Quicklinks
- Download ActiveSocket Toolkit 4.2 (19927 KB)
- Download Manual (857 KB)
- Screenshots - Product image gallery
ActiveXperts PING backgrounds (PING is part of the ActiveSocket Toolkit)
Introduction
The Ping utility is essentially a system administrator's tool that is used to see if a computer is operating and also to see if network connections are intact. Ping uses the Internet Control Message Protocol (ICMP) Echo function which is detailed in RFC 792. A small packet is sent through the network to a particular IP address. This packet contains 64 bytes - 56 data bytes and 8 bytes of protocol reader information. The computer that sent the packet then waits (or 'listens') for a return packet. If the connections are good and the target computer is up, a good return packet will be received. PING can also tell the user the number of hops that lie between two computers and the amount of time it takes for a packet to make the complete trip. Additionaly, an administrator can use Ping to test out name resolution. If the packet bounces back when sent to the IP address but not when sent to the name, then the system is having a problem matching the name to the IP address. The time it takes for the packet to get to the target computer and back again is known as the round trip time. If this takes an extended period of time, it is indicative that something may be wrong.
Some characteristics of PING:
- Ping places a unique sequence number on each packet it transmits, and reports which sequence numbers it receives back. Thus, you can determine if packets have been dropped, duplicated, or reordered
- Ping checksums each packet it exchanges. You can detect some forms of damaged packets
- Ping places a timestamp in each packet, which is echoed back and can easily be used to compute how long each packet exchange took - the Round Trip Time (RTT)
- Ping reports other ICMP messages that might otherwise get buried in the system software. It reports, for example, if a router is declaring the target host unreachable
- Some routers may silently discard undeliverable packets. Others may believe a packet has been transmitted successfully when it has not been. (This is especially common over Ethernet, which does not provide link-layer acknowledgments) Therefore, ping may not always provide reasons why packets go unanswered
- Ping can not tell you why a packet was damaged, delayed, or duplicated. It can not tell you where this happened either, although you may be able to deduce it
- Ping can not give you a blow-by-blow description of every host that handled the packet and everything that happened at every step of the way. It is an unfortunate fact that no software can reliably provide this information for a TCP/IP network
ICMP - Internet Control Message Protocol
The Internet Control Message Protocol (ICMP) is part of the Internet protocol suite and defined in RFC 792. ICMP messages are typically generated in response to errors in IP datagrams (as specified in RFC1122 (http://www.ietf.org/rfc/rfc1122.txt)) or for diagnostic or routing purposes. The current version of ICMP is also known as ICMPv4, as it is part of the Internet Protocol version 4. Although ICMP messages are contained within standard IP datagrams, ICMP messages are usually processed as a special case distinguished from normal IP processing, rather than processed as a normal sub-protocol of IP. In particular, ICMP messages should never be generated as a consequence of ICMP message processing, in order to prevent cascades of ICMP messages. Many commonly used network utilities are based on ICMP messages. The ping utility (well known on Unix) is implemented using the ICMP "Echo" and "Echo reply" messages. The related traceroute command is implemented by transmitting UDP datagrams with manipulated IP Time-to-live (TTL) header fields and looking for ICMP "Time to live exceeded in transit" and "Destination unreachable" messages in response. Every machine (such as intermediate routers) that forwards an IP datagram has to decrement the TTL by one. If the TTL reaches 0, an ICMP "Time to live exceeded in transit" message is sent to the source of the datagram. Each ICMP message is encapsulated directly within a single IP datagram and thus, like UDP, ICMP does not guarantee delivery. List of permitted control messages:
0 - Echo Reply 1 - Reserved 2 - Reserved 3 - Destination Unreachable 4 - Source Quench 5 - Redirect Message 6 - Alternate Host Address 7 - ? 8 - Echo Request 9 - Router Advertisement 10 - Router Solicitation 11 - Time Exceeded 12 - Parameter Problem 13 - Timestamp 14 - Timestamp Reply 15 - Information Request 16 - Information Reply 17 - Address Mask Request 18 - Address Mask Reply 19 - Reserved for security 20-29 - Reserved for robustness experiment 30 - Traceroute 31 - Datagram Conversion Error 32 - Mobile Host Redirect 33 - IPv6 Where-Are-You 34 - IPv6 Here-I-Am 35 - Mobile Registration Request 36 - Mobile Registration Reply 37 - Domain Name Request 38 - Domain Name Reply 39 - SKIP Algorithm Discovery Protocol 40 - Photuris, Security failures 41-255 - Reserved
A PING packet
A packet (alternatively, datagram - the terms are basically synonymous, although in some contexts the two mean subtly different things) is the fundamental unit of information carriage in all modern computer networks.
A packet consists of a header, which contains the information needed to get the packet from the source to the destination, and a data area, which contains the information of the user who caused the creation of the packet. A good analogy is to consider a packet to be like a letter; the header is like the envelope, and the data area is whatever the person puts inside the envelope.
The life of one connection will usually comprise a series of packets; in some network designs, they will not necessarily all be routed over the same path through the network. Many networks do not provide protection against loss, duplication, or misdelivery of packets. However, it is possible to layer a transport protocol on top of the packet service which can provide such protection; TCP is an example. A datagram is a self-contained packet, one which contains enough information in the header to allow the network to forward it to the destination independently of previous or future datagrams. Thus, no setup is needed before a computer tries to send datagrams to a computer with which it has not previously communicated, unlike with virtual call protocols. Some systems that use packets (e.g. ATM) require a connection setup stage before any packets can be sent, which is why this distinction is drawn between the two otherwise identical terms. Others, for instance the Internet Protocol, do not require prior setup, and there the two terms are used interchangeably.
PING Time-To-Live
Time to live (TTL) is an 8-bit field in the Internet Protocol (IP) header that indicates how many more hops this packet should be allowed to make before being discarded or returned. It is the 9th octet of 20 in the IP header. TTL's also occur in the Domain Name System (DNS), where they are set by an authoritative nameserver for a particular Resource Record. When a Caching (recursive) nameserver queries the authoritative nameserver for a Resource Record, it will cache that record for the time specified by the TTL. If a stub resolver queries the caching nameserver for the same record before the TTL has expired, the caching server will simply reply with the already cached resource record rather than retrieve it from the authoritative nameserver again. Nameservers also have negative TTL's for negative replies (NXDOMAIN); they are generally short in duration (3 hours at most).
Shorter TTL's can cause heavier loads on an authoritative nameserver, but can be useful when changing the address of critical services like web servers or MX records, and therefore are often lowered by the DNS administrator prior to a service being moved, in order to minimise disruption.