Ping is a tool commonly used to find the status of a device on a network. Ping is based on the ICMP protocol. When a Ping process request is sent out as an ICMP echo to the target device, it replies with an ICMP echo reply if the device is available.
Purpose of Ping
ping is used to send a test packet, or echo packet, to a device to find out whether it is reachable and how long the packet takes to reach the device. There are two important purposes.
- test the network availability to device
- network latency between two devices
A simple way to check whether we have access to the particular host is through ICMP by sending ping packets to the host. But this method works only if ICMP and ping is enabled in that network. If ICMP is disabled, we can not get a proper response.
Example of Ping Command
$ ping google.com
PING google.com (18.104.22.168): 56 data bytes
64 bytes from 22.214.171.124: icmp_seq=0 ttl=100 time=87.363 ms
64 bytes from 126.96.36.199: icmp_seq=1 ttl=100 time=89.754 ms
64 bytes from 188.8.131.52: icmp_seq=2 ttl=100 time=90.045 ms
— google.com ping statistics —
4 packets transmitted, 3 packets received, 25.0% packet loss
round-trip min/avg/max/stddev = 87.363/89.054/90.045/1.202 ms
- from: The destination and its IP address. Note that the IP address may be different for a website depending on our geographical location.
- icmp_seq=0: The sequence number of each ICMP packet. Increases by one for every subsequent echo request.
- ttl=100: The Time to Live value from 1 to 255. It represents the number of networks hops a packet can take before a router discards it.
- time=87.68 ms: The time it took a packet to reach the destination and come back to the source. Expressed in milliseconds.
Change Ping Packet Size in Ping Command
In some scenarios, we may want to use -s to increase the packet size from the default value of 64 bytes.
For example, to increase the packet size to 1000 bytes:
ping -s 1000 google.com
Capture Ping Packet with tcpdump Command
We can use this tcpdump command to filter all ping packets. Here we use eth0 network interface in all our examples. Please change it based on the environment.
# tcpdump -i eth0 icmp
To filter ICMP echo-requests, we can use this tcpdump command.
# tcpdump -i eth0 “icmp == 8”
These are the packets we get captured with tcpdump command.
14:37:14.555295 IP 10.79.101.23 > 184.108.40.206: ICMP echo request, id 61205, seq 0, length 6414:37:15.557948 IP 10.79.101.23 > 220.127.116.11: ICMP echo request, id 61205, seq 1, length 6414:37:16.562905 IP 10.79.101.23 > 18.104.22.168: ICMP echo request, id 61205, seq 2, length 64
Ping Command Options
- a Generates a sound when the peer can be reached.
- b Allows to ping a broadcast IP address.
- B Prevents the ping to change the source address of the probe.
- c (count) Limits the number of sent ping requests.
- d Sets the SO-DEBUG option on the used socket.
- f Floods the network by sending hundreds of packets per second.
- i (interval) Specifies an interval between successive packet transmissions. The default value is one second.
- I (interface address) Sets the source IP address to the specified interface IP address. The option is required when pinging IPv6 link local address. You can use an IP address or name of the device.
- l (preload) Defines the number of packets to send without waiting for a reply. To specify a value higher than 3, you need superuser permissions.
- n Displays IP addresses in the ping output rather than hostnames.
- q Shows a quiet output. One ping line is displayed and the summary of the ping command at the end.
- T (ttl) Sets the Time To Live.
- v Provides verbose output.
- V Displays the ping version and exits to a new command prompt line.
- w (deadline) Specifies a time limit before the ping command exits, regardless of how many packets have been sent or received.
- W (timeout) Determines the time, in seconds, to wait for a response.