All Topics  
Ping

 

 
   Email Print
   Bookmark   Link
 
 

 

Ping
 
 
  Topics Ping Topic Home

Ping is a computer networkComputer network

A computer network is a group of interconnected computers....
 tool used to test whether a particular hostNode (networking)

A node is a device that is connected as part of a computer network....
 is reachable across an IPInternet protocol suite

The Internet protocol suite is the set of communications protocols that implement the protocol stack on which the Internet a...
 network; it is also used to self test the network interface card of the computer. It works by sending ICMPInternet Control Message Protocol

The Internet Control Message Protocol is one of the core protocols of the Internet protocol suite....
 “echo request” packets to the target host and listening for ICMP “echo response” replies. Ping estimates the round-trip time, generally in milliseconds, and records any packet lossPacket loss

Packet loss occurs when one or more packets of data traveling across a computer networking fail to reach their destination....
, and prints a statistical summary when finished.

The word ping is also frequently used as a verb or noun, where it can refer directly to the round-trip time, the act of running a ping program or measuring the round-trip time.

History

Mike MuussMike Muuss

Michael John Muuss was author of the freeware network tool Ping....
 wrote the program in December, 1983, as a tool to troubleshoot odd behavior on an IP network. He named it after the pulses of sound made by a sonarSonar

SONAR  — or sonar — is a technique that uses sound propagation under water to navigate or to de...
, since its operation is analogous to active sonar in submarines, in which an operator issues a pulse of energy (a network packet) at the target, which then bounces from the target and is received by the operator. Later David L. MillsDavid L. Mills

David L. Mills was the first head of the Internet Architecture Board....
 provided a backronymBackronym

A backronym or bacronym is a type of acronym that begins as an ordinary word, and is later interpreted as an acronym....
, "Packet InterNet Groper" (sometimes also defined as "Packet Inter-Network Groper).

The usefulness of ping in assisting the "diagnosis" of Internet connectivity issues was impaired from late in 2003, when a number of Internet Service ProviderInternet service provider

An Internet service provider is a business or organization that sells to consumers access to the Internet and related servic...
s filtered out ICMP Type 8 messages at their network boundaries.

This was partly due to the increasing use of ping for target reconnaissance, for example by Internet wormsComputer worm Summary

A computer worm is a self-replicating computer program....
 such as Welchia that flood the Internet with ping requests in order to locate new hostComputer

A computer is a machine for manipulating data according to a list of instructions known as a program....
s to infect. Not only did the availability of ping responses leak information to an attacker, it added to the overall load on networks, causing problems for routerRouter

A router is a computer networking device that forwards data packets across a network toward their destinations, through a pr...
s across the Internet.

Although prescribes that any host must accept an echo-request and issue an echo-reply in return, one finds that this standard is frequently not followed on the public Internet. Notably, Windows XPWindows XP Summary

Windows XP is a line of operating systems developed by Microsoft for use on general-purpose computer systems, including home...
 SP1 will not respond to an echo request on the public Internet in the default configuration.

Proponents of not honoring echo requests say that this practice increases network security. However, attackers can still send network packets to a machine, regardless of whether it responds to a ping. Those who insist that the standard be followed say that not honoring ping interferes with network diagnostics.

ICMP packet

ICMP ping packet
  Bit 0 - 7 Bit 8 - 15 Bit 16 - 23 Bit 24 - 31
IP Header
(160 bits OR 20 Bytes)		 Version/IHL Type of service Length
Identificationflags et offset
Time To Live(TTL) Protocol Checksum
Source IP address
Destination IP address
ICMP Payload
(64+ bits OR 8+ Bytes)		 Type of message Code Checksum
Quench
Data (optional)


Composition of an ICMP Echo Reply packet
  • Header (in blue), with Protocol set to 1 and Type of Service set to 0.
  • Type of ICMP message (8 bits)
  • Code (8 bits)
  • Checksum (16 bits), calculated with the ICMP part of the packet (the header is not used)
  • Data load for the different kind of answers (Can be an arbitrary length, left to implementation detail. However must be less than the maximum MTU of the network).

Sample pinging

Sample with Linux

The following is a sample output of pinging en.wikipedia.org under LinuxLinux

Linux is a Unix-like computer operating system....
 with the iputils version of ping:
herlitzcorp@admin# ping en.wikipedia.org
PING rr.pmtpa.wikimedia.org (66.230.200.100) 56(84) bytes of data.
64 bytes from rr.pmtpa.wikimedia.org (66.230.200.100): icmp_seq=1 ttl=52 time=87.7 ms
64 bytes from rr.pmtpa.wikimedia.org (66.230.200.100): icmp_seq=2 ttl=52 time=95.6 ms
64 bytes from rr.pmtpa.wikimedia.org (66.230.200.100): icmp_seq=3 ttl=52 time=85.4 ms
64 bytes from rr.pmtpa.wikimedia.org (66.230.200.100): icmp_seq=4 ttl=52 time=95.8 ms
64 bytes from rr.pmtpa.wikimedia.org (66.230.200.100): icmp_seq=5 ttl=52 time=87.0 ms
64 bytes from rr.pmtpa.wikimedia.org (66.230.200.100): icmp_seq=6 ttl=52 time=97.6 ms

--- rr.pmtpa.wikimedia.babunlaut ping statistics ---
10 packets transmitted, 10 received, 0% packet loss, time 8998ms
rtt min/avg/max/mdev = 78.162/89.213/97.695/6.836 ms

This output shows that en.wikipedia.org is a DNSDomain name system

The domain name system stores and associates many types of information with domain names, but most importantly, it translat...
 CNAME record for rr.pmtpa.wikimedia.org which then resolves to 66.230.200.100.

The output then shows the results of making 10 pings to 66.230.200.100 with the results summarized at the end. (To stop the program in Linux or Windows, press Ctrl+C.)
  • shortest round trip timeRound-trip delay time

    In telecommunications, the term round-trip delay time or round-trip time has the following meanings:...
     was 78.162 milliseconds
  • average round trip time was 89.213 milliseconds
  • maximum round trip time was 97.695 milliseconds
  • Standard deviationStandard deviation

    In probability and statistics, the standard deviation of a probability distribution, random variable, or population or multi...
     of the round-trip time was 6.836 milliseconds

Sample with Windows

The following is a sample output of pinging en.wikipedia.org under WindowsMicrosoft Windows

Microsoft Windows is a family of operating systems by Microsoft....
 from within the Command Prompt:

[localhost] ping en.wikipedia.org
Pinging rr.pmtpa.wikimedia.org [66.230.200.100] with 32 bytes of data:
Reply from 66.230.200.100: bytes=32 time=57ms TTL=44
Reply from 66.230.200.100: bytes=32 time=59ms TTL=44
Reply from 66.230.200.100: bytes=32 time=59ms TTL=44
Reply from 66.230.200.100: bytes=32 time=54ms TTL=44

Ping statistics for 66.230.200.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 54ms, Maximum = 59ms, Average = 57ms

Sample with Mac OS X

The following is a sample output of pinging en.wikipedia.org under Mac OS X Leopard using the TerminalTerminal (application)

Terminal is an application included with Apple's Mac OS X operating system, and is also present in OS X's progenitor, OPENST...
:

Macintosh:~ simonh$ ping -c 10 en.wikipedia.org
PING rr.knams.wikimedia.org (91.198.174.2): 56 data bytes
64 bytes from 91.198.174.2: icmp_seq=0 ttl=53 time=40.019 ms
64 bytes from 91.198.174.2: icmp_seq=1 ttl=53 time=47.502 ms
64 bytes from 91.198.174.2: icmp_seq=2 ttl=53 time=43.208 ms
64 bytes from 91.198.174.2: icmp_seq=3 ttl=53 time=50.851 ms
64 bytes from 91.198.174.2: icmp_seq=4 ttl=53 time=46.556 ms
64 bytes from 91.198.174.2: icmp_seq=5 ttl=53 time=42.180 ms
64 bytes from 91.198.174.2: icmp_seq=6 ttl=53 time=49.853 ms
64 bytes from 91.198.174.2: icmp_seq=7 ttl=53 time=45.556 ms
64 bytes from 91.198.174.2: icmp_seq=8 ttl=53 time=41.186 ms
64 bytes from 91.198.174.2: icmp_seq=9 ttl=53 time=48.836 ms

--- rr.knams.wikimedia.org ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max/stddev = 40.019/45.575/50.851/3.588 ms

Message format

Echo request

The echo request is an ICMPInternet Control Message Protocol

The Internet Control Message Protocol is one of the core protocols of the Internet protocol suite....
 message whose data is expected to be received back in an echo reply ("pong"). The host must respond to all echo requests with an echo reply containing the exact data received in the request message.

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Type = 8 Code = 0 Header Checksum
Identifier Sequence Number
Data


  • Type must be set to 8.
  • Code must be set to 0.
  • The Identifier and Sequence Number can be used by the client to match the reply with the request that caused the reply. In practice, most Linux systems use a unique identifier for every ping process, and sequence number is an increasing number within that process. Windows uses a fixed identifier, which varies between Windows versions, and a sequence number that is only reset at boot time.
  • The data received by the Echo Request must be entirely included in the Echo Reply.

Echo reply

The echo reply is an ICMP message generated in response to an echo request, and is mandatory for all hosts and routers.

00 01 02 03 04 05 06 07 08 09 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31
Type = 0 Code = 0 Header Checksum
Identifier Sequence Number
Data


  • Type and code must be set to 0.
  • The identifier and sequence number can be used by the client to determine which echo requests are associated with the echo replies.
  • The data received in the echo request must be entirely included in the echo reply.

Payload

The payload of the packet is generally filled with letters of the alphabet as this ASCII tcpdump shows

16:24:47.966461 IP (tos 0x0, ttl 128, id 15103, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.146.22 > 192.168.144.5: ICMP echo request, id 1, seq 38, length 40

0x0000: 4500 003c 3aff 0000 8001 5c55 c0a8 9216 E..<:.....\U....
0x0010: c0a8 9005 0800 4d35 0001 0026 6162 6364 ......M5...&abcd
0x0020: 6566 6768 696a 6b6c 6d6e 6f70 7172 7374 efghijklmnopqrst
0x0030: 7576 7761 6263 6465 6667 6869 uvwabcdefghi

See also

  • TracerouteTraceroute

    traceroute is a computer network tool used to determine the route taken by packets across an IP network....
    , mtr (My traceroute)
  • fpingFping Summary

    fping is a computer network utility program that can be compiled and run on various POSIX Operating Systems....
  • List of DOS commandsList of DOS commands

    A list of DOS commands for Microsoft's MS-DOS operating system...
  • PingotronPingotron Overview

    Pingotron is a computer program for controlling and monitoring network devices, such as computers, network printers,...
  • Ping (video games)Ping (video games)

    Players of multiplayer online video games often use the term ping to refer to the network latency seen between their compute...
  • Ping of deathPing of death

    A ping of death is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a compute...
  • List of Unix programsList of Unix programs

    This is a list of Unix programs. Some of these programs are standard utilities that will be found on any Unix or Unix-like o...




External links

  • by its author, Mike Muuss
  • for educational purposes