PING

All About PING

PING (Packet Internet Groper)

Overview

The PING utility is a diagnostic tool used to test two ports on a network for connectivity by sending a series of packets (usually ICMP Echo Request) to the target and measuring the response as an ICMP Echo Reply. It is perhaps one of the most commonly used tools to determine if a remote host is reachable, and it also provides information about the latency between source and destination.

The name "ping" takes its inspiration from sonar technology where an underwater submarine transmits sound waves and just listens to what comes back, pretty much in the same way that the ping utility does with network packets.

History

The PING utility was created by Mike Muuss in 1983 for the debugging of network problems. It quickly became the crux of system administrators and network engineers due to its simplicity and effectiveness.

How PING Works

PING works over the Internet Control Message Protocol, that is, part of the IP family. Here's how it usually works:

  • ICMP Echo Request: The source machine sends an ICMP Echo Request packet to the destination machine.
  • ICMP Echo Reply: The destination machine, if reachable, responds with an ICMP Echo Reply packet.
  • Round-Trip Time (RTT): The source machine will compute how many milliseconds the packets take to make the round trip between those two devices.
  • Packet Loss: If any of those packets aren't returned, the percentage of lost packets is displayed, which can be indicative of a wide range of problems from network congestion to configuration errors.

Basic PING Command Syntax

The basic syntax to run the ping command from a terminal (or command prompt) is as follows:

ping <destination>

For example:

ping www.example.com

Sample PING Output

The usual output of PING includes the following:

  • Packet Sent: Number of ICMP Echo Request packets sent.
  • Packets Received: Number of packets received as ICMP Echo Reply.
  • Packet Loss: % (if any) lost.
  • Round-Trip Time (RTT): Minimum, maximum, and average time in milliseconds taken for the packets to travel to the destination and come back.
PING www.example.com (93.184.216.34): 56 data bytes
64 bytes from 93.184.216.34: icmp_seq=0 ttl=56 time=24.5 ms
64 bytes from 93.184.216.34: icmp_seq=1 ttl=56 time=24.3 ms
64 bytes from 93.184.216.34: icmp_seq=2 ttl=56 time=24.4 ms

--- www.example.com ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 24.3/24.4/24.5/0.1 ms

PING Options

On different operating systems, the ping command accepts different options for advanced usage. Some of them include:

  • -c count: Specify the number of ICMP requests to send (e.g., ping -c 5 example.com sends 5 requests).
  • -t: Continuous ping (Linux) or specify the number of pings with -n (Windows).
  • -i interval: Specify interval in seconds between requests (e.g., ping -i 2 example.com waits 2 seconds between pings).
  • -s size: Specify the packet size of the ping.
  • -w timeout: Set the timeout in seconds for a reply.
  • -q: Show only statistics.
  • -D: Display timestamps along with each sent packet.

Windows

ping -t <destination>  # Ping continuously until interrupted (Ctrl+C)
ping -n 5 <destination>   # Ping 5 times
ping -l 1000 <destination> # Send ping requests with 1000-byte packets

Linux/macOS

ping -c 4 <destination>    # Send 4 ICMP Echo requests and stop
ping -i 2 <destination>    # Interval of 2 seconds between pings
ping -s 1000 <destination> # Send ICMP packets with 1000 bytes of payload

Applications of PING

  • Testing Connectivity: Determine if a device like a router or server is available on the network.
  • Measuring Latency: Use RTT to estimate network latency between devices.
  • Diagnosing Packet Loss: Report packet loss, indicating potential network congestion or issues.
  • Verifying DNS Resolution: Check if a domain name is resolving to an IP address, useful for diagnosing DNS issues.
  • Network Troubleshooting: Network administrators can isolate issues, like determining if the problem is with the external network or ISP.

Limitations of PING

  • Filtered by Firewalls: Many servers and firewalls block ICMP requests to prevent attacks.
  • Basic Connectivity Check: PING only checks if the target is reachable, not network quality like bandwidth or jitter.
  • Time-Sensitive Issues: High latency can indicate network slowness but doesn't provide a cause.
  • ICMP Rate Limiting: Some systems limit ICMP packets, which may affect PING results.

PING Flood and PING of Death

  • PING Flood: A DoS attack where a large number of PING requests overwhelm the target, causing network congestion.
  • PING of Death: An older attack that involved sending oversized PING packets, causing crashes or reboots on vulnerable systems.

Extension Tools with PING

  • Fping: Sends PING requests to multiple hosts simultaneously.
  • Hping: A tool for network scanning and auditing, supporting ICMP, TCP, and UDP.
  • NPing: Part of the Nmap suite, Nping allows simulation of different types of network traffic.

PING and Network Monitoring

Many network monitoring tools like Nagios and Zabbix use PING to check host availability. If the PING fails, an alert is sent to the network administrator for further investigation.

Modern Developments of PING

With IPv6 adoption, new commands like ping6 are used to perform PING operations on IPv6 addresses, similar to how PING works for IPv4 but adapted for the larger IPv6 address space.

PING remains a simple yet powerful tool for diagnosing basic network connectivity issues. It is indispensable for system administrators, network engineers, and IT professionals for quick checks and performance evaluations in networks.