PING
What is ping ?
Why to use PING ?
Syntax of PING ?
Ping is a computer network administration utility used to
test the reachability of a host on an Internet Protocol (IP) network and to
measure the round-trip time for messages sent from the originating host to a
destination computer. The name comes from active sonar terminology which sends
a pulse of sound and listens for the echo to detect objects underwater.
Ping operates by sending Internet Control Message Protocol
(ICMP) echo request packets to the target host and waiting for an ICMP
response. In the process it measures the time from transmission to reception
(round-trip time) and records any packet loss. The results of the test are
printed in the form of a statistical summary of the response packets received,
including the minimum, maximum, and the mean round-trip times, and sometimes
the standard deviation of the mean.
Depending on actual implementation, the ping utility may be
executed with various command-line switches to enable special operational
modes. For example, options include specifying the packet size of the probe,
automatic repeated operation for sending a specified count of probes, and time
stamping.
Many operating systems provide a companion utility, ping6,
for probing Internet Protocol version 6 (IPv6) hosts, but some systems may
include this capability in ping.
Ping may be abused as a simple form of denial-of-service
attack in the form of a ping flood, in which the attacker overwhelms the victim
with ICMP echo request packets.
History
The ping utility was authored by Mike Muuss in December 1983
as a tool to troubleshoot problems in an IP network. He was inspired by a
remark by David Mills on using ICMP echo packets for IP network diagnosis and
measurements. Mike named it after the sound that sonar makes, since its
methodology is similar to sonar's echo location.
Host discovery or ping scanning or ping sweep is a feature
of network scanning tools, such as nmap.
RFC 1122 prescribes that any host must process an
echo-request and issue an echo-reply in return This has been characterized as a
security risk.
Sample ping test
The following is the output of running ping with the target
www.example.com for five probes.
Syntax :Type ping
<hostname> or ping
<IP address>.
The utility summarizes its results after completing the ping
probes. The shortest round trip time was 9.674 ms, the average was 10.968 ms,
and the maximum value was 11.726 ms. The measurement had a standard deviation
of 0.748 ms.
Message format
ICMP packet
|
IP Datagram
|
||||
|
|
Bits 0–7
|
Bits 8–15
|
Bits 16–23
|
Bits 24–31
|
|
IP Header
(20 bytes) |
Version/IHL
|
Type of service
|
Length
|
|
|
Identification
|
flags and offset
|
|||
|
Time To Live (TTL)
|
Protocol
|
Checksum
|
||
|
Source IP address
|
||||
|
Destination IP address
|
||||
|
ICMP Header
(8 bytes) |
Type of message
|
Code
|
Checksum
|
|
|
Header Data
|
||||
|
ICMP Payload
(optional) |
Payload Data
|
|||
Generic composition of an ICMP 32-byte packet:[6]
·
IP Header
(in blue): Protocol set to 1 (ICMP) and
Type of Service set to 0.
·
ICMP
Header (in red): Type of ICMP message (8 bits)
Code (8 bits)
Checksum (16 bits),
calculated with the ICMP part of the packet (the IP header is not used). It is
the 16-bit one's complement of the one's complement sum of the ICMP message
starting with the Type field[7]
Header Data (32 bits)
field, which in this case (ICMP echo request and replies), will be composed
of identifier (16 bits) and sequence number (16 bits).
ICMP Payload
Payload for the different kind of answers; can be an
arbitrary length, left to implementation detail. However, the packet including
IP and ICMP headers must be less than the maximum transmission unit of the
network or risk being fragmented.
Data Transportation
Echo request
The echo request ("ping") is an ICMP message whose
data is expected to be received back in an echo reply ("pong"). The
host must respond to all echo requests with an echo reply containing the exact
data received in the request message.
|
00
|
01
|
02
|
03
|
04
|
05
|
06
|
07
|
08
|
09
|
10
|
11
|
12
|
13
|
14
|
15
|
16
|
17
|
18
|
19
|
20
|
21
|
22
|
23
|
24
|
25
|
26
|
27
|
28
|
29
|
30
|
31
|
|
Type = 8
|
Code = 0
|
Header Checksum
|
|||||||||||||||||||||||||||||
|
Identifier
|
Sequence Number
|
||||||||||||||||||||||||||||||
|
Data
|
|||||||||||||||||||||||||||||||
The Identifier and Sequence Number can be used by the client
to match the reply with the request that caused the reply. In practice, most
Linux systems use a unique identifier for every ping process, and sequence
number is an increasing number within that process. Windows uses a fixed
identifier, which varies between Windows versions, and a sequence number that
is only reset at boot time.
The data received in the Echo Request must be entirely
included in the Echo Reply.
Echo reply
The echo reply ("pong") is an ICMP message
generated in response to an echo request, and is mandatory for all hosts and
routers.
|
00
|
01
|
02
|
03
|
04
|
05
|
06
|
07
|
08
|
09
|
10
|
11
|
12
|
13
|
14
|
15
|
16
|
17
|
18
|
19
|
20
|
21
|
22
|
23
|
24
|
25
|
26
|
27
|
28
|
29
|
30
|
31
|
|
Type = 0
|
Code = 0
|
Header Checksum
|
|||||||||||||||||||||||||||||
|
Identifier
|
Sequence Number
|
||||||||||||||||||||||||||||||
|
Data
|
|||||||||||||||||||||||||||||||
Type and code must be set to 0.
The identifier and sequence number can be used by the client
to determine which echo requests are associated with the echo replies.
The data received in the echo request must be entirely
included in the echo reply.
Possible reply messages include the following:
H, !N, or !P – host, network or protocol unreachable
S – source route failed
F – fragmentation needed
U or !W – destination network/host unknown
I – source host is isolated
A – communication with destination network administratively
prohibited
Z – communication with destination host administratively
prohibited
Q – for this ToS the destination network is unreachable
T – for this ToS the destination host is unreachable
X – communication administratively prohibited
V – host precedence violation
C – precedence cutoff in effect.
No comments:
Post a Comment