Skip to main content

Ping Tutorial


Ping is a simple yet very useful tool for checking network connectivity and reachability between different hosts and other resources on IP networks. It can be used to check out whether the peer, host, gateway or some network resource is alive and reachable. Although by default it is installed on all modern operating systems, from Windows, Apple to Linux/Unix like, linux version of a tool has most options. 

It functions in a way that sends small packets to an IP resource who if is alive answers by sending packets back. Tool itself uses the ICMP protocol which has been created for the purpose of getting information about other resources on the network. The ICMP packets sent from the host are called echo_request and the packets sent back from destination are clled echo_response

















    Use PING to check reachability of network resource
To check network resource availability, or to see if some host on copmurer network is alive, PING tool can be used. To use PING on Windows OS, enter command line by going to Start > run and enter "cmd". Once is command line, You can check reachability of host google.com for example: 

C:\Users\John>ping google.com Pinging google.com [173.194.70.102] with 32 bytes of data: Reply from 173.194.70.102: bytes=32 time=55ms TTL=252 Reply from 173.194.70.102: bytes=32 time=54ms TTL=252 Reply from 173.194.70.102: bytes=32 time=53ms TTL=252 Reply from 173.194.70.102: bytes=32 time=51ms TTL=252 Ping statistics for 173.194.70.102: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 51ms, Maximum = 55ms, Average = 53ms
(Here we can see that host google.com replied with 4 ICMP packets, and 0% packets are lost. This indicates that host is alive and reachable.) 

In this example, host microsoft.com with an IP [64.4.11.37] did not replied, which could indicate that host is not alive: 

C:\Users\John>ping microsoft.com Pinging microsoft.com [64.4.11.37] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 64.4.11.37: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)
(In this case, host didn't replied, but it doesn't mean it's dead. The result "Request timed out." and 100% packets loss can also mean that the host just doesn't answer to ICMP request. Althought it can mean that host is dead or not connected on IP network at all, in this case external firewall is blocking the ICMP traffic due to security recommendation. But the host itself runs a webserver. We can easily surf the hosts webpage which means that host is very much alive.) 

    Ping RTT (Round Trip Time) or "response time"
Response time or RTT is the length of time it takes for a signal to be sent and received acknowledgment for it. Meaning, this information can be used to determine delay and congestion on IP network. It is presented by timefiled in Ping's command output and displayed in milliseconds. In previous exmple, Average RTT is 53ms which isn't bad. It means that traffic is probably going through network with poor cable quality or in our case over Wifinetwork. On a quality Local Network LAN, response time is usualy less than "<" 2ms. Poor network quality, physical remoteness of destination and type of network all affect on response time. 

    Ping TTL or "Time-to-Live"
TTL or Time-To-Live indicates the number of routers between the source and destination we're trying to ping. The TTL is used to prevent an IP packet from looping inside an IP network and causing a network congestion. The initial TTL value for an IP packet is 255 and it's decremented by 1 each time it encounters a new router. When TTL value reaches 0, the packet is discarded preventing packet from looping. 

    Ping Examples
Using -t switch on windows, we can continuously ping host. To stop pinging, we'll use keys to break: 

C:\Users\John&gt;ping -t 192.168.10.200 Pinging 192.168.10.200 with 32 bytes of data: Reply from 192.168.10.200: bytes=32 time=7ms TTL=64 Reply from 192.168.10.200: bytes=32 time=2ms TTL=64 Reply from 192.168.10.200: bytes=32 time=2ms TTL=64 Reply from 192.168.10.200: bytes=32 time=2ms TTL=64 Reply from 192.168.10.200: bytes=32 time=2ms TTL=64 Reply from 192.168.10.200: bytes=32 time=4ms TTL=64 Ping statistics for 192.168.10.200: Packets: Sent = 7, Received = 7, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 2ms, Maximum = 7ms, Average = 3ms Control-C ^C
(This can come handy in testing while pluging hosts network cable to switch or patch panel for example. This way on the monitor of a host we can exactely see once we have network connectivity.) 

On linux, with -i switch we can define interval seconds between pings: 

linux-box# ping -i 5 192.168.10.1 PING 192.168.10.1 (192.168.10.1) 56(84) bytes of data. 64 bytes from 192.168.10.1: icmp_req=1 ttl=64 time=1.36 ms 64 bytes from 192.168.10.1: icmp_req=2 ttl=64 time=1.06 ms ^C --- 192.168.10.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 10007ms rtt min/avg/max/mdev = 1.068/1.232/1.368/0.127 ms
(in this case interval is 5 seconds) 


To check whether the local network or localhost's TCP/IP stack is up and running we can use any of the following 3 methods: 

linux-box# ping 0 PING 0 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.042 ms 64 bytes from 127.0.0.1: icmp_req=2 ttl=64 time=0.035 ms ^C --- 0 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.035/0.038/0.042/0.007 ms


linux-box# ping 127.0.0.1 PING 0 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.042 ms 64 bytes from 127.0.0.1: icmp_req=2 ttl=64 time=0.035 ms ^C --- 0 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.035/0.038/0.042/0.007 ms


linux-box# ping localhost PING 0 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_req=1 ttl=64 time=0.042 ms 64 bytes from 127.0.0.1: icmp_req=2 ttl=64 time=0.035 ms ^C --- 0 ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.035/0.038/0.042/0.007 ms


Using -f switch, it's also possible to send hundred or more packets per second. This means You can flood network in short time: 

linux-box# ping -f 192.168.10.101 PING 192.168.10.101 (192.168.10.101) 56(84) bytes of data. . ..^C --- 192.168.10.101 ping statistics --- 2091 packets transmitted, 2089 received, 0% packet loss, time 6363ms rtt min/avg/max/mdev = 1.451/3.015/15.058/0.802 ms, ipg/ewma 3.044/3.311 ms
(As shown in this example, ping -f has sent more than 2000 packets in few seconds.) 
Labels:

Comments

Post a Comment

Popular posts from this blog

Cisco three-layer hierarchical model

Because networks can be extremely complicated, with multiple protocols and diverse technologies, Cisco has developed a layered hierarchical model for designing a reliable network infrastructure. This three-layer model helps you design, implement, and maintain a scalable
Post a Comment
Read more

Debugging on Cisco ASA

Most of debuging on Cisco ASA can be done with simply entering  "debug"  in front of command for which we want to do debugging. For example if wanted to see/capture icmp traffic from user enter: 
Post a Comment
Read more

Classes of IP addresses

TCP/IP defines five classes of IP addresses: class A, B, C, D, and E. Each class has a range of valid IP addresses. The value of the first octet determines the class. IP addresses
Post a Comment
Read more