ping tool is by default available in both windows,MAC and linux/unix systems.
The ping was created in 1983 by Mike Muuss who wrote an article “The Story of Ping Program” before dying in 2000 in a car accident
The ping uses an ICMP(Internet control message protocol) protocol which has been created to check IP connectivity and get information about other machines in an IP network.
Functioning of PING
Ping sends very small packets to target host who will answer by sending packets back. The ICMP packets send to target host are called as “echo_request” and packets sent back called as “echo_response”.
There are also a lot of icmp packets types which are described below
Let’s examine a case study where two machines called Paris and Berlin ping a machine called “www.google.ch”.
The Wireshark sniffer is located on the way between Berlin and “www.google.ch”. It will be used to capture the packets content.
Paris is a Linux Ubuntu machine and Berlin a Microsoft XP Machine
Ping from the Linux machine (Paris) to “www.google.ch”:
Paris: ping www.google.ch
PING www.google.ch (220.127.116.11) 56(84) bytes of data.
64 bytes from www.google.ch(18.104.22.168): icmp_seq=1 ttl=255 time=1.19 ms
64 bytes from www.google.ch (22.214.171.124): icmp_seq=2 ttl=255 time=1.25 ms
64 bytes from www.google.ch (126.96.36.199): icmp_seq=3 ttl=255 time=1.26 ms
64 bytes from www.google.ch (188.8.131.52): icmp_seq=4 ttl=255 time=1.29 ms
— www.google.ch ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3003ms
rtt min/avg/max/mdev = 1.192/1.250/1.290/0.044 ms
Ping from the Windows machine (Berlin) to “www.google.ch”:
Berlin: ping www.google.ch
Pinging www.google.ch [184.108.40.206] with 32 bytes of data:
Reply from 220.127.116.11: bytes=32 time=18 ms TTL=250
Reply from 18.104.22.168: bytes=32 time=21 ms TTL=250
Reply from 22.214.171.124: bytes=32 time=20 ms TTL=250
Reply from 126.96.36.199: bytes=32 time=33 ms TTL=250
Ping statistics for 188.8.131.52:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 18ms, Maximum = 33ms, Average = 23ms
What information can be learnt from the outputs above?
– Is the remote host alive? => Host reachability
– Is the network speed good? => Network congestion
– Is the remote host far? => Travel length
we will see remaining things “OUTPUT ANALYSIS” for full details about how to interpret the results of the ping command.
We can also say that the Ping tool will provide us the same information independently of the OS on which it is installed. However there are some little differences in the default settings and arguments of the Ping commands.
Let’s see a summary of data captured by Wireshark
This Wireshark capture gives us the following information:
– The packets have been recognized as ICMP packets. protocol column
– Four ICMP packets have been sent (echo_request) and four ICMP packets have been received (echo_reply). info column
– A packet value of 74 bytes which is composed of the headers (42 bytes) and the ICMP data part (32 bytes by default on Windows). length column
Remaining things we will be seeing Ping tutorial 2 ..