ping

NAME

ping - send ICMP ECHO_REQUEST packets to network hosts

SYNOPSIS

ping [-dfnqrvR] [-c count] [-i wait]
	 [-l preload] [-p pattern] [-s packetsize]

DESCRIPTION

The ping(1) utility uses the mandatory ECHO_REQUEST datagram of the Internet Control Message Protocol (ICMP) to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams (pings) have an Internet Protocol (IP) and ICMP header, followed by a "struct timeval" and then an arbitrary number of "pad" bytes used to fill out the packet.

The options are as follows:

-c count

Stop after sending (and receiving) count ECHO_RESPONSE packets.

-d

Set the SO_DEBUG option on the socket being used.

-f

Flood ping. Outputs packets as fast as they come back, or one hundred times per second, whichever is more frequent. For every ECHO_REQUEST sent a period (.) is printed; for every ECHO_REPLY received, a back space is printed. This provides a rapid display of how many packets are being dropped. Only a user with appropriate privileges can use this option. Because this option can be very hard on a network, use it with caution.

-i wait

Specifies how many seconds to wait between sending each packet; the number of seconds is specified by wait. The default is to wait for one second between each packet. This option is incompatible with the -f option.

-l preload

If preload is specified, ping(1) sends that number of packets as fast as possible before falling into its normal mode of behavior.

-n

Numeric output only. No attempt will be made to look up symbolic names for host addresses.

-p pattern

You can specify up to 16 pad bytes to fill out the packet you send. This is useful for diagnosing data-dependent problems in a network. For example, -p ff will cause the sent packet to be filled entirely with ones.

-q

Quiet output. Nothing is displayed except the summary lines at start-up time and when finished.

-R

Record route. Includes the RECORD_ROUTE option in the ECHO_REQUEST packet and displays the route buffer on returned packets. Note that the IP header is large enough only for nine such routes. Many hosts ignore or discard this option.

-r

Bypass the normal routing tables and send directly to a host on an attached network. If the host is not on a directly attached network, an error is returned. You can use this option to ping a local host through an interface that has no route through it (for example, after the interface was dropped by routed(1)).

-s packetsize

Specifies the number of data bytes to be sent. The default is 56, which translates into 64 ICMP data bytes when combined with the 8 bytes of ICMP header data.

-v

Verbose output. ICMP packets other than ECHO_RESPONSE that are received are listed.

When ping is being used for fault isolation, it should first be run on the local host to verify that the local network interface is up and running. Then, hosts and gateways further and further away should be pinged. Round-trip times and packet-loss statistics are computed. If duplicate packets are received, they are not included in the packet-loss calculation, although the round-trip time of these packets is used in calculating the minimum/average/maximum round-trip time numbers. When the specified number of packets has been sent (and received), or if the program is terminated with a SIGINT, a brief summary is displayed.

This program is intended for use in network testing, measurement, and management. Because of the load it can impose on the network, it is unwise to use ping during normal operations or from automated scripts.

ICMP packet details

An IP header without options is 20 bytes. An ICMP ECHO_REQUEST packet contains an additional 8 bytes worth of ICMP header followed by an arbitrary amount of data. When a packetsize is given, this indicates the size of this extra piece of data (the default is 56). Thus the amount of data received inside of an IP packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space (the ICMP header).

If the data space is at least 8 bytes, ping uses the first 8 bytes of this space to include a time stamp that it uses in the computation of round trip times. If less than 8 bytes of pad are specified, no round-trip times are given.

Duplicate And damaged packets

The ping(1) utility will report duplicate and damaged packets. Although duplicate packets should not occur, they do occur in many situations; they seem to be caused by inappropriate link-level retransmissions. The presence of duplicates is rarely (if ever) a good sign. If the presence of duplicates is at a low level, it might not be cause for alarm, however.

Damaged packets, on the other hand, are cause for alarm. They often indicate broken hardware somewhere in the ping(1) packet's path (in the network or in the hosts).

Trying different data patterns

Although the (inter)network layer should never treat packets differently based on the data contained in the data portion, data-dependent problems can sometimes infiltrate networks and remain undetected for a long time. In many cases, a pattern that produces problems consists of all ones or zeros, or almost all ones or all zeros. Because of a lack of transitions in the network layer data, the data-link layer has difficulty distinguishing bits. It is not necessarily enough to specify a data pattern of all zeros (for example) on the command line because the pattern that is of interest is at the data-link level, and the relationship between what you type and what the controllers transmit can be complicated.

This means that if you have a data-dependent problem you will probably have to do a lot of testing to find it. If you are lucky, you might find a file that either cannot be sent across your network, or that takes much longer to transfer than other files of similar length. After you have found such a file, examine it for repeated patterns that you can test using the -p option of ping(1).

TTL details

The time-to-live (TTL) value of an IP packet represents the maximum number of IP routers that the packet can go through before being discarded. In current practice, you can expect each router in the Internet to decrement the TTL field by exactly one.

The TCP/IP specification states that the TTL field for TCP packets should be set to 60, but many systems use smaller values. For instance, 4.3 Berkeley Software Distribution (BSD) uses 30; 4.2 used 15.

The maximum possible value of this field is 255, and most systems set the TTL field of ICMP ECHO_REQUEST packets to 255. This is why you are able to ping some hosts, but are not reach them with telnet(1) or ftp(1).

In normal operation, ping prints the TTL value from the packet it receives. When a remote system receives a ping packet, it can do one of three following things with the TTL field in its response:

• Not change it; this is what Berkeley systems did before the BSD 4.3 tahoe release. In this case, the TTL value in the received packet will be 255 minus the number of routers in the round-trip path.
• Set it to 255; this is what current Berkeley systems do. In this case, the TTL value in the received packet will be 255 minus the number of routers in the path from the remote system to the pinging host.
• Set it to some other value. Some computers use the same value for ICMP packets that they use for TCP packets, for example either 30 or 60. Others might use completely wild values.

NOTES

Many hosts and gateways ignore the RECORD_ROUTE option.

The maximum IP header length is too small for options like RECORD_ROUTE to be completely useful. There is not much that that can be done about this, however.

In general, flood pinging is not recommended and flood pinging the broadcast address should only be done under very controlled conditions.

Interix does not provide a netstat(1) command to go with ping(1), but a netstat.exe(1) is provided with Windows.