What is ping?
Ping is a command line utility that verifies the reachability and round-trip time (RTT) to a destination TCP/IP host. This command uses the Internet Control Message Protocol (ICMP) “echo request” (Type = 8) and “echo reply” (Type = 0) messages to return such information. The ping command sends echo request messages using the Internet Protocol to the target host to test network connectivity. Specifically, the ping command sends packets to the destination host. Then waits for echo reply responses to check connectivity and measure network performance. Users typically run the ping command in a command prompt window to view the results and diagnose network issues.
By default, the ping command sends four echo request messages in Windows (five in Unix), with a default timeout period of 4 seconds and a default packet size of 32 bytes (64 bytes in Unix). These default settings influence how the ping command operates unless changed with specific options or switches. Along with traceroute, is one of the most used commands used to troubleshoot IP networks.
Ping command on Windows
Microsoft’s native ping utility has changed from operating system version to version. I will use the ping command in Windows 7 and cover some of the options I use and why. These options are called ping command switches, which allow users to customize the behavior of the ping command for different troubleshooting scenarios.
ping [-t] [-n count] [-l size] [-f] [-i TTL] [-w timeout] target_nameOn most unix systems, the ping command uses different switches, such as -c to specify the number of echo requests to send. Unix systems also have different default settings and switches for the ping command, so it’s important to understand the platform-specific syntax when working with Unix systems.
Ping displays information such as the resolved IP address, packet loss, and round trip times, which are useful for diagnosing network connectivity and DNS issues. The output statistics include the average round trip time, which is important for evaluating network latency and overall network health. A successful ping means the host responds to the ICMP echo request, confirming connectivity between your device and the target.
> ping netbeez.net
Ping statistics for 141.193.213.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 56ms, Maximum = 57ms, Average = 56msThe default payload for Microsoft’s ping is 32 bytes. The ping command can increase payload sizes to better represent application payload sizes. In the ping below, you can see a 25% increase in round-trip time latency by simply changing the payload size. Network latency can be measured using ping by observing the time it takes for packets to travel to the target and back.
> ping netbeez.net -l 1200
Ping statistics for 141.193.213.10:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 74ms, Maximum = 76ms, Average = 75msDon’t Fragment (DF) Option
When reviewing ping results, you want to see consistent values as much as possible. Results become less consistent as intermediate hops, and distance, increase. Fragmentation issues are always tricky to troubleshoot. The process to figure this out is pretty straightforward; capture a packet and look in the IP header to see what the “Don’t fragment flag” is set for. In the screenshot below, the Not set means that the packet allows fragmentation. Don’t forget to check in both directions and as close to each device as possible.
Path Maximum Transmission Unit (MTU) Option
If you want to test for fragmentation issues or just determine what your maximum MTU is, use the –l option and capture/review those ping packets. In the screenshot below, I pinged using a payload size of 999 bytes.
When I reviewed the trace, I can see that my packets were fragmented into 2 packets.
If I was to repeat the same test with a Do Not Fragment Option -f, I would get a different response:
The trace file identifies the supported MTU and who reported it. This is where things can get confusing. If a network device or firewall was blocking ICMP, this ICMP packet would never make it back to the client.
Time To Live (TTL) Option
The Time To Live Option (TTL) is very helpful when you want to determine if the number of hops are increasing or changing. For example, in the diagram below, you might want to ensure that the path isn’t reverting back to the extra hop.
Other ping options worth looking for in your favorite ping tool; GUI, ping interval, size sweep, reporting and QOS options. For Microsoft operating systems, I like to use hrping since it is maintained, portable, and offers these additional options. Here are some of the extra options when you type hrping at the prompt:
usage: hrPING [options] host
Data options:
-v TOS Type Of Service (default 0, deprecated)
-L [s1[:s2[:i[:c]]]] IP datagram size (payload size + 28, default 60) [with sweep]
-M Send ICMP timestamp requests
-u [port] Send UDP packets (port 7 by default)
Operational options:
-s time Sending interval between packets in msec (default 500)
-c [num] Concurrent sending of up to <num> pings at a time (default 1)Output options:
-F file Log output into <file> as well, even if -q is set
-T Print timestamp in front of each line
-q [r|e|t]Be quiet (-qr=no replies, -qe=no errors, -qt=no timeouts)
-y [sec] Print summary of the last <sec> secs (default 10)
-g –G Show graph (-gg=close graph on exit, -G use running grping.exe)
-? –h This help (-??=more help)
Output options:
-F file Log output into <file> as well, even if -q is set
-T Print timestamp in front of each line
-q [r|e|t]Be quiet (-qr=no replies, -qe=no errors, -qt=no timeouts)
-y [sec] Print summary of the last <sec> secs (default 10)
-g –G Show graph (-gg=close graph on exit, -G use running grping.exe)
-? –h This help (-??=more help)Ping of Death and Internet Control Message Protocol
In the mid 1990s the “ping of death” appeared. In summary, malicious hackers used ping to crash or reboot remote systems by sending an echo request packet with a payload size larger than the standard 56 bytes. Attackers targeted the remote system by overwhelming it with these oversized packets. In some cases, attackers could spoof the source address in echo request packets, causing responses to be sent to an unsuspecting target system and amplifying the attack’s impact.
Advanced ping options, such as specifying a host list with the [-j host-list] or [-k host-list] switches, or using a loose source route, can also be exploited in certain attack scenarios to manipulate the path or distribution of malicious traffic. The target system can experience service disruption or resource exhaustion as a result of such malicious ping traffic. This was the first nail in ping’s coffin.
Common Ping Errors and Solutions
The ping command is a go-to network utility for checking basic network connectivity, but sometimes the results aren’t as straightforward as a successful ping. When troubleshooting with ping, you may encounter error messages that can help pinpoint where the network connection is failing. Here are some of the most common ping errors and how to address them.
Request Timed Out
This error means the ping command sent echo request packets, but did not receive echo reply messages from the target host within the expected time. This could be due to network congestion, a firewall blocking ICMP packets, or the destination device being offline. To resolve this, check if the target computer is powered on and connected to the network, verify that no firewall or security settings are blocking ping requests, and try pinging another device to isolate the issue.
Destination Host Unreachable
When you see this message, it indicates that the router or gateway cannot find a route to the destination address. This often points to a misconfigured network interface, incorrect IP address, or a disconnected network cable. Double-check the IP address you are pinging. Ensure your device has the correct network settings. Verify that the default gateway is reachable by pinging it directly.
Unknown Host
If the ping command returns “unknown host,” it means the domain name system (DNS) could not resolve the hostname to an IP address. This could be due to a typo in the hostname, DNS server issues, or network configuration problems. Try pinging either an IP address or the localhost hostname to see if the problem is with DNS resolution. If IP addresses work but hostnames do not, check your DNS settings or try using a different DNS server.
General Failure
A “general failure” error typically points to a problem with the local operating system or network stack. This could be caused by a disabled network adapter, incorrect routing table, or some internal issue. Issues like these can sometimes be observed or diagnosed when simulating network outages. Restarting the computer or resetting the network stack using command prompt utilities like ipconfig /flushdns or netsh int ip reset can often resolve this issue.
Packet Loss
If the ping statistics show packet loss, it means some echo request packets did not receive a reply. Packet loss can be caused by network congestion, faulty hardware, or interference on wireless networks. To troubleshoot, try pinging devices on your local network to see if the issue is internal. You can also use continuous ping to monitor network speed and stability over time.
Understanding these common ping errors and their solutions can help you quickly diagnose and resolve network connectivity problems. By interpreting ping command output and error messages, you can take targeted steps to restore reliable network connections.
Closing Remarks
The ping command remains a fundamental and versatile tool for network administrators and users alike. Its simplicity belies its power to diagnose connectivity issues, measure network latency, and verify the reachability of remote hosts. Whether you are troubleshooting local network devices, testing internet connectivity, or monitoring network performance over time, mastering cmd ping options can greatly enhance your ability to maintain a healthy and reliable network.
Remember to leverage various ping switches to customize your tests according to specific needs, such as adjusting packet size, sending continuous pings, or setting timeouts. Understanding the common ping errors and their implications will help you quickly identify and resolve network problems.
While modern network environments may offer more advanced diagnostic tools, the ping utility remains an essential first step in any network troubleshooting process. Regular use of ping tests can also assist in proactive monitoring, helping to detect issues before they impact users.
In summary, whether you are a seasoned IT professional or a casual user, incorporating the ping command into your network toolkit is invaluable for ensuring robust network connectivity and performance.
