Softpanorama

Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
May the source be with you, but remember the KISS principle ;-)
Bigger doesn't imply better. Bigger often is a sign of obesity, of lost control, of overcomplexity, of cancerous cells

ping

News Network Utilities Recommended Links Reference mtr
hping2 Packet Generation Tools History Humor Etc

Note:  this lecture note is based on Wikipedia article and Solaris man page

Ping uses the Internet Control Message Protocol (ICMP) Echo function which is detailed in RFC 792. A small packet is sent through the network to a particular IP address. This packet contains 64 bytes - 56 data bytes and 8 bytes of protocol reader information. The computer that sent the packet then waits (or 'listens') for a return packet. If the connections are good and the target computer is up, a good return packet will be received. PING can also tell the user the number of hops that lie between two computers and the amount of time it took for a packet the round trip(tounf trip time). . Additionally, an administrator can use Ping to test out name resolution. If the packet bounces back when sent to the IP address but not when sent to the name, then the system is having a problem matching the name to the IP address. Ping now also is used as a web (as in "ping the server") if it is up" The time it takes for the packet to get to the target computer and back again is known as If this takes an extended period of time, it is indicative that something may be wrong. (Sources: Netlingo site, Windows NT Help Menu, Connected: An Internet Encyclopedia site, Brown Computer Solutions site, Guide to Practical Linux by Mark G. Sobell,

The author of the initial version of the ping program used today was Mike Muss. Many other people have tweaked, rewritten, and extended the idea since then. Ping was named after the sound of a sonar tracking system. There is even a story claiming that a system administrator wrote a script that repeatedly pinged a host on the network and made an audible "pinging" alert for each success.

ping used to be a very good indicator of a machine's capability to receive and send IP packets in general. If you could ping a host, you could also make an FTP or HTTP connection. With the wider advent of packet filtering for security, this is becoming less true. Many firewalls explicitly disallow ICMP packets on two grounds:

  1. People don't need to know what your internal network looks like.
  2. Any protocol, even ICMP, can be used to launch an attack.

Deciding whether to let ICMP through your firewall is a tough call to make, but securitywise the return on investment of blocking it is negative. There are certainly attacks based on ICMP (such as the "ping of death," which uses oversized ping packets to overload the IP stack of the target, often with spectacular results. But if you choose to block ICMP into your network, make sure you've thought about the repercussions.

Additional flavors include fping command. The fping command was written to ping a range of addresses, and it is commonly used in network scanners and monitors such as  saint (see Monitoring Tools). Another variant is the Perl Net::ping module, which provides a Perl implementation of ping functionality that can easily be used from within a script without calling an external program. You might use it in a script like that shown below:

#!/usr/bin/perl -w

use strict;
use Net::ping;

my $host =$ARGV[0];

my $p =Net::ping->new("icmp ";

if ($p->ping($host)) {
  print "$host is alive.\n";
} else {
  print "$host is not reachable.\n ";
}

hping is another variant of the standard ping. It is actually a superset of ping, enabling you to ping hosts using non-ICMP protocols, elicit ICMP responses from UDP probes, and even craft your own packets to test for specific behavior. ping is most often used without additional arguments and shut off with a Ctrl+C:

Several useful options exist for the ping command:

Switch Description
-c count Stops sending and receiving packets after count packets
-d Sets the SO_DEBUG on the socket used
-f Sends the packets as fast as possible (flood)
-i wait Sets an interval of wait seconds between packets
-I device Sets the output interface
-l preload Sends preload packets as fast as possible, and then drops back to normal mode
-n Doesn't look up hostnames; just gives IP addresses (numeric)
-p pattern Specifies up to 16 bytes of "pad data" to be sent with the packet
-q Outputs only summary lines (quiet)
-r Doesn't use routing tables to send the packet; just drops it out the local interface
-R Sets the Record Route option
-s packetsize Sets the number of data bytes sent to packetsize
-T tsonly Sends a ping with the timestamp option
-T tsandaddr Collects timestamps and addresses
-T tsprespec [host1 [host2 [host3 [host4 ]]]] Collects timestamps and addresses from prespecified hops

These options can be combined to make ping even more helpful. For example, the ping mango command used in the previous section is likely to take several seconds to run and report back. Using the -f switch will reduce the time spent waiting for the command. Combining this with the -c 10 and the -q switches will give you quick results and easier output to read:
root@cherry /root]# ping -c 10 -fq mango

Note:

The -f and -l switches can be used only by root because they can cause serious network degradation if they are misused.

It might be of some benefit to test larger packets; using ping -c10 -s 1024 -qf will send larger packets for you. This can be especially useful when you suspect problems with fragmented packets.

To see the route that your packets are traversing, you can use

ping -c10 -R
The Record Route option specified by the -R switch is not honored by all routers and hosts. Furthermore, because it contains only a limited space to hold router addresses, traceroute may be a better tool for identifying the path packets follow through a network.

If you have a host that isn't communicating with the other hosts on its network (for example, you can't ping it, nor can the host ping other boxes), looking in the arp cache is a quick check to see if the host is talking to the network or if there is already another host on the network with the same IP address.

If you are looking for an even more detailed explanation of Ping and also how to use it in detecting network problems, goto Heavy Ping Detail.

Looking for the source code for the first Ping program? Click the Ping Source Code (shell archive).

Cool web-based utilities that use ping include sites like  PingMePlease, Ping2Me.com and Just Ping where one can have their computer pinged from a remote site via a web browser.

The usefulness of ping in assisting the "diagnosis" of Internet connectivity issues was impaired from late in 2003, when a number of Internet Service Providers filtered out ICMP Type 8 (echo request) messages at their network boundaries. This was partly due to the increasing use of ping for target reconnaissance, for example by Internet worms such as Welchia that flood the Internet with ping requests in order to locate new hosts to infect. Not only did the availability of ping responses leak information to an attacker, it added to the overall load on networks, causing problems to routers across the Internet.

There are two schools of thought concerning ICMP on the public Internet: those who say it should be largely disabled to enable network 'stealth', and those who say it should be enabled to allow proper Internet diagnostics.

These two schools of thought merge when considering intranet/extranet networks within the same organization. An example would be an organization which maintains 'buffer' network(s) to shield said net from the raw internet, such a network is usually described as a DMZ ( 'demilitarized zone'). In such a scenario an organization would maintain both a network(s) that would allow ICMP packets to radiate within the internal (trusted network[s]), and disallow ICMP (ping) packets in a separated network that would more often than not include raw internet facing systems.


Top Visited
Switchboard
Latest
Past week
Past month

NEWS CONTENTS

Old News ;-)

[Jan 10, 2019] When idiots are offloaded to security department, interesting things with network eventually happen

Highly recommended!
Security department often does more damage to the network then any sophisticated hacker can. Especially if they are populated with morons, as they usually are. One of the most blatant examples is below... Those idiots decided to disable Traceroute (which means ICMP) in order to increase security.
Notable quotes:
"... Traceroute is disabled on every network I work with to prevent intruders from determining the network structure. Real pain in the neck, but one of those things we face to secure systems. ..."
"... Also really stupid. A competent attacker (and only those manage it into your network, right?) is not even slowed down by things like this. ..."
"... Breaking into a network is a slow process. Slow and precise. Trying to fix problems is a fast reactionary process. Who do you really think you're hurting? Yes another example of how ignorant opinions can become common sense. ..."
"... Disable all ICMP is not feasible as you will be disabling MTU negotiation and destination unreachable messages. You are essentially breaking the TCP/IP protocol. And if you want the protocol working OK, then people can do traceroute via HTTP messages or ICMP echo and reply. ..."
"... You have no fucking idea what you're talking about. I run a multi-regional network with over 130 peers. Nobody "disables ICMP". IP breaks without it. Some folks, generally the dimmer of us, will disable echo responses or TTL expiration notices thinking it is somehow secure (and they are very fucking wrong) but nobody blocks all ICMP, except for very very dim witted humans, and only on endpoint nodes. ..."
"... You have no idea what you're talking about, at any level. "disabled ICMP" - state statement alone requires such ignorance to make that I'm not sure why I'm even replying to ignorant ass. ..."
"... In short, he's a moron. I have reason to suspect you might be, too. ..."
"... No, TCP/IP is not working fine. It's broken and is costing you performance and $$$. But it is not evident because TCP/IP is very good about dealing with broken networks, like yours. ..."
"... It's another example of security by stupidity which seldom provides security, but always buys added cost. ..."
"... A brief read suggests this is a good resource: https://john.albin.net/essenti... [albin.net] ..."
"... Linux has one of the few IP stacks that isn't derived from the BSD stack, which in the industry is considered the reference design. Instead for linux, a new stack with it's own bugs and peculiarities was cobbled up. ..."
"... Reference designs are a good thing to promote interoperability. As far as TCP/IP is concerned, linux is the biggest and ugliest stepchild. A theme that fits well into this whole discussion topic, actually. ..."
May 27, 2018 | linux.slashdot.org

jfdavis668 ( 1414919 ) , Sunday May 27, 2018 @11:09AM ( #56682996 )

Re:So ( Score: 5 , Interesting)

Traceroute is disabled on every network I work with to prevent intruders from determining the network structure. Real pain in the neck, but one of those things we face to secure systems.

Anonymous Coward writes:
Re: ( Score: 2 , Insightful)

What is the point? If an intruder is already there couldn't they just upload their own binary?

Hylandr ( 813770 ) , Sunday May 27, 2018 @05:57PM ( #56685274 )
Re: So ( Score: 5 , Interesting)

They can easily. And often time will compile their own tools, versions of Apache, etc..

At best it slows down incident response and resolution while doing nothing to prevent discovery of their networks. If you only use Vlans to segregate your architecture you're boned.

gweihir ( 88907 ) , Sunday May 27, 2018 @12:19PM ( #56683422 )
Re: So ( Score: 5 , Interesting)

Also really stupid. A competent attacker (and only those manage it into your network, right?) is not even slowed down by things like this.

bferrell ( 253291 ) , Sunday May 27, 2018 @12:20PM ( #56683430 ) Homepage Journal
Re: So ( Score: 4 , Interesting)

Except it DOESN'T secure anything, simply renders things a little more obscure... Since when is obscurity security?

fluffernutter ( 1411889 ) writes:
Re: ( Score: 3 )

Doing something to make things more difficult for a hacker is better than doing nothing to make things more difficult for a hacker. Unless you're lazy, as many of these things should be done as possible.

DamnOregonian ( 963763 ) , Sunday May 27, 2018 @04:37PM ( #56684878 )
Re:So ( Score: 5 , Insightful)

No.

Things like this don't slow down "hackers" with even a modicum of network knowledge inside of a functioning network. What they do slow down is your ability to troubleshoot network problems.

Breaking into a network is a slow process. Slow and precise. Trying to fix problems is a fast reactionary process. Who do you really think you're hurting? Yes another example of how ignorant opinions can become common sense.

mSparks43 ( 757109 ) writes:
Re: So ( Score: 2 )

Pretty much my reaction. like WTF? OTON, redhat flavors all still on glibc2 starting to become a regular p.i.t.a. so the chances of this actually becoming a thing to be concerned about seem very low.

Kinda like gdpr, same kind of groupthink that anyone actually cares or concerns themselves with policy these days.

ruir ( 2709173 ) writes:
Re: ( Score: 3 )

Disable all ICMP is not feasible as you will be disabling MTU negotiation and destination unreachable messages. You are essentially breaking the TCP/IP protocol. And if you want the protocol working OK, then people can do traceroute via HTTP messages or ICMP echo and reply.

Or they can do reverse traceroute at least until the border edge of your firewall via an external site.

DamnOregonian ( 963763 ) , Sunday May 27, 2018 @04:32PM ( #56684858 )
Re:So ( Score: 4 , Insightful)

You have no fucking idea what you're talking about. I run a multi-regional network with over 130 peers. Nobody "disables ICMP". IP breaks without it. Some folks, generally the dimmer of us, will disable echo responses or TTL expiration notices thinking it is somehow secure (and they are very fucking wrong) but nobody blocks all ICMP, except for very very dim witted humans, and only on endpoint nodes.

DamnOregonian ( 963763 ) writes:
Re: ( Score: 3 )

That's hilarious... I am *the guy* who runs the network. I am our senior network engineer. Every line in every router -- mine.

You have no idea what you're talking about, at any level. "disabled ICMP" - state statement alone requires such ignorance to make that I'm not sure why I'm even replying to ignorant ass.

DamnOregonian ( 963763 ) writes:
Re: ( Score: 3 )

Nonsense. I conceded that morons may actually go through the work to totally break their PMTUD, IP error signaling channels, and make their nodes "invisible"

I understand "networking" at a level I'm pretty sure you only have a foggy understanding of. I write applications that require layer-2 packet building all the way up to layer-4.

In short, he's a moron. I have reason to suspect you might be, too.

DamnOregonian ( 963763 ) writes:
Re: ( Score: 3 )

A CDS is MAC. Turning off ICMP toward people who aren't allowed to access your node/network is understandable. They can't get anything else though, why bother supporting the IP control channel? CDS does *not* say turn off ICMP globally. I deal with CDS, SSAE16 SOC 2, and PCI compliance daily. If your CDS solution only operates with a layer-4 ACL, it's a pretty simple model, or You're Doing It Wrong (TM)

nyet ( 19118 ) writes:
Re: ( Score: 3 )

> I'm not a network person

IOW, nothing you say about networking should be taken seriously.

kevmeister ( 979231 ) , Sunday May 27, 2018 @05:47PM ( #56685234 ) Homepage
Re:So ( Score: 4 , Insightful)

No, TCP/IP is not working fine. It's broken and is costing you performance and $$$. But it is not evident because TCP/IP is very good about dealing with broken networks, like yours.

The problem is that doing this requires things like packet fragmentation which greatly increases router CPU load and reduces the maximum PPS of your network as well s resulting in dropped packets requiring re-transmission and may also result in widow collapse fallowed with slow-start, though rapid recovery mitigates much of this, it's still not free.

It's another example of security by stupidity which seldom provides security, but always buys added cost.

Hylandr ( 813770 ) writes:
Re: ( Score: 3 )

As a server engineer I am experiencing this with our network team right now.

Do you have some reading that I might be able to further educate myself? I would like to be able to prove to the directors why disabling ICMP on the network may be the cause of our issues.

Zaelath ( 2588189 ) , Sunday May 27, 2018 @07:51PM ( #56685758 )
Re:So ( Score: 4 , Informative)

A brief read suggests this is a good resource: https://john.albin.net/essenti... [albin.net]

Bing Tsher E ( 943915 ) , Sunday May 27, 2018 @01:22PM ( #56683792 ) Journal
Re: Denying ICMP echo @ server/workstation level t ( Score: 5 , Insightful)

Linux has one of the few IP stacks that isn't derived from the BSD stack, which in the industry is considered the reference design. Instead for linux, a new stack with it's own bugs and peculiarities was cobbled up.

Reference designs are a good thing to promote interoperability. As far as TCP/IP is concerned, linux is the biggest and ugliest stepchild. A theme that fits well into this whole discussion topic, actually.

[May 29, 2012] fping – Freecode

fping is a ping-like program which uses the Internet Control Message Protocol (ICMP) echo request to determine if a target host is responding. fping differs from ping in a way that you can specify any number of targets on the command line, or specify a file containing the lists of targets to ping. Instead of sending pings to one target until it times out or replies, fping will send out a ping packet and move on to the next target in a round-robin fashion.

[Jan 26, 2011] UNIX network performance analysis

Measuring latency

The ping tool is well known to all network administrators as a basic tool for checking the availability and latency of a network device. Ping should work with most machines, both clients and servers, providing they have been configured to respond to the ICMP packets that the ping tool sends to the device. Essentially, ping sends an echo packet to the device, and expects the device to echo the packet contents back.

During the process, ping can monitor the time it takes to send and receive the response, which can be an effective method of measuring the response time of the echo process. In the simplest form, you can send an echo request to a host and find out the response time (see Listing 1).

Using ping to determine latency
$ ping example

PING example.example.pri (192.168.0.2): 56 data bytes
64 bytes from 192.168.0.2: icmp_seq=0 ttl=64 time=0.169 ms
64 bytes from 192.168.0.2: icmp_seq=1 ttl=64 time=0.167 ms
^C
--- example.example.pri ping statistics ---
2 packets transmitted, 2 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.167/0.168/0.169/0.001 ms

You need to use Control-C to stop the ping process. On Solaris and AIX®, you need to use the -s option to send more than one echo packet and get the timing information. For getting baseline figures, you can use the -c option (on Linux®) to specify the count. On Solaris/AIX, you must specify the packet size (the default is 56 bytes), and the number of packets to send so that you do not have to manually terminate the process. You can then use this to extract the timing information automatically (see Listing 2).

Specifying the packet size when using ping on Solaris/AIX
$ ping -s example 56 10
PING example: 56 data bytes
64 bytes from example.example.pri (192.168.0.2): icmp_seq=0. time=0.143 ms
64 bytes from example.example.pri (192.168.0.2): icmp_seq=1. time=0.163 ms
64 bytes from example.example.pri (192.168.0.2): icmp_seq=2. time=0.146 ms
64 bytes from example.example.pri (192.168.0.2): icmp_seq=3. time=0.134 ms
64 bytes from example.example.pri (192.168.0.2): icmp_seq=4. time=0.151 ms
64 bytes from example.example.pri (192.168.0.2): icmp_seq=5. time=0.107 ms
64 bytes from example.example.pri (192.168.0.2): icmp_seq=6. time=0.142 ms
64 bytes from example.example.pri (192.168.0.2): icmp_seq=7. time=0.136 ms
64 bytes from example.example.pri (192.168.0.2): icmp_seq=8. time=0.143 ms
64 bytes from example.example.pri (192.168.0.2): icmp_seq=9. time=0.103 ms

----example PING Statistics----
10 packets transmitted, 10 packets received, 0% packet loss
round-trip (ms)  min/avg/max/stddev = 0.103/0.137/0.163/0.019

The example in Listing 2 was made during a quiet period on the network. If the host being checked (or the network itself) was busy during the testing period, the ping times could be increased significantly. However, ping alone is not necessarily an indicator of a problem, but it can occasionally give you a quick idea if there is something that needs to be identified.

It is possible to switch off support for ping, and so you should ensure that you can reach the host before using it as a verification that a host is available.

Ideally, you should track the ping times between specific hosts over a period of time, and even continually, so that you can track the average response times and then identify where to start looking.

... ... ...

Ping times in larger networks

If you can ping the machine, but the network performance is still a problem, then you need to determine where in your network the performance problem is located. In a larger network where you have different segments of your network separated by routers, you can use the traceroute tool determine whether there is a specific point in the route between the two machines where there is a problem.

Related to the ping tool, the traceroute tool will normally provide you with the ping times for each router that the network packets travel through to reach their destination. In a larger network this can help you isolate where the problem is. This can also be used to identify potential problems when sending packets over the Internet, where different routers are used at different points to transmit packets between different Internet Service Providers (ISP).

For example, the trace shown in Listing 11 is between two offices in the UK that use two different ISPs. In this case, the destination machine cannot be reached due to a fault.

$ traceroute gendarme.example.com
traceroute to gendarme.example.com (82.70.138.102), 30 hops max, 40 byte packets
 1  voyager.example.pri (192.168.1.1)  14.998 ms  95.530 ms  4.922 ms
 2  dsl.vispa.net.uk (83.217.160.18)  32.251 ms  95.674 ms  30.742 ms
 3  rt-gw1.tcm.vispa.net.uk (62.24.228.1)  49.178 ms  47.718 ms  123.261 ms
 4  195.50.119.249 (195.50.119.249)  47.036 ms  50.440 ms  143.123 ms
 5  ae-11-11.car1.Manchesteruk1.Level3.net (4.69.133.97)  92.398 ms  137.382 ms  
52.780 ms
 6  PACKET-EXCH.car1.Manchester1.Level3.net (195.16.169.90)  45.791 ms  140.165 ms  
35.312 ms
 7  spinoza-ae2-0.hq.zen.net.uk (62.3.80.54)  33.034 ms  39.442 ms  33.253 ms
 8  galileo-fe-3-1-172.hq.zen.net.uk (62.3.80.174)  34.341 ms  33.684 ms  33.703 ms
 9  * * *
10  * * *
11  * * *
12  * * *

[Sep 3, 2008] mtr 0.74 by Moritz Barsnick

About: mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. It features a console as well as a GTK based interface.

Changes: The "-u" option was added to use UDP datagrams instead of ICMP ECHO. GTK+ related code was cleaned up. Version 2.4.0 of GTK+ is now required.

An Overview of ping By Pat Eyler

Ping is an diagnostic tool for verifying connectivity between two hosts on a network. It sends ICMP Echo Request packets to a remote IP address and watches for ICMP responses. The author of the initial version of the ping program that we use today was Mike Muss. Many other people have tweaked, rewritten, and variously abused ping since then.

The name ping itself is somewhat colorful. Some people will claim that it is an acronym standing for the Packet INternet Groper, this is not the case. Ping was named after the sound of a sonar tracking system. There is even a story claiming that a system administrator wrote a script which repeatedly pinged a host on the network and made an audible "pinging" alert for each success. The system administrator was then able to methodically go through his network checking BNC connectors until he found the dodgy connector that had been plaguing his network - when the noises stopped, he'd found his culprit.

Ping used to be a very good indicator of a machines ability to receive and send IP packets in general. If you could ping a host, you could also make an ftp or http connection. With the wider advent of packet filtering for security, this is becoming less true. Many firewalls explicitly disallow ICMP packets on the twin grounds that,

  1. People don't need to know what your internal network looks like,
  2. Any protocol can be used to launch an attack, even ICMP.
Deciding whether to let ICMP through your firewall is a tough call to make. There are certainly good uses for ICMP, but there are also attacks based on ICMP (e.g., the "Ping of Death", which used oversized ping packets to overload the IP stack of the target - with often spectacular results). If you choose to allow ICMP into your network make sure you've thought about the repercussions.

There are additional flavors of the ping command that have been written for other purposes. Among the most common is the fping command. Which was written to ping a range of addresses, and is commonly used in network scanners and monitors like saint and mon (both of which are covered in this chapter). Another variation is the Net::Ping module, which provides a perl implementation of Ping functionality that can easily be used from within a script without calling an external program. You might use the script something like this:

Example 1. Using Net::Perl
#!/usr/bin/perl -w

use strict;
use Net::Ping;
	  
my $host = $ARGV[0];
	  
my $p = Net::Ping->new("icmp");
	  
if ($p->ping($host)) {
    print "$host is alive.\n";
} else {
    print "$host is not reachable.\n";
}
	

ping at Work

Ping is most often used without additional arguments and shut off with a Ctrlc. The results look like this:

[pate@cherry pate]$ ping mango
PING mango (192.168.1.1) from 192.168.1.10 : 56(84) bytes of data.
64 bytes from mango (192.168.1.1): icmp_seq=0 ttl=255 time=0.5 ms
64 bytes from mango (192.168.1.1): icmp_seq=1 ttl=255 time=0.3 ms
64 bytes from mango (192.168.1.1): icmp_seq=2 ttl=255 time=0.3 ms
64 bytes from mango (192.168.1.1): icmp_seq=3 ttl=255 time=0.3 ms
64 bytes from mango (192.168.1.1): icmp_seq=4 ttl=255 time=0.3 ms
64 bytes from mango (192.168.1.1): icmp_seq=5 ttl=255 time=0.3 ms

--- mango ping statistics ---
6 packets transmitted, 6 packets received, 0% packet loss
round-trip min/avg/max = 0.3/0.3/0.5 ms
[pate@cherry pate]$ 
      
This output can split into three sections. The first section, the single line starting with the word "PING", shows an overview of the command. The second section, the lines beginning with "64 bytes" show a running tally of the responses received. The third section, everything after the line "--- mango ping statistics ---", shows a summary of the results. In this case, the results are good, none of the packets were dropped and they were all passed fairly quickly.

This example also shows another important point, you should not rely on a single packet to diagnose your network. A series of five or ten is much better, as you can count up to 40% data loss as congestion on a network, and even a single packet dropped can be attributed to a busy host on the other end.

There are several useful options to the ping command. These are summarized in the following table:

Table 1. Ping Command Options
Switch Description
-c count Stop sending and receiving packets after count packets.
-d Set the SO_DEBUG on the socket used.
-f Send the packets as fast as possible. (flood)
-i wait Set an interval of wait seconds between packets.
-I 〈device〉 Sets the output interface.
-l preload Sends preload packets as fast as possible, then drops back to normal mode.
-n Don't look up hostnames, just give IP addresses. (numeric)
-p pattern Specify up to 16 bytes of "pad data" to be sent with the packet.
-q Output only summary lines. (quiet)
-r Don't use routing tables to send the packet, just drop it out the local interface.
-R Set the Record Route option.
-s packetsize Set the number of data bytes sent to packetsize.
-T tsonly Sends a ping with the timestamp option.
-T tsandaddr Collects timestamps and addresses
-T tsprespec [host1 [host2 [host3 [host4]]]] Collects timestamps and addresses from prespecified hops.

These options can be combined to make ping even more helpful. One thing that you cannot see is that the ping command used in the previous section is likely to take several seconds to run and report back. Using the -f switch will reduce the time spent waiting for the command. Combining this with the -c 10 and the -q switches will give you quick results and easier output to read:

	[root@cherry /root]# ping -c 10 -fq mango
PING mango (192.168.1.1) from 192.168.1.10 : 56(84) bytes of data.

--- mango ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 0.2/0.2/0.9 ms
[root@cherry /root]# 
	
      

Note: The -f and -l switches can only be used by root, as they can cause serious network degradation if misused.

It might be of some benefit to test larger packets, using ping -c10 -s 1024 -qf will send larger packets for you. This can be especially useful where you suspect problems with fragmented packets.

To see the route that your packets are traversing, you can use ping -c10 -R. This command produces the following output:

	PING tbr.nailed.org (206.66.240.72) from 192.168.1.10 : 56(124) bytes of data.
64 bytes from bigfun.whirlycott.com (206.66.240.72): icmp_seq=0 ttl=239 time=217.2 ms
RR: 	192.168.1.10
	216.41.39.90
	serial0.mmgw32.bos1.Level3.net (209.244.39.25)
	208.218.130.22
	166.90.184.2
	so-6-0-0.mp2.NewYork1.level3.net (209.247.10.45)
	137.39.52.10
	180.ATM7-0.BR2.NYC9.ALTER.NET (152.63.22.229)
	lo0.XR2.NYC9.ALTER.NET (137.39.4.175)

64 bytes from bigfun.whirlycott.com (206.66.240.72): icmp_seq=1 ttl=239 time=1940.8 ms	(same route)
64 bytes from bigfun.whirlycott.com (206.66.240.72): icmp_seq=2 ttl=239 time=250.6 ms	(same route)
64 bytes from bigfun.whirlycott.com (206.66.240.72): icmp_seq=3 ttl=239 time=230.3 ms	(same route)
64 bytes from bigfun.whirlycott.com (206.66.240.72): icmp_seq=4 ttl=239 time=289.8 ms	(same route)
64 bytes from bigfun.whirlycott.com (206.66.240.72): icmp_seq=5 ttl=239 time=1261.4 ms	(same route)
64 bytes from bigfun.whirlycott.com (206.66.240.72): icmp_seq=6 ttl=239 time=469.4 ms	(same route)
64 bytes from bigfun.whirlycott.com (206.66.240.72): icmp_seq=7 ttl=239 time=1272.3 ms	(same route)
64 bytes from bigfun.whirlycott.com (206.66.240.72): icmp_seq=8 ttl=239 time=353.1 ms	(same route)
64 bytes from bigfun.whirlycott.com (206.66.240.72): icmp_seq=9 ttl=239 time=1281.1 ms	(same route)

--- tbr.nailed.org ping statistics ---
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min/avg/max = 217.2/756.6/1940.8 ms
	
      
Note: The record route option specified by the -R switch is not honored by all routers and hosts. Further, it contains only a limited space to hold router addresses, traceroute may be a better tool for identifying the path packets follow through a network.

The ping command is a very useful tool for your troubleshooting kit, and should not be overlooked.

This article is copyright 2000, Pat Eyler and New Riders Publishing. It is presented under the Open Publication License, with no additional terms applied. It is a draft version of a section of the book Networking Linux: A Practical Guide to TCP/IP, which will be published by New Riders Publishing in the winter.

Recommended Links

Google matched content

Softpanorama Recommended

Top articles

Sites

Fping

Reference

OPTIONS

OPERANDS

EXAMPLES

EXIT STATUS

ATTRIBUTES

SEE ALSO

History

Ping was created by Mike Muuss (pronounced "moose") of the Army Research Laboratory in December 1983 in about a day in response to network difficulties he encountered. Mike died in a car accident on Interstate 95 near Havre de Grace, Maryland, USA at about 11 PM on Monday, November 20, 2000 at the age of 42. Mike accomplished much in his short life, but he will be best remembered for coding and giving away the source to ping. Read Mike Muuss' obituary from The Baltimore Sun, November 25. He serves as a lesson to all of us in the computer community that you are remembered not for how much you make, but how much you give away. Thank you Mike, for leaving a bit of yourself behind to help us in our computing journeys; we are going to miss you.

Mike account is available at The Story of the PING Program

Mtr

mtr 0.74 by Moritz Barsnick

About: mtr combines the functionality of the 'traceroute' and 'ping' programs in a single network diagnostic tool. It features a console as well as a GTK based interface.

Changes: The "-u" option was added to use UDP datagrams instead of ICMP ECHO. GTK+ related code was cleaned up. Version 2.4.0 of GTK+ is now required.



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2018 by Dr. Nikolai Bezroukov. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) in the author free time and without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to make a contribution, supporting development of this site and speed up access. In case softpanorama.org is down you can use the at softpanorama.info

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the author present and former employers, SDNP or any other organization the author may be associated with. We do not warrant the correctness of the information provided or its fitness for any purpose.

The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: January 11, 2019