What is Ping? Ping is a program that allows a user to verify that a particular IP address exists and can accept requests. This is verified by sending a series of packets to the remote computer.
The Ping Process A. The source host generates an ICMP protocol data unit. B. The ICMP PDU is encapsulated in an IP datagram, with the source and destination IP addresses in the IP header. At this point the datagram is most properly referred to as an ICMP ECHO datagram, but we will call it an IP datagram from here on since that's what it looks like to the networks it is sent over. C. The source host notes the local time on it's clock as it transmits the IP datagram towards the destination. Each host that receives the IP datagram checks the destination address to see if it matches their own address or is the all hosts address (all 1's in the host field of the IP address). D. If the destination IP address in the IP datagram does not match the local host's address, the IP datagram is forwarded to the network where the IP address resides. E. The destination host receives the IP datagram, finds a match between itself and the destination address in the IP datagram. F. The destination host notes the ICMP ECHO information in the IP datagram, performs any necessary work then destroys the original IP/ICMP ECHO datagram. G. The destination host creates an ICMP ECHO REPLY, encapsulates it in an IP datagram placing it's own IP address in the source IP address field, and the original sender's IP address in the destination field of the IP datagram. H. The new IP datagram is routed back to the originator of the PING. The host receives it, notes the time on the clock and finally prints PING output information, including the elapsed time The process above is repeated until all requested ICMP ECHO packets have been sent and their responses have been received or the default 2-second timeout expired. The default 2-second timout is local to the host initiating the PING and is NOT the Time-To-Live value in the datagram.
NOTES ON 'FAILED' RESPONSES Note that an ICMP ECHO REPLY might return after the default 2-second timeout. Thus the packet did return, it just did not do so in the 2 seconds alotted. When experiencing so-called packet loss when using ping, it is always a good idea to increase the default 2 second timeout to see if packets are no longer being dropped. If increasing the default timeout value seems to improve performance by reducing packet loss, then your problem is NOT a packet loss issue, it is a congestion issue caused by high load at one of the following locations (in order of frequency):
A. Your own Internet connection to your ISP B. The remote server C. The remote host's connection to their ISP D. A peering point between two ISP's which your traffic transits over Large companies maintaining websites (eg. Google, Yahoo, Microsoft, CNN, AOL etc.) usually monitor their Internet connections to help them prepare for upgrades to their Internet provider before any serious issues arise. They keep a five minute running average byte-count of the input and output of each Internet pipe and trend the utilization over weeks, months and years. This gives them the ability to predict when they will run out of bandwidth under normal usage.
DENIAL OF SERVICE(DOS) However, companies can't always prepare for everything. Today there are scripts available that allow any child with the ability to read and type to initiate what is called a denial of service (DoS) attack, or a distributed denial of service (DDoS) attack. Both attacks are designed to deny functional service to the their target systems by confusing, crashing or outright overloading the remote server or flooding it's Internet connection with useless traffic. These attacks have adverse affects on the performance of ping in ways that are not immediately obvious. An ongoing attack will make the site appear to be down, losing packets or just slow, depending on the severity and level of attack. Since DoS/DDoS attacks use PING, the administrator may take defensive actions that will interfere with or block the ability to PING.
RATE LIMITS, ACCESS LISTS AND FIREWALLS Any website's administrator may have actually planned ahead for a denial of service attack and added rate limits or access lists that restrict or block PING. Many firewalls block all ICMP directed at protected hosts by default. Denial of service attacks are so common these days that this sort of action is actually quite prudent, so long as there is another means of verifying connectivity. As stated elsewhere in this site, PING is really not the best tool for checking packet loss and latency. There is really no way to know if a remote server's Internet gateway is using rate limits or access lists from the PING results you receive. Thus, you can't always trust PING and especially not for any true indication of packet loss or latency and even what seems to be availability problems can't always be trusted.If you are getting undesireable or strange ping results, use your brain and use other means of testing the connection such as browsing the website, using a traceroute or sending a piece of e-mail or DNS request. [ If you really know what you're doing, you can emulate a web request or an e-mail connection using the command line and use the output to diagnose the problem --InetD ]
How to use Ping. You can use the Ping command to perform several useful Internet network diagnostic tests, such as the following:
• Access. You can use Ping to see if you can reach another computer. If you can't ping a site at all, but you can ping other sites, then it's a pretty good sign that your Internet network is fine and that site is down. On the other hand, if you can't ping any site, then likely your entire network connection is down -- try rebooting
• Time & distance. You can use the Ping command to determine how long it takes to bounce a packet off of another site, which tells you its Internet distance in network terms. For example, a site hosted on your neighbor's computer next door with a different Internet service provider might go through more routers and be farther away in network distance than a site on the other side of the ocean with a direct connection to the Internet backbone.
If a site seems slow, you can compare ping distances to other Internet sites to determine whether it is the site, the network, or your system that is slow. You can also compare ping times to get an idea of which sites have the fastest network access and would be most efficient for downloading, chat, and other applications.
• Domain IP address. You can use the Ping command to probe either a domain name or an IP address. If you ping a domain name, it helpfully displays the corresponding IP address in the response.
Online ping If you can't use the Ping command from your own computer because of a firewall or other restriction, or want to do an Internet ping from another location than your own, you can use one of the following web sites that offer online ping services: • his.com Ping • InterWorld Ping • Multiple PING Gateway • SamSpade.org Tools • Spfld.com Ping • Theworldsend.net ping Remember when doing an online ping that the packets are sent from that web site, so the times that are returned reflect the path from that location and not from your computer. Nevertheless, a ping from an online web site can be useful to test if an address can be reached from different places around the Internet, to do comparative timing to test how long it takes to reach one site compared to others. If the times returned by several online ping sites to an Internet address are consistently long, then the destination site's network is likely having problems. On the other hand, if you can ping an address from an online ping site but not from your own computer, then there is likely some block in your network preventing you from communicating with that site.
Option: ping -c count Example: ping -c 10 Definition: Specify the number of echo requests to send
Option: Ping -d Example: ping -d Definition: Set the SO_DEBUG option
Option: Ping -f Example: Ping -f Definition: Flood ping. Sends another echo request immediately after receiving a reply to the last one. Only the super-user can use this option.
Option: Ping host Example: ping 121.4.3.2 Definition: Specify the host name (or IP address) of computer to ping
Option: ping -i wait Example: ping -i 2 Definition: Wait time. The number of seconds to wait between each ping
Option: ping -l preload Example: ping -l 4 Definition: Sends "preload" packets one after another
Option: Ping -n Example: ping -n Definition: Numeric output, without host to symbolic name lookup
Option: Ping -p pattern Example: ping -p ff00 Definition: Ping Pattern. The example sends two bytes, one filled with ones, and one with zeros
Option: Ping -q Example: Ping -q Definition: Quiet output. Only summary lines at startup and completion
Option: ping -r Example: ping -r Definition: Direct Ping. Send to a host directly, without using routing tables. Returns an error if the host is not on a directly attached network
Option: Ping -R Example: Ping -R Definition: Record Route. Turns on route recording for the Echo Request packets, and display the route buffer on returned packets (ignored by many routers)
Option: ping -s PacketSize Example: ping -s 10 Definition: Sets the packet size in number of bytes, which will result in a total packet size of PacketSize plus 8 extra bytes for the ICMP header
Option: ping -v Example: ping -v Definition: Verbose Output. Lists individual ICMP packets, as well as Echo Responses
Send Message
