The ping utility's main function is to measure the round-time-trip (RTT) for packets sent from a source to a destination that are echoed back to the source. To do this, it uses Internet Control Message Protocol (ICMP) and sends ICMP Echo Request packets to the destination host. It then waits for an ICMP Echo Reply.
When ping runs, it will report several pieces of information. The first is the size of the packet received. The default size is 56 bytes. However, an ICMP ECHO_REQUEST packet contains an additional 8 bytes for an ICMP header; therefore, the size reported is 64 bytes. The next piece of information is the destination IP address (ping does not resolve hostnames by default).
The icmp_seq field reveals the ordering of ICMP packets; these packets are not necessarily received in the same order as they are sent although when networks are functioning correctly, they usually are. TTL stands for time to live, and this field is reduced by one by every router en route to its destination. If TTL reaches zero before the packet arrives at its destination, an ICMP error is sent back (ICMP Time Exceeded). The last field is the RTT of each packet, which is generally a good benchmark of the latency of a connection.
At the end of the ping session, ping reports aggregate statistics. The number of packets transmitted and received is reported, along with the percentage of packet loss. We also see the minimum RTT, the average RTT, the maximum RTT, and the standard deviation.
It should be noted that it is increasingly common for firewalls to block ICMP traffic, thus rendering ping useless with these hosts. In fact, pfSense blocks such traffic by default. If you want to ping your hosts from the other side of a pfSense firewall, you will have to explicitly allow such traffic. Adding some well-crafted firewall rules will thus allow us to ping our own networks, but it will be of no help when we are pinging networks we don’t control. If you find a need to ping a network that blocks ICMP traffic, you might be better off using a utility that relies on TCP or UDP for sending packets, as these protocols are much less likely to be blocked. One such utility is tcpping. It has a similar syntax to ping. If you are pinging to local hosts, you can use arping. This utility uses the Address Resolution Protocol (ARP) request method to resolve IP addresses.
To install tcpping, first install the tcptraceroute script. It can be found in most Linux repositories. If you are using Debian/Ubuntu/Mint Linux, use this command:
sudo apt-get install tcptracerouteFor CentOS/Red Hat Enterprise Level, we are using yum for package installation as follows:
sudo yum install tcptracerouteTo install tcpping, do the following:
cd /usr/binsudo wget http://www.vdberg.org/~richard/tcpping
sudo chmod 755 tcpping
The chmod command is to set the proper permissions for tcpping.
In spite of these difficulties, the ping utility can be useful in a number of different scenarios:
- It can help us determine if there is network connectivity between two hosts
- It can help us determine if there is an unacceptable level of packet loss
- It is a good tool for measuring latency between any two hosts