in the ICND1 book.

Please assist me as I got it wrong. It goes as followed.

PC1 used the Microsoft XP tracert 172.16.2.7 command; the results are shown in the exhbit. The matching diagram shows the entire internetwork. Which of the following statements are true about what occurred in this internetwork when the command was running?

If image does not fit your screen, please click on it to maxamize the size of it, in it's own window
https://learningnetwork.cisco.com/servl ... TLicmp.JPG
Exhibit 1

C:\>tracert 172.16.2.7

tracing route 172.16.2.7
over a maximum of 30 hops:

1 <1 ms <1 ms <1 ms 10.1.1.1
2 8 ms 8 ms 8 ms 10.1.13.3
3 7 ms 8 ms 8 ms 172.16.1.4
4 8 ms 7 ms 10 ms 172.16.2.7

c:\>

A. R2 has a route that matches destination address 10.1.1.10
B. PC4 sent no ICMP time-exceeded messages.
C. R2 sent no ICMP time-exceeded messages.
D. R1 sent at least one ICMP time-exceeded message with source IP address 10.1.1.1
E. R3 sent at least one ICMP time-exceeded message with source IP address 10.1.1.10


I choose A, B, and C as my answers.

The boson exam said the correct answers are A, B, & D. The explanation they give does not make sense to me because I don't understand how they can come with this answer with the information given.

Can someone please explain to me how this work. Wiki says "The TTL field is set by the sender of the datagram, and reduced by every host on the route to its destination. If the TTL field reaches zero before the datagram arrives at its destination, then the datagram is discarded and an ICMP error datagram (11 - Time Exceeded) is sent back to the sender"


I thouht the TTL field were the ms (for example 8 ms like above).


Thanks

[Brian]

Aloha Django,

Let me try and explain. First regarding the Boson exam question the correct answers are A, B & E. If you look at the results of the tracert command, it should be self explanatory. If not review "How" the tracert command works. The PC sends a set of ICMP echo-requests to the destination address (172.16.2.7 in this example) with the TTL fields set to 1. When router R1 receives these ehco requests it decrements the TTL to 0 and sends ICMP time-exceeded messages back to the source, in this case IP address 10.1.1.10. The PC then sends out another series of ICMP echo-requests, this time with the TTL field set to 2. When R1 receives the ICMP echo-request it decrements the TTL to 1 and forwards to R2. When R2 receives the ICMP echo-request he decrements the TTL to 0 and sends ICMP time-exceeded messages back to the source 10.1.1.10. Here is a much better explaination from Wikipedia.

Traceroute works by increasing the "time-to-live" value of each successive batch of packets sent. The first three packets sent have a time-to-live (TTL) value of one (implying that they are not forwarded by the next router and make only a single hop). The next three packets have a TTL value of 2, and so on. When a packet passes through a host, normally the host decrements the TTL value by one, and forwards the packet to the next host. When a packet with a TTL of one reaches a host, the host discards the packet and sends an ICMP time exceeded (type 11) packet to the sender. The traceroute utility uses these returning packets to produce a list of hosts that the packets have traversed in transit to the destination. The three timestamp values returned for each host along the path are the delay (aka latency) values typically in milliseconds (ms) for each packet in the batch.

The results of all this is the output you see. Since the trace was successful this implies that all three routers have a route back to the source 10.1.1.10. In addition, all three routers send ICMP time-exceeded messages back to the source 10.1.1.10. The host PC4 does not send the ICMP time-exceeded message, but an ICMP echo-reply message because he is the destination. Based on this the only answers that fit are A, B & E.

[Di Na]

Hi Brian,

When R3( or R1) sends ICMP time-exceeded message back to 10.1.1.10, shouldn't the source ip address in the packet be R3's (or R1's) ip address and 10.1.1.10 be the destination address? I think D makes more sense

[Brian]

Di Na,

Yes, sorry. My post reflects how the routers send to the ICMP time-exceeded messages to 10.1.1.10. I was think destination address and I saw that in answer E. Yes the routers respond with their IP address as the source addresses and 10.1.1.10 (PC A) as the destination. So the correct answers are A,B & D. Thank you for the correction.

[Django]

I totally understand why I do not know this. It is covered in the ICND2 book. Why is it on the ICND1 test? Even VLSM is on the ICND1 test and is covered in the ICND2 book. They could have done a better job splitting this information up in 2 different tests.

I just read page 276 of the ICND2 book. It goes in depth on traceroute and TTL.
The traceroute command sends a set of messages with incerasing TTL values, starting with 1.
Guess I have to go read the entire ICND2 book before I can take the ICND1 exam.


Thanks

[Django]

What determines the TTL to start off with. For example if I have a host, and I want to ping across the network, what determines what the host sets for TTL? I guess this varies for each type of ICMP tool.

Likewise what determines it for a router or switch, a web server, etc?
I now understand when you ping, each forwarded packet or hop decreases the TTL by 1, whereas tracert increases the TTL by 1

Traceroute starts off wth a TTL of 1 and increases

[Brian]

Aloha Django,

A little clarification on the ping and traceroute commands and the TTL. The TTL value is determined by the sending host in accordance with RFC 791. According to RFC 791, the TTL value is set to the maximum time a packet is allowed to be in the internet. It is measured in seconds (where the value 1 means one second) and the maximum value is 255 seconds or 4.25 minutes. The TTL field must be decreased by 1 at each point where the internet header is processed to reflect the time spent processing the datagram. Since every host that processes a datagram must decrease the TTL by at least 1 even if it processes the datagram in less than a second, the TTL can be thought of as an upper bound on the time a datagram may exist. The two main functions are to limit the liftime of packets in the Internet and to terminate Internet routing loops. Although the TTL is measured in seconds, it can also be thought of as a hop count, since every host is required to decrease the TTL value by 1 as it processes the packet.

Therefore, with the ping command the TTL value starts out at the maximum value of 255 and is decreased by at least 1 at every hop (host) along the path from point A to point B.

With the traceroute command, a series of three ICMP packets are sent with the TTL set to 1. The next set of three ICMP packets have a TTL value of 2, and so on. This process continues until the destination host is reached. When a packet with a TTL of 1 reaches a host, the host discards the packet and sends an ICMP time-exceeded message back to the sender. The traceroute utility uses these returning packets to produce a list of hosts the packets have traversed in transit to the destination. The three timestamp values returned for each host along the path represent the round trip delay for each packet in the batch. The IP address listed represent the input interfaces of the hosts traversed along the path from Host A to Host B.


Hope this helped to clarify.

[JChief4040]

I share the same exact frustrations given my first attempt at CCENT Exam. I was dissapointed to learn that traceroute is tested on in detail on ICND1 when it is actually not introduced until ICND2 in that depth. SAME goes for Spanning Tree Protocol if you haven't seen that yet. It makes me think that it is dishonest for Cisco to take our money and this ICND1 test on topics that are not even covered until ICND2. I was so mad I wanted to sue them for my money back.

[JChief4040]

Another example was when another person said (in regards to RIP): "

Ok, I had to pull out the ICND2 book. I am going to study the autosummarization portion and then set up a packet tracer sim to get a better understanding and feel for this new concept. I recall the sim question did point out and state something like "be sure to make any adjustments for subnet issues".

I just find it odd that the ICND1 book makes only a small mention of it yet it is included on the CCENT? Well, I guess the more knowledge the better prepared I will be."

It is true that ICND1 will ask questions about auto-summarization that is not fully explained until ICND2. The CCENT is really a failure and a money drain for students who purchased all the materials Cisco offers for ICND1 when more is actually required (ICND2 topics too). Cisco should be sued for what amounts to nothing more than deception.

[Joshua Garofolo]

Hi JChief4040

I scored 752 out of 1000 last week, so I missed the mark as well and understand your frustration.

I'd like to point out that the sample question from the original poster is on the included Boson practice exam with the Cisco Press ICND1 book by Wendell Odom. So if you run through that exam, you'll encounter this (and a few other) sample question regarding the traceroute command and TTL values; which should lead you to at least look into these types of questions a little further.

I haven't even cracked open the ICND2 book yet, but when I encountered the traceroute questions on the exam last week I blew right through them. The explanation of the correct answer included on the practice test was enough for me.

Anyway, I'm dissapointed that I didn't pass but I hardly think its grounds to bring a lawsuit onto Cisco over this.


Just my opinoin.