0blivion2:(PING.TXT):15/03/2000 << Back To 0blivion2


_____________________________________________________ / Oblivion Underground Magazine \ / Issue 2 15/04/2000 \ ▌ Ping Explained! ▌ \ by Cyber0ptix / \_____________________________________________________/ OK so everyone knows what ping is dont they? Well suprisingly most people don't know exactly what it can tell you when you ping a host host over the internet or LAN. So I have written this quick file to try and explain how ping is used in diagnosing network problems. What is Ping? Ping is a basic Internet program that lets you verify that a particular Internet Address exists and can accept requests. Ping is used diagnostically to ensure that a host computer you are trying to reach is actually operating. If, for example, a user can't ping a host, then the user will be unable to use FTP to send files to the host. Ping can also be used with a host that is operating to see how long it takes to get a response back. Ping is one of the most useful network debugging tools available. In an IP network, Ping sends a short data burst, a signle packet, and listens for a single packet in reply. Since this procedure tests the most basic functions of an IP network, delivery of a signle packet, it is easy to see how you can learn a lot from using Ping. Ping is implimented using the ICMP Echo function, this function is further documented in RFC 792. What can Ping tell you. Ping places a unique sequence number on each packet it transmits, and reports which sequence numbers it receives back. Thus, you can determine if packets have been dropped, duplicated or reordered. Ping checksums each packet it exchanges, so you can detect some forms of damaged packets. Ping places a timestamp in each packet, which is echoed back and can easily be used to calculate how long each packet exchange took, the Round Trip Time (RTT). Ping reports other ICMP messages that might otherwise get burried in the system software. It reports, for example, if a router is declaring the target host unreachable. What can't Ping tell you. Some routers may silently discard undeliverable packets. Others may believe a packet has been transmitted sucessfully when it has not, this is especially common over Ethernet, which does not provide link-layer acknowledgments, therfore, ping may not always provide reasons why packets go unanswered. Ping can not tell you why a packet was damaged, delayed or duplicated. It can not tell you where this happened either, although you may be able to deduce it. Ping can not give you a full description of every host that handled the packet and everything that happened at every step of the way. IT is an unfortunate fact that no software can reliably provide this information for a TCP/IP network. How do you use Ping. To use Ping on a host that is running Microsoft Windows you would goto a command prompt and issue the ping command from there. This is a list of the options available to you when using the Microsoft implementation of Ping. Usage: Ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count][[-j host-list] | [-k host-list]] [w timeout] destination-host Where: -t Ping the specified host until stopped. To see statistics and continue - Type Control-Break. To Stop - Type Control-C -a Resolve address to hostname. -n count Number of ECHO requests to send. -l size Send Buffer size. -f Set dont fragment flag in Packet. -i TTL Time to Live -v TOS Type of Service -r count Record route for count hops. -s count Timestamp for count hops -j host-list Loose source route along host list. -k host-list Strict source route along host list. -w timeout Timeout in milliseconds to wait for each reply. A Sample ping session using Windows. C:\WINDOWS\Desktop>ping 212.56.126.72 Pinging 212.56.126.72 with 32 bytes of data: Reply from 212.56.126.72: bytes=32 time=1ms TTL=128 Reply from 212.56.126.72: bytes=32 time=1ms TTL=128 Reply from 212.56.126.72: bytes=32 time=1ms TTL=128 Reply from 212.56.126.72: bytes=32 time=1ms TTL=128 Ping statistics for 212.56.126.72: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms C:\WINDOWS\Desktop> What you can see from using Ping. Dropped Packets. You can detect wether packets have been dropped by noting when the sequenced number skip, and the missing number does not appear later on. This is probably caused by a router queueing packets for a relatively slow link, and the queue simply grew too large. Fluctuating Round Trip Times. Both dropped packets and Round Trip Time fluctuations may occour in a periodic nature, a batch of slow packets every thirty second, for instance. If you see this symtom check for routing updates or other periodic traffic with the same period as the problem. Poor network performance can often be traced to slow links being clogged with various kinds of automated updates. Connectivity that comes and goes. Again, look for periods between problems that are multiples of some common number. If a router is sending error messages when connectivity disappears, that router is the first place to start looking. Well thats it for this simple text on how to use ping. Remember to read Oblivion Issue 3 released on the 15/05/2000 Cyber0ptix