Ping (Packet INternet Groper) is used to test connectivity to remote machines over network.
Ping uses ICMP protocol and relies on two specific ICMP messages, ECHO_REQUEST and ECHO_REPLY.
Using Ping we can find the following info
- If a remote host is active or inactive
- Network latency between the two hosts from the round trip time
- Packet Loss
Host A sends a small packet containing ICMP Echo Request (Type 8 ICMP message) to host B. Host B replies to host A with a packet containing ICMP Echo Reply (Type 0 ICMP message). Time interval between sending Echo Request and getting Echo Reply is used to determine the round-trip time of the ICMP packet between the source and destination hosts.
Windows ping utility sends ICMP Echo Request packets of size 32 bytes as shown below
Pinging google.com [74.125.236.134] with 32 bytes of data:
Reply from 74.125.236.134: bytes=32 time=277ms TTL=52
Reply from 74.125.236.134: bytes=32 time=270ms TTL=52
Reply from 74.125.236.134: bytes=32 time=268ms TTL=52
Reply from 74.125.236.134: bytes=32 time=268ms TTL=52
Ping statistics for 74.125.236.134:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 268ms, Maximum = 277ms, Average = 270ms
Linux ping utility sends ICMP Echo Request packets of size 56 bytes. ICMP Echo Reply will always be 8 bytes more than the requested data packet size i.e. 56 + 8 = 64 bytes. So that is why in the response results, we observe 64 bytes.
$ ping here.com
PING here.com (131.228.39.211) 56(84) bytes of data.
64 bytes from 131.228.39.211: icmp_seq=1 ttl=250 time=2.28 ms
64 bytes from 131.228.39.211: icmp_seq=2 ttl=250 time=1.73 ms
nping, part of nmap package, gives a good analysis of packets sent and recieved
# nping google.com
Starting Nping 0.5.51 ( http://nmap.org/nping ) at 2013-03-03 09:12 IST
SENT (0.0833s) ICMP 192.168.1.33 > 74.125.236.66 Echo request (type=8/code=0) ttl=64 id=39627 iplen=28
RCVD (0.1157s) ICMP 74.125.236.66 > 192.168.1.33 Echo reply (type=0/code=0) ttl=51 id=43145 iplen=28
SENT (1.0835s) ICMP 192.168.1.33 > 74.125.236.66 Echo request (type=8/code=0) ttl=64 id=39627 iplen=28
RCVD (1.1166s) ICMP 74.125.236.66 > 192.168.1.33 Echo reply (type=0/code=0) ttl=51 id=43146 iplen=28
SENT (2.0846s) ICMP 192.168.1.33 > 74.125.236.66 Echo request (type=8/code=0) ttl=64 id=39627 iplen=28
RCVD (2.1167s) ICMP 74.125.236.66 > 192.168.1.33 Echo reply (type=0/code=0) ttl=51 id=43147 iplen=28
SENT (3.0867s) ICMP 192.168.1.33 > 74.125.236.66 Echo request (type=8/code=0) ttl=64 id=39627 iplen=28
RCVD (3.1192s) ICMP 74.125.236.66 > 192.168.1.33 Echo reply (type=0/code=0) ttl=51 id=43148 iplen=28
SENT (4.0883s) ICMP 192.168.1.33 > 74.125.236.66 Echo request (type=8/code=0) ttl=64 id=39627 iplen=28
RCVD (4.1208s) ICMP 74.125.236.66 > 192.168.1.33 Echo reply (type=0/code=0) ttl=51 id=43149 iplen=28
Max rtt: 33.058ms | Min rtt: 31.942ms | Avg rtt: 32.450ms
Raw packets sent: 5 (140B) | Rcvd: 5 (230B) | Lost: 0 (0.00%)
Tx time: 4.00521s | Tx bytes/s: 34.95 | Tx pkts/s: 1.25
Rx time: 5.00664s | Rx bytes/s: 45.94 | Rx pkts/s: 1.00
Nping done: 1 IP address pinged in 5.11 seconds
What is the significance of TTL(Time To Live)?
TTL value of an IP packet represents the maximum number of routers or hosts that a packet can go through before being discarded. The maximum possible value of TTL field is 255. Having a high TTL value is the cause for ping to reach some hosts where ftp and telnet fail.
TTL prevents circular routing of ping packets, sent from source host to destination host. When a ping packet is sent from source host, it passes through many intermediate hosts & routers, before reaching the destination remote host.
TTL helps in handling condition where an ICMP packet bounces in an infinite loop among intermediate hosts. Each time an intermediate device such as a router receives a ping packet, it decrements the TTL counter by one. Should the packet's TTL reach zero, the device discards the packet and ping will report the following result:
Reply from 192.168.0.1: TTL expired in transit
