Ping is a tool commonly used to find the status of a device on a network. Ping is based on the ICMP protocol. When a Ping process request is sent out as an ICMP echo to the target device, it replies with an ICMP echo reply if the device is available.
Table of Contents
Purpose of Ping command
ping is used to send a test packet, or echo packet, to a device to find out whether it is reachable and how long the packet takes to reach the device. There are two important purposes.
- test the network availability to the device
- network latency between two devices
Ping command is a simple way to check whether we have access to the particular host. But this method works only if ICMP and ping is enabled in that network. If ICMP is disabled, we can not get a proper response.
Example of Ping Command
$ ping google.com
PING google.com (188.8.131.52): 56 data bytes
64 bytes from 184.108.40.206: icmp_seq=0 ttl=100 time=87.363 ms
64 bytes from 220.127.116.11: icmp_seq=1 ttl=100 time=89.754 ms
64 bytes from 18.104.22.168: icmp_seq=2 ttl=100 time=90.045 ms
--- google.com ping statistics ---
4 packets transmitted, 3 packets received, 25.0% packet loss
round-trip min/avg/max/stddev = 87.363/89.054/90.045/1.202 ms
- from: The destination and its IP address. Note that the IP address may be different for a website depending on our geographical location.
- icmp_seq=0: The sequence number of each ICMP packet. Increases by one for every subsequent echo request.
- ttl=100: The Time to Live value from 1 to 255. It represents the number of networks hops a packet can take before a router discards it.
- time=87.68 ms: The time it took a packet to reach the destination and come back to the source. Expressed in milliseconds.
The ping command can also be used to check for packet loss. When you run the ping command, it sends a series of packets to the specified destination and waits for a response.
If any of the packets are lost or do not receive a response, the ping command will report the percentage of packets lost.
For example, if you run the ping command and it reports “0% packet loss,” that means all of the packets that were sent were received successfully. However, if it reports “10% packet loss,” that means 10% of the packets that were sent did not receive a response and were lost.
So, the ping command is a useful tool for checking network connectivity and identifying any packet loss issues that may be affecting your connection.
Change Ping Packet Size in Ping Command
In some scenarios, we may want to use -s to increase the packet size from the default value of 64 bytes.
For example, to increase the packet size to 1000 bytes:
ping -s 1000 google.com
ICMP Packet Structure
ICMP (Internet Control Message Protocol) is a protocol used by network devices, such as routers and hosts, to communicate error messages and operational information about the network.
It is an integral part of the Internet Protocol (IP) suite and is used by various network diagnostic tools such as ping, traceroute, and pathping.
ICMP messages are typically used for network troubleshooting and management, helping to identify and resolve issues related to network connectivity, packet loss, and latency.
In this part, we will explore ICMP in detail, including its message format, types, and examples of how it is used in practice.
ICMP is part of IP, and it relies on IP to transmit its messages. ICMP contains a relatively small header that changes depending on its purpose. The ICMP header contains the following fields:
- Type The type or classification of the ICMP message, based on the RFC specification
- Code The subclassification of the ICMP message, based on the RFC specification
- Checksum Used to ensure that the contents of the ICMP header and data are intact upon arrival
- Variable A portion that varies depending on the Type and Code fields
Let’s see an example of ICMP packet.
00 0c 29 f8 1c 7c 00 0c 29 23 c1 05 08 00 45 00
00 3c 02 04 00 00 80 01 6a 2e c0 a8 01 01 c0 a8
01 02 08 00 28 b6 7c 01 00 00 00 00 09 00 00 00
00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1a
1b 1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a
2b 2c 2d 2e 2f 30 31 32 33 34 35 36 37
This is a hexadecimal dump of the packet. ICMP packets are often used for diagnostic or error reporting purposes in networking.
In this example, the packet contains the following fields:
|Ethernet||Source MAC address: 00 0c 29 f8 1c 7c|
|Destination MAC address: 00 0c 29 23 c1 05|
|IP||Source IP address: 192.168.1.1|
|Destination IP address: 192.168.1.2|
|ICMP||Type: 8 (echo request)|
|Checksum: 28 b6|
|Payload||00 00 00 00 00 00 00 00 00 10 11 12 13 14 15 16 17 18 19 1a 1b|
|1c 1d 1e 1f 20 21 22 23 24 25 26 27 28 29 2a 2b 2c 2d 2e 2f|
|30 31 32 33 34 35 36 37|
Each ICMP message has a specific type and code that determines its purpose.
The type field defines the general category of the ICMP message, while the code field provides additional information about the specific message type.
For example, an ICMP message with type 3 (Destination Unreachable) might have a code of 0 (Net Unreachable) or 1 (Host Unreachable) to further specify the reason for the error.
|ICMP Type and Code||Description|
|Type 8, Code 0; Type 0, Code 0||Echo request and Echo reply|
|Type 3, various codes||Destination unreachable|
|Type 11, Code 0; Type 11, Code 1||Time exceeded|
|Type 5, various codes||Redirect message|
|Type 12, various codes||Parameter problem|
Capture Ping Packet with tcpdump Command
We can use this tcpdump command to filter all ping packets. Here we use eth0 network interface in all our examples. Please change it based on the environment.
# tcpdump -i eth0 icmp
To filter ICMP echo-requests, we can use this tcpdump command.
# tcpdump -i eth0 "icmp == 8"
These are the packets we get captured with tcpdump command.
14:37:14.555295 IP 10.79.101.23 > 22.214.171.124: ICMP echo request, id 61205, seq 0, length 6414:37:15.557948 IP 10.79.101.23 > 126.96.36.199: ICMP echo request, id 61205, seq 1, length 6414:37:16.562905 IP 10.79.101.23 > 188.8.131.52: ICMP echo request, id 61205, seq 2, length 64
Ping Command Options
Here are 5 common ping command options with examples:
“-c” option: This option specifies the number of packets to send. For example, to send 5 packets, you can use the following command:
ping -c 5 google.com
“-i” option: This option sets the interval between successive packets. For example, to send packets at an interval of 3 second, you can use the following command:
ping -i 3 google.com
-w deadline: It specifys a timeout, in seconds, before ping exits regardless of how many packets have been sent or received. In this case ping does not stop after count packet are sent, it waits either for deadline expire or until count probes are answered or for some error notification from network.
The “-W” option in the ping command specifies the timeout in seconds for each packet sent. It sets the amount of time that the ping command waits for a response after sending each packet. If a response is not received within the specified timeout period, the packet is considered lost.
Here’s an example of using the “-W” option with a timeout of 5 seconds to ping google.com:
ping -W 5 google.com
In this example, the ping command will send packets to google.com and wait for a response for up to 5 seconds for each packet. If a response is not received within 5 seconds, the packet will be considered lost and the ping command will display a message indicating the packet loss. You can adjust the timeout period by changing the value after the “-W” option.
The following is the full list of options in ping command.
- a Generates a sound when the peer can be reached.
- b Allows to ping a broadcast IP address.
- B Prevents the ping to change the source address of the probe.
- c (count) Limits the number of sent ping requests.
- d Sets the SO-DEBUG option on the used socket.
- f Floods the network by sending hundreds of packets per second.
- i (interval) Specifies an interval between successive packet transmissions. The default value is one second.
- I (interface address) Sets the source IP address to the specified interface IP address. The option is required when pinging IPv6 link local address. You can use an IP address or name of the device.
- l (preload) Defines the number of packets to send without waiting for a reply. To specify a value higher than 3, you need superuser permissions.
- n Displays IP addresses in the ping output rather than hostnames.
- q Shows a quiet output. One ping line is displayed and the summary of the ping command at the end.
- T (ttl) Sets the Time To Live.
- v Provides verbose output.
- V Displays the ping version and exits to a new command prompt line.
- w (deadline) Specifies a time limit before the ping command exits, regardless of how many packets have been sent or received.
- W (timeout) Determines the time, in seconds, to wait for a response.