PING – Network Tool Tutorial – 1

Ping is a well known tool that is used to check the network connectivity between two systems.
ping tool is by default available in both windows,MAC and linux/unix systems.

The ping was created in 1983 by Mike Muuss who wrote an article “The Story of Ping Program” before dying in 2000 in a car accident

The ping uses an ICMP(Internet control message protocol) protocol which has been created to check IP connectivity and get information about other machines in an IP network.

Functioning of PING

Ping sends very small packets to target host who will answer by sending packets back. The ICMP packets send to target host are called as “echo_request” and packets sent back called as “echo_response”.

There are also a lot of icmp packets types which are described below

Case Study:

Let’s examine a case study where two machines called Paris and Berlin ping a machine called “www.google.ch”.

The Wireshark sniffer is located on the way between Berlin and “www.google.ch”. It will be used to capture the packets content.

Paris is a Linux Ubuntu machine and Berlin a Microsoft XP Machine

Ping from the Linux machine (Paris) to “www.google.ch”:

Paris: ping www.google.ch

PING www.google.ch (209.85.135.105) 56(84) bytes of data.
64 bytes from www.google.ch(209.85.135.105): icmp_seq=1 ttl=255 time=1.19 ms
64 bytes from www.google.ch (209.85.135.105): icmp_seq=2 ttl=255 time=1.25 ms
64 bytes from www.google.ch (209.85.135.105): icmp_seq=3 ttl=255 time=1.26 ms
64 bytes from www.google.ch (209.85.135.105): icmp_seq=4 ttl=255 time=1.29 ms

— www.google.ch ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 1.192/1.250/1.290/0.044 ms

Ping from the Windows machine (Berlin) to “www.google.ch”:

Berlin: ping www.google.ch 

Pinging www.google.ch [209.85.135.105] with 32 bytes of data:

Reply from 209.85.135.105: bytes=32 time=18 ms TTL=250
Reply from 209.85.135.105: bytes=32 time=21 ms TTL=250
Reply from 209.85.135.105: bytes=32 time=20 ms TTL=250
Reply from 209.85.135.105: bytes=32 time=33 ms TTL=250

Ping statistics for 209.85.135.105:
      Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
      Minimum = 18ms, Maximum = 33ms, Average = 23ms

What information can be learnt from the outputs above?

– Is the remote host alive? => Host reachability
– Is the network speed good? => Network congestion
– Is the remote host far? => Travel length

we will see remaining things “OUTPUT ANALYSIS” for full details about how to interpret the results of the ping command.

We can also say that the Ping tool will provide us the same information independently of the OS on which it is installed. However there are some little differences in the default settings and arguments of the Ping commands.

Let’s see a summary of data captured by Wireshark

This Wireshark capture gives us the following information:

– The packets have been recognized as ICMP packets. protocol column
– Four ICMP packets have been sent (echo_request) and four ICMP packets have been received (echo_reply). info column
– A packet value of 74 bytes which is composed of the headers (42 bytes) and the ICMP data part (32 bytes by default on Windows). length column

Remaining things we will be seeing Ping tutorial  2 ..



Share Button

Leave a Reply

Your email address will not be published. Required fields are marked *

eighteen + 13 =