ping uses the ICMP protocol's mandatory ECHO_REQUEST
datagram to elicit an ICMP ECHO_RESPONSE
from a host or
gateway. ECHO_REQUEST
datagrams (pings) have an IP and
ICMP header, followed by a struct timeval and then an arbitrary
number of pad bytes used to fill out the packet. Synopsis:
ping [option...] host...
RECORD_ROUTE
field in the
ECHO_REQUEST packet and displays the route buffer on returned packets.
Note that the IP header is only large enough for nine such routes.
Many hosts ignore or discard this option.
When using ping for fault isolation, it should first be run on the local host, to verify that the local network interface is up and running. Then, hosts and gateways further and further away should be pinged. Round-trip times and packet loss statistics are computed. If duplicate packets are received, they are not included in the packet loss calculation, although the round trip time of these packets is used in calculating the minimum/average/maximum round-trip time numbers. When the specified number of packets have been sent (and received) or if the program is terminated with a ‘SIGINT’, a brief summary is displayed.
This program is intended for use in network testing, measurement and management. Because of the load it can impose on the network, it is unwise to use ping during normal operations or from automated scripts.
Ping will report duplicate and damaged packets. Duplicate packets should never occur, and seem to be caused by inappropriate link-level retransmissions. Duplicates may occur in many situations and are rarely (if ever) a good sign, although the presence of low levels of duplicates may not always be cause for alarm.
Damaged packets are obviously serious cause for alarm and often indicate broken hardware somewhere in the ping packet's path (in the network or in the hosts).
The (inter)network layer should never treat packets differently depending on the data contained in the data portion. Unfortunately, data-dependent problems have been known to sneak into networks and remain undetected for long periods of time. In many cases the particular pattern that will have problems is something that doesn't have sufficient “transitions”, such as all ones or all zeros, or a pattern right at the edge, such as almost all zeros. It isn't necessarily enough to specify a data pattern of all zeros (for example) on the command line because the pattern that is of interest is at the data link level, and the relationship between what you type and what the controllers transmit can be complicated.
This means that if you have a data-dependent problem you will probably have to do a lot of testing to find it. If you are lucky, you may manage to find a file that either can't be sent across your network or that takes much longer to transfer than other similar length files. You can then examine this file for repeated patterns that you can test using the -p option of ping.
The TTL, Time To Live value of an IP packet represents the maximum number of IP routers that the packet can go through before being thrown away. In current practice you can expect each router in the Internet to decrement the TTL field by exactly one.
The TCP/IP specification states that the TTL field for TCP packets should be set to 60, but many systems use smaller values (4.3 BSD uses 30, 4.2 used 15).
The maximum possible value of this field is 255, and most UNIX systems
set the TTL field of ICMP (ECHO_REQUEST
) packets to 255. This
is why you will find you can ping some hosts, but not reach them with
telnet or ftp.
In normal operation ping prints the TTL value from the packet it receives. When a remote system receives a ICMP packet, it can do one of three things with the TTL field in its response:
TTL
value in the received packet will be 255 minus the
number of routers in the path from the remote system to the pinging
host.
Many hosts and gateways ignore the RECORD_ROUTE
field, since
the maximum IP header length is far to small to hold all the routes.
There's not much that can be done about this.
Flood pinging is not recommended in general, and flood pinging the broadcast address should only be done under very controlled conditions.