Sources: Wiki, Microsoft
Ping is a computer network tool used to test whether a particular host is reachable across an IP network; it is also used to self test the network interface card of the computer, or as a speed test. It works by sending ICMP “echo request” packets to the target host and listening for ICMP “echo response” replies. Ping measures the round-trip time[1] and records any packet loss, and prints when finished a statistical summary of the echo response packets received, the minimum, mean, max and in some versions the standard deviation of the round trip time.
The word ping is also frequently used as a verb or noun, where it is usually incorrectly used to refer to the round-trip time, or measuring the round-trip time.
If you are having connectivity problems, you can use the ping command to check the destination IP address you want to reach and record the results. The ping command displays whether the destination responded and how long it took to receive a reply. If there is an error in the delivery to the destination, the ping command displays an error message.
You can use the ping command to:
* Ping your computer (by address, not host name) to determine that TCP/IP is functioning. (Pinging your computer does not verify that your network adapter is functioning.)
* Ping the local router to determine whether the router is running.
* Ping beyond your local router.
The following table shows some useful ping command options.
Option Use
-nCount
Determines the number of echo requests to send. The default is 4 requests.
-wTimeout
Enables you to adjust the time-out (in milliseconds). The default is 1,000 (a 1-second time-out).
-lSize
Enables you to adjust the size of the ping packet. The default size is 32 bytes.
-f
Sets the Do Not Fragment bit on the ping packet. By default, the ping packet allows fragmentation.
The following example illustrates how to send two pings, each 1,450 bytes in size, to IP address 131.107.8.1:
Copy Code
C:\>ping -n 2 -l 1450 131.107.8.1
Pinging 131.107.8.1 with 1450 bytes of data:
Reply from 131.107.8.1: bytes=1450 time<10ms ttl="32" bytes="1450" ttl="32" sent =" 2," received =" 2," lost =" 0" minimum =" 0ms," maximum =" 10ms," average =" 2ms" href="http://technet.microsoft.com/en-us/library/cc737478.aspx">here
src="http://pagead2.googlesyndication.com/pagead/show_ads.js">
Ping command History Explained
A
server denying a ping request because of the request's size.
Mike Muuss wrote the program in December, 1983, as a tool to troubleshoot odd behavior on an IP network. He named it after the pulses of sound made by a sonar, since its operation is analogous to active sonar in submarines, in which an operator issues a pulse of energy at the target, which then bounces from the target and is received by the operator. (The pulse of energy in sonar is analogous to a network packet in ping). [1][2]
The usefulness of ping in assisting the "diagnosis" of Internet connectivity issues was impaired from late in 2003, when a number of Internet Service Providers began filtering out ICMP Type 8 (echo request) messages at their network boundaries.
This was partly due to the increasing use of ping for target reconnaissance, for example by Internet worms such as Welchia that flood the Internet with ping requests in order to locate new hosts to infect. Not only did the availability of ping responses leak information to an attacker, it added to the overall load on networks, causing problems for routers across the Internet.
Although RFC 1122 prescribes that any host must accept an echo-request and issue an echo-reply in return, this is supposedly a security risk. Thus, hosts that no longer follow this standard are frequent on the public Internet.
ICMP packet
ICMP packet
| Bit 0 - 7 | Bit 8 - 15 | Bit 16 - 23 | Bit 24 - 31 |
IP Header
(160 bits OR 20 Bytes) | Version/IHL | Type of service | Length |
| Identification | flags and offset |
| Time To Live(TTL) | Protocol | Checksum |
| Source IP address |
| Destination IP address |
ICMP Payload
(64+ bits OR 8+ Bytes) | Type of message | Code | Checksum |
| Quench |
| Data (optional) |
Generic composition of an ICMP packet
- Header (in blue):
- Protocol set to 1 and Type of Service set to 0.
- Payload (in red):
- Type of ICMP message (8 bits)
- Code (8 bits)
- Checksum (16 bits), calculated with the ICMP part of the packet (the header is not used)
- The ICMP 'Quench' (32 bits) field, which in this case (ICMP echo request and replies), will be composed of identifier (16 bits) and sequence number (16 bits).
- Data load for the different kind of answers (Can be an arbitrary length, left to implementation detail. However must be less than the maximum MTU of the network[citation needed]).
Sample pinging
Sample with Linux
The following is a sample output of pinging en.wikipedia.org under Linux with the iputils version of ping:
admin@localhost# ping en.wikipedia.org
PING rr.pmtpa.wikimedia.org (66.230.200.100) 56(84) bytes of data.
64 bytes from rr.pmtpa.wikimedia.org (66.230.200.100): icmp_seq=1 ttl=52 time=87.7 ms
64 bytes from rr.pmtpa.wikimedia.org (66.230.200.100): icmp_seq=2 ttl=52 time=95.6 ms
64 bytes from rr.pmtpa.wikimedia.org (66.230.200.100): icmp_seq=3 ttl=52 time=85.4 ms
64 bytes from rr.pmtpa.wikimedia.org (66.230.200.100): icmp_seq=4 ttl=52 time=95.8 ms
64 bytes from rr.pmtpa.wikimedia.org (66.230.200.100): icmp_seq=5 ttl=52 time=87.0 ms
64 bytes from rr.pmtpa.wikimedia.org (66.230.200.100): icmp_seq=6 ttl=52 time=97.6 ms
--- rr.pmtpa.wikimedia.org ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 8998ms
rtt min/avg/max/mdev = 78.162/89.213/97.695/6.836 ms
This output shows that en.wikipedia.org is a DNS CNAME record for rr.pmtpa.wikimedia.org which then resolves to 66.230.200.100.
The output then shows the results of making 10 pings to 66.230.200.100 with the results summarized at the end. (To stop the program in Linux or Windows, press Ctrl+C.)
- shortest round trip time was 78.162 milliseconds
- average round trip time was 89.213 milliseconds
- maximum round trip time was 97.695 milliseconds
- Standard deviation of the round-trip time was 6.836 milliseconds
While a ping session is running, under some Linux systems, you can get the overall status of the session without quitting by sending the Ctrl+\ key combination. This will give you a summary similar to the following.
6/6 packets, 0% loss, min/avg/ewma/max = 15.304/23.188/20.446/53.673 ms
Sample with Windows
The following is a sample output of pinging en.wikipedia.org under Windows (Vista used in the following example) from within the Command Prompt:
[localhost] ping en.wikipedia.org
Pinging rr.pmtpa.wikimedia.org [66.230.200.100] with 32 bytes of data:
Reply from 66.230.200.100: bytes=32 time=57ms TTL=44
Reply from 66.230.200.100: bytes=32 time=59ms TTL=44
Reply from 66.230.200.100: bytes=32 time=59ms TTL=44
Reply from 66.230.200.100: bytes=32 time=54ms TTL=44
Ping statistics for 66.230.200.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 59ms, Average = 57ms
Windows appears not to inform the user about duplicated return packets.
While a ping session is running you can get the overall status of the session without quitting by sending the Ctrl+Break key combination.
Sample with Mac OS X
The following is a sample output of pinging en.wikipedia.org under Mac OS X Leopard using the Terminal:
Macintosh:~ user$ ping -c 10 en.wikipedia.org
PING rr.knams.wikimedia.org (91.198.174.2): 56 data bytes
64 bytes from 91.198.174.2: icmp_seq=0 ttl=53 time=40.019 ms
64 bytes from 91.198.174.2: icmp_seq=1 ttl=53 time=47.502 ms
64 bytes from 91.198.174.2: icmp_seq=2 ttl=53 time=43.208 ms
64 bytes from 91.198.174.2: icmp_seq=3 ttl=53 time=50.851 ms
64 bytes from 91.198.174.2: icmp_seq=4 ttl=53 time=46.556 ms
64 bytes from 91.198.174.2: icmp_seq=5 ttl=53 time=42.180 ms
64 bytes from 91.198.174.2: icmp_seq=6 ttl=53 time=49.853 ms
64 bytes from 91.198.174.2: icmp_seq=7 ttl=53 time=45.556 ms
64 bytes from 91.198.174.2: icmp_seq=8 ttl=53 time=41.186 ms
64 bytes from 91.198.174.2: icmp_seq=9 ttl=53 time=48.836 ms
--- rr.knams.wikimedia.org ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 40.019/45.575/50.851/3.588 ms
While a ping session is running you can get the overall status of the session without quitting by sending the Ctrl+t key combination. This will give you a summary similar to the following.
load: 0.37 cmd: ping 1748 running 0.01u 0.07s
255/255 packets received (100%) 18.827 min / 19.975 avg / 29.200 max
Message format
Echo request
The echo request is an ICMP message whose data is expected to be received back in an echo reply ("pong"). The host must respond to all echo requests with an echo reply containing the exact data received in the request message.
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
| Type = 8 | Code = 0 | Header Checksum |
| Identifier | Sequence Number |
| Data ::: |
- Type must be set to 8.
- Code must be set to 0.
- The Identifier and Sequence Number can be used by the client to match the reply with the request that caused the reply. In practice, most Linux systems use a unique identifier for every ping process, and sequence number is an increasing number within that process. Windows uses a fixed identifier, which varies between Windows versions, and a sequence number that is only reset at boot time.
- The data received by the Echo Request must be entirely included in the Echo Reply.
Echo reply
The echo reply is an ICMP message generated in response to an echo request, and is mandatory for all hosts and routers.
| 00 | 01 | 02 | 03 | 04 | 05 | 06 | 07 | 08 | 09 | 10 | 11 | 12 | 13 | 14 | 15 | 16 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | 31 |
| Type = 0 | Code = 0 | Header Checksum |
| Identifier | Sequence Number |
| Data ::: |
- Type and code must be set to 0.
- The identifier and sequence number can be used by the client to determine which echo requests are associated with the echo replies.
- The data received in the echo request must be entirely included in the echo reply.
Payload
The payload of the packet is generally filled with letters of the alphabet as this ASCII tcpdump shows
16:24:47.966461 IP (tos 0x0, ttl 128, id 15103, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.146.22 > 192.168.144.5: ICMP echo request, id 1, seq 38, length 40
0x0000: 4500 003c 3aff 0000 8001 5c55 c0a8 9216 E..<:.....\U.... 0x0010: c0a8 9005 0800 4d35 0001 0026 6162 6364 ......M5...&abcd 0x0020: 6566 6768 696a 6b6c 6d6e 6f70 7172 7374 efghijklmnopqrst 0x0030: 7576 7761 6263 6465 6667 6869 uvwabcdefghi
In gaming
In network multiplayer games like Left 4 Dead, Unreal Tournament, Quake, Battlefield, Call of Duty, Counter Strike, Combat Arms, Halo,Gunz etc., the server notes the time it requires for a game packet to reach a client and a response to be received. This round-trip time is usually reported as the player's 'ping'. It is used as an effective measurement of the player's lag, with lower ping times being desirable. Note that this style of ping typically does not use ICMP packets.
See also
References
- ^ a b "The Story of the PING Program". http://ftp.arl.mil/~mike/ping.html. Retrieved on 29 December 2008.
- ^ Salus, Peter (1994). A Quarter Century of UNIX. Addison-Wesley. ISBN 0201547775.
External links
