Have you heard someone using a phrase ‘Can you ping me at 8:00 PM’ or ‘Please ping me when you are free’? I am sure you must have heard people using such phrases in their daily talks. I think its fairly obvious that they want the other person to check if they are available.
In an IP network, ‘ping‘ is used to test the IP reachability of a network element. ‘ping’ can only tell you that you can reach the IP layer in the target. It does not tell you if you can reach any services in the target. Ping was created by Mike Muuss sometime in 1983. He had created it to debug some odd bahviour in his IP network. ‘ping’ uses ICMP protocol’s ‘echo’ request and reply message types.
A network element pinging another network element, sends out an ICMP packet with ICMP message type as ‘echo request‘. The intermediate routers forward this packet as the usual data packets. Target network element’s ICMP stack process this packet and reply with ICMP message type as ‘echo reply‘. This reply message is sent to sender. The reply packet is received by the sender and sender then declares that it can successfully reach the target network element. Let us look at figure-1 to see how ping works.
In figure-1, let us assume that ‘PC-1’ wants to check the IP reachability of ‘PC-2’. ‘PC-1’ starts a ping to PC-2’s IP address. PC-1 prepares an ICMP packet with ‘echo request’ message type and sends it to the local kernel. PC-1’s kernel does a route lookup for the PC-2’s IP address. If a route for PC-2 does not exist, ping immediately fails. Let us assume a route for PC-2 exists and it has Router-1 as the gateway. The ICMP packet is then sent to Router-1. Router-1 receives it and does a route lookup for PC-2. If Router-1 does not have a route to reach PC-2, it will drop the ping packet and it will send an ICMP unreachable message back to PC-1. Routers are usually configured not to send ICMP unreachable messages as it takes some efforts for them to do so. Now let us assume Router-1 has a route and that has router-2 as the gateway. Router-1 will decrement the ‘ttl’ and forward this packet to Router-2. Router-2 will repeat the same process as Router-1. Router-2 will send it to PC-2. PC-2 will figure out that the ping packet is for himself. The packet will be passed to ICMP layer in kernel. Please note that ping packets are replied by kernel itself. What does it mean? It means that there may be cases where your ping is successful to a server but you still cannot connect to some services on that server. It could be because of various reasons like the service is not running on that server or there are filters which is discarding your request etc..
ICMP layer in PC-2 will reply to the echo request by changing message type to ‘echo response’ and interchange source and destination address in IP header. ICMP layer then sends it to IP layer for routing the reply to PC-1. Each network element starting with PC-2 does route lookup and forward the reply towards PC-1. I hope you notices one interesting thing here. Even though the echo request has reached the destination, your ping can still fail without any ICMP unreachable messages if the return path does not have route to the source. For example: if Router-2 does not know how to reach PC-1, it will discard the reply message and PC-1 will never come to know why ping is failing.
Now that we know how ping works, let us see how this is useful in debugging some of the networking issues. For reference, I have used ‘ping’ utility from Linux. Please note that some of the options available in ‘ping’ in Linux may not be available in other operating systems.
Using ping to find round-trip-time between two network elements:
One of the earliest usage of ping was to find the round trip-time for a server. What does this tells us? It could tell you how far the server is and how fast the intermediate network is. For example: in figure-1, if you ping Router-1 from PC-1, round trip-time usually won’t be more than 1 or 2 milliseconds but if you are pinging a server like ‘google.com’ that is multiple hop away, it may take tens or hundreds of milliseconds. Please look at figure-2 for the sample output. This gives you some indication how your network is behaving.
Test if fragmented packets are handled correctly between two network elements:
If you are facing issues with fragmented packets in your network, you can use ping to reproduce or diagnose the same. ‘ping’ allows you to select the size of the packet you want to use by passing an option to the command line. For example: PC-1 can ping PC-2 with a packet size of 2000 bytes. IP layer in PC-1 will fragment the packet and send out two packets of 1500 and 500 bytes to PC-2 (assuming MTU is 1500). PC-2 will reply with the same size so fragmented packets will be exchanged between PC-1 and PC-2.
Find the end-to-end MTU between two network elements:
‘ping’ provides an option where in you can set the ‘Don’t fragment’ bit in the IP header. This can help in determining that MTU between two network element. In figure-4, let us assume PC-1 wants to figure out the MTU all the way till PC-2. PC-1 will guess a MTU, let us use 1450 bytes and sends out a ping packet of this size and set ‘Don’t Fragment’ bit. This will pass as MTU is 1500. It then tries the next ping with 1500 bytes. This will also pass. It will then try the next ping with 1550 bytes for which ping will fail at router-2 which needs to fragment it. In this case, router-2 will send back ICMP destination unreachable with code 4 (Fragmentation required, and Don’t Fragment flag set). Now PC-1 just need to try out various packet sizes between 1500 and 1550 bytes to find at exactly what packet size ping fails. One byte less than that value is the MTU.
Find network elements on local network:
‘ping’ provides an option to ping the broadcast address of the LAN. With this option, with just one single packet, you can make all the network elements respond to this one ping packet. This way, you can figure out what all network elements are available in the local network. Please note that some network elements may not respond to a broadcast ping.
Find the number-of-hops between two network elements:
‘ping’ provides an option to set the ttl value in the IP header of ping packets. This can be used to find the number-of-hops between two network elements. In figure-1, PC-1 can ping to PC-2 address starting with ttl value as 1 and keep incrementing the ttl value until it receives a reply. In figure-1, ttl value 1 and 2 won’t work. But if PC-1 uses ttl value 3, it will get a reply. This means there are two hops (ttl value – 1) between PC-1 and PC-2. If you look at the output in figure-2 closely, you can see that the output includes the received ‘ttl’ which can tell you the number-of-hops between two network element in the return path.
- You can use ‘ping’ with a specific payload pattern to debug if no intermediate network elements are changing the payload content during transmission.
- If your network supports routing based on DSCP marking, ping can be used to test the routing of packets based on ‘tos’ bits as ping allows a user to set the ‘tos’ bits in ping packets.
I have used each one of the above during some debugging, what about you, what do you use “ping” for?