A “ping” is a way for one computer to check if it can reach another computer using the networking IP protocol. The source computer can do a ping command to check if a destination computer is reachable, replies to pings, and the time it took to get there and back. The result will be the round-trip time it took for an IP packet to make it to the destination and back. The name comes from sonar terminology which would send a pulse and wait for the echo response.
Personal computers come equipped with the ping tool installed by default. Simply open a cmd or terminal window and type
ping example.com. The result will look something like this:
The output above shows that 5 pings were sent to example.com and round trip time it took for the ping packet to make it there and back was 15ms or 0.015 seconds.
ttl in the response above indicates “time to live”. This is the hop limit that limits the life of the packet. By default the TTL of a ping is 255. This decrements by 1 for every router or hop the packets goes through in order to get to its destination. This mechanism is put in place to avoid packet storms and routing loops. If a packet didn’t have a TTL and couldn’t reach its destination it could keep bouncing around the network forever.
The technology used to make ping work is Internet Control Message Protocol (ICMP). A ping works by sending an ICMP echo request packet to the destination. When the destination receives it, it will respond with an ICMP echo reply. Often the word ping and ICMP are used interchangeably.
Using Ping to Troubleshoot Network Connectivity Issues
The ping command is a simple yet powerful tool to test basic connectivity between two computers. Not all computers will reply to a echo request packet. By default, Windows computers block incoming pings using the Windows Firewall.
If a system administrator or user is having a problem getting a computer on the network they may try the following tests:
- Ping the IP of the computer itself.
- Ping the IP of the default gateway.
- Ping the IP of the destination system.
By running these three tests, we can determine where the network problem exists. If test 1 fails we know there is a problem with the interface of the computer itself and it should be checked. If test 2 fails we know there’s an issue between this computer and the very next hop the computer is connected to. If test 3 fails it may mean a number of things are wrong such as a firewall blocking outbound connections over ICMP, the destination device is blocking ICMP, there isn’t a route to that system, or that system may be down.
ICMP types and codes
Ping or ICMP packets have a specific ‘type’ flag set on them to determine what type of ping this is. For instance the type could be echo request or echo reply. Here is a table with common ICMP types.
|0||Echo Reply||0 - no code|
|3||Destination Unreachable||0 - net unreachable
1 - host unreachable
3 - port unreachable
5 - source route failed
6 - dest network unknown
7 - dest host unkonwn
|8||Echo Request||0 - no code|
|11||Time Exceeded||0 - ttl exceeded in transit
1 - fragment reassembly time exceeded
Unique Characteristics of ICMP
An ICMP packet is identified as having protocol 1. This makes it different than TCP or UDP which use different protocols.
When a packet is sent using TCP or UDP it uses a source port and destination port. When the destination system replies it switches the source and destination ports to let all of the devices in the network path know this is a return packet. ICMP works different by completely tearing down the original echo request and creating a fresh new echo reply packet. Because of this ICMP is not a stateful protocol and often needs to be handled separately by networking devices to be permitted through.