PING

 PING is a very useful command to test if the remote host is available and response time. As a system engineer, we need to understand how ping works.

Ping server (which responses the Ping request) is usually in the host’s TCP/IP stack.  You do not need to run any user program to enable the ping response. But you can disable it if you want to ‘hide’ your host.

#echo “1” > /proc/sys/net/ipv4/icmp_echo_ignore_all                               #disable echo response.

How PING works.

In brief, PING will use Internet Control Message Protocol (ICMP) Echo messages. The PING program will issue ICMP packages as below:
Note: the ICMP package is in the IP packages.


According to ICMP specification. Ping server should response the ICMP echo message if he gets the request. The response message is similar.
The fields in ping package we may be interested are:
Identifier: in unix/linux, the identifier is the PID of the ping client so when the echo response is back, the host can identify which client it is for.
Sequence number : the increasing sequence number for a

Timestamp: the timestamp is used to calculate the RTT in between the PING requestor and the response.

The PING (echo request)

The PING (echo response)

Common ping options:

Ping commands is like this:  ping [options] destination.

Common Options are:

·         -c counts : ICMP echo counters, ping test times.

·         -i interval: the interval of the ping echoes.

·         -s packetsize: the package size of the ping

·         -t ttl : the TTL options of the IP (not in ICMP)

·         -I interface: the interface where the ping is out.

·         -R: record the routing information.