Hello David
Ping is a utility that uses ICMP, and it is generally uniformly deployed across all types of devices, platforms, and operating systems. So, a ping from a Windows PC will work almost identically to a ping from a Cisco switch.
Traceroute however, is highly platform-specific.
- In Unix/Linux systems, traceroute by default sends a sequence of UDP packets with destination port numbers ranging from 33434 to 33534, so ICMP is not involved at all! But you can modify the command to use ICMP instead, or even TCP if you like.
- On a Windows device, traceroute (or tracert as the command is named) uses ICMP echo request packets by default.
- Cisco’s implementation also uses UDP datagrams with incrementing TTL values.
So you’ll have to see which platform the command is issued on and what keywords/switches/options are used to understand the behavior.
As for ICMP codes, the difference between 0 and 1 is the following.
If you send an ICMP packet to a destination of 192.168.12.5, and somewhere along the path, a router has no entry in its routing table for this specific network, the packet is dropped and an error code of 0 is returned. The destination network is unreachable.
However, if the ICMP packet reaches a router that has the 192.168.12.0/24 network directly connected to one of its interfaces, then the destination network IS reachable. So the router attempts to send the packet to the 192.168.12.5 host. If no host responds, then the router will send an error code of 1, saying the host is unreachable.
In the first case, the destination network is unreachable. In the second case, the destination network is reachable, but the specific host in that network is not. Does that make sense?
Now what each vendor will use may vary, but as far as I know, the ICMP codes should be consistent across all vendors. Are you sure that the Cisco device and the CheckPoint device ICMP code results were not due to the fact that the situation was indeed different in each case? Take a look and let us know…
I hope this has been helpful!
Laz