Ping is a tool commonly used to find the status of a device on a network. Ping is based on the ICMP protocol. When a Ping process request is sent out as an ICMP echo to the target device, it replies with an ICMP echo reply if the device is available.
Purpose of Ping command
ping is used to send a test packet, or echo packet, to a device to find out whether it is reachable and how long the packet takes to reach the device. There are two important purposes.
- test the network availability to the device
- network latency between two devices
Ping command is a simple way to check whether we have access to the particular host. But this method works only if ICMP and ping is enabled in that network. If ICMP is disabled, we can not get a proper response.
Example of Ping Command
$ ping google.com
PING google.com (184.108.40.206): 56 data bytes
64 bytes from 220.127.116.11: icmp_seq=0 ttl=100 time=87.363 ms
64 bytes from 18.104.22.168: icmp_seq=1 ttl=100 time=89.754 ms
64 bytes from 22.214.171.124: icmp_seq=2 ttl=100 time=90.045 ms
--- google.com ping statistics ---
4 packets transmitted, 3 packets received, 25.0% packet loss
round-trip min/avg/max/stddev = 87.363/89.054/90.045/1.202 ms
- from: The destination and its IP address. Note that the IP address may be different for a website depending on our geographical location.
- icmp_seq=0: The sequence number of each ICMP packet. Increases by one for every subsequent echo request.
- ttl=100: The Time to Live value from 1 to 255. It represents the number of networks hops a packet can take before a router discards it.
- time=87.68 ms: The time it took a packet to reach the destination and come back to the source. Expressed in milliseconds.
The ping command can also be used to check for packet loss. When you run the ping command, it sends a series of packets to the specified destination and waits for a response.
If any of the packets are lost or do not receive a response, the ping command will report the percentage of packets lost.
For example, if you run the ping command and it reports “0% packet loss,” that means all of the packets that were sent were received successfully. However, if it reports “10% packet loss,” that means 10% of the packets that were sent did not receive a response and were lost.
So, the ping command is a useful tool for checking network connectivity and identifying any packet loss issues that may be affecting your connection.
Change Ping Packet Size in Ping Command
In some scenarios, we may want to use -s to increase the packet size from the default value of 64 bytes.
For example, to increase the packet size to 1000 bytes:
ping -s 1000 google.com
ICMP Packet Structure
ICMP is part of IP, and it relies on IP to transmit its messages. ICMP contains a relatively small header that changes depending on its purpose. The ICMP header contains the following fields:
- Type The type or classification of the ICMP message, based on the RFC specification
- Code The subclassification of the ICMP message, based on the RFC specification
- Checksum Used to ensure that the contents of the ICMP header and data are intact upon arrival
- Variable A portion that varies depending on the Type and Code fields
Let’s see an example of ICMP packet.
00 0c 29 f8 1c 7c 00 0c 29 23 c1 05 08 00 45 00
00 3c 02 04 00 00 80 01 6a 2e c0 a8 01 01 c0 a8
01 02 08 00 28 b6 7c 01 00 00 00 00 09 00 00 00
00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1a
1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a
2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37
This is a hexadecimal dump of the packet. ICMP packets are often used for diagnostic or error reporting purposes in networking.
In this example, the packet contains the following fields:
- Ethernet header: The first 14 bytes represent the Ethernet header. The source MAC address is 00 0c 29 f8 1c 7c, and the destination MAC address is 00 0c 29 23 c1 05.
- IP header: The next 20 bytes represent the IP header. The source IP address is 192.168.1.1, and the destination IP address is 192.168.1.2.
- ICMP header: The next 8 bytes represent the ICMP header. The type is 8 (echo request), the code is 0, and the checksum is 28 b6.
- Payload: The rest of the packet contains the payload, which can vary depending on the specific ICMP message being sent. In this example, the payload is 00 00 00 00 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1a 1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37, which represents some arbitrary data.
Capture Ping Packet with tcpdump Command
We can use this tcpdump command to filter all ping packets. Here we use eth0 network interface in all our examples. Please change it based on the environment.
# tcpdump -i eth0 icmp
To filter ICMP echo-requests, we can use this tcpdump command.
# tcpdump -i eth0 "icmp == 8"
These are the packets we get captured with tcpdump command.
14:37:14.555295 IP 10.79.101.23 > 126.96.36.199: ICMP echo request, id 61205, seq 0, length 6414:37:15.557948 IP 10.79.101.23 > 188.8.131.52: ICMP echo request, id 61205, seq 1, length 6414:37:16.562905 IP 10.79.101.23 > 184.108.40.206: ICMP echo request, id 61205, seq 2, length 64
Ping Command Options
Here are 5 common ping command options with examples:
“-c” option: This option specifies the number of packets to send. For example, to send 5 packets, you can use the following command:
ping -c 5 google.com
“-i” option: This option sets the interval between successive packets. For example, to send packets at an interval of 3 second, you can use the following command:
ping -i 3 google.com
-w deadline: It specifys a timeout, in seconds, before ping exits regardless of how many packets have been sent or received. In this case ping does not stop after count packet are sent, it waits either for deadline expire or until count probes are answered or for some error notification from network.
The “-W” option in the ping command specifies the timeout in seconds for each packet sent. It sets the amount of time that the ping command waits for a response after sending each packet. If a response is not received within the specified timeout period, the packet is considered lost.
Here’s an example of using the “-W” option with a timeout of 5 seconds to ping google.com:
ping -W 5 google.com
In this example, the ping command will send packets to google.com and wait for a response for up to 5 seconds for each packet. If a response is not received within 5 seconds, the packet will be considered lost and the ping command will display a message indicating the packet loss. You can adjust the timeout period by changing the value after the “-W” option.
The following is the full list of options in ping command.
- a Generates a sound when the peer can be reached.
- b Allows to ping a broadcast IP address.
- B Prevents the ping to change the source address of the probe.
- c (count) Limits the number of sent ping requests.
- d Sets the SO-DEBUG option on the used socket.
- f Floods the network by sending hundreds of packets per second.
- i (interval) Specifies an interval between successive packet transmissions. The default value is one second.
- I (interface address) Sets the source IP address to the specified interface IP address. The option is required when pinging IPv6 link local address. You can use an IP address or name of the device.
- l (preload) Defines the number of packets to send without waiting for a reply. To specify a value higher than 3, you need superuser permissions.
- n Displays IP addresses in the ping output rather than hostnames.
- q Shows a quiet output. One ping line is displayed and the summary of the ping command at the end.
- T (ttl) Sets the Time To Live.
- v Provides verbose output.
- V Displays the ping version and exits to a new command prompt line.
- w (deadline) Specifies a time limit before the ping command exits, regardless of how many packets have been sent or received.
- W (timeout) Determines the time, in seconds, to wait for a response.
Exploring ICMP Protocol with Examples
Understanding Ping Command and ICMP with Examples
Exploring ICMP Port Number with Example