How the ping command works

Surely you have faced a situation when the Internet on your computer suddenly breaks, such behavior can be observed when using ADSL modems, long distance Wifi, GSM and other similar unreliable technologies. You can quickly find out if your computer has internet by using the ping utility.

However, the scope of its application is much wider, it is used by network administrators to check the availability of a remote node in the network, it is used in various scripts and many other places. In this article we will look at the ping command in Linux, we will talk about how to use the utility, how it works, we will look at its options and features.

How the command works

The ping utility is a simple network troubleshooting tool. It allows you to check whether a remote host is available or not and that's it. For this, the utility checks if the host can respond to network requests using ICMP protocol. Hopefully, I don't need to tell you that all data over the network is transmitted in the form of small packets. The program transmits a small packet of ICMP data and expects to receive a response packet back, if it does, the remote host is considered to be reachable. ICMP or Internet Control Message Protocol is an add-on to the IP protocol that is used to transmit service and error messages.

The ICMP protocol can only transmit two types of packets - error reporting messages and request messages. In turn, query messages are divided into:

Echo request message;

Next, let's understand what the ping command does. Once you have sent a ping request to a remote host, the utility sets a unique identifier for each packet, as well as the TTL and time the packet was sent. If the host is reachable, it sends a reply; based on the sending time, the utility can calculate the packet's round trip time. Then the next packet is sent. At the end, the total number of packets sent and received, loss percentage and other data are calculated.

Now we have a little bit of practice left. But before we get to practice let's look at the syntax of the command and its options. The syntax is quite simple:

The format of the ping command is very simple. You can pass either an ip address or a domain name as the node address. Options customize the behavior of the utility. Let's consider the main ones:

-4 - use only ipv4 (default);

-6 - use only ipv6;

-A - adaptive mode, the time between sending a packet is adapted to the time of packet transmission and reception, but not less than 200ms;

-b - allow ping of broadcast address;

-c - number of packets to send;

-D - output time as UNIX timestamp;

-f - flood mode, in this mode packets are transmitted without delay, can be used for DoS attacks on individual nodes. The number of dots the utility outputs indicates the number of lost packets;

-i - the interval in seconds between sending packets;

-I - use this network interface to send packets;

-l - overload mode, very many packets are sent and the system does not monitor the response packets;

-n - do not get domains for ip addresses;

-r - ignore routing tables and send the packet to the specified interface;

-s - size of one packet;

-t - set TTL manually;

-v - more detailed output.

Now that we've covered the basic parameters of the ping command and its syntax, it's time to practice, next we'll talk about how to ping a specific host in Linux.

How to use

To check the performance of the network is often used program ping any site that is always available, for example, google.com or even simpler and shorter ya.ru. You will only need to pass this address to the utility in the parameters, it will find the ip itself and do all the necessary things:

Each packet received a unique identifier icmp_seq, the number of nodes to the target node ttl and the time spent to deliver the packet time. To stop ping press the keyboard shortcut Ctrl+C. At the end the utility displays general statistics:

• packets transmitted - packets sent;
• received - packets received;
• packet loss - percentage of lost packets;
• time - total time of operation;
• rtt min/avg/max/mdev - minimum time/average time/maximum time/quadratic deviation.

If the ping command is not stopped, the packets can be sent for a very long time, it creates an additional load on the server and therefore is not desirable. You can limit the number of packets sent immediately in the command call by using the -c option:

Just as we ping for a domain, you can specify the ip address directly. This allows you to check if there is a network when DNS servers are misconfigured. For example:

The next type of sending ping messages, is ping flood. With the help of such packets you can perform load testing of the channel or even shut down the Internet connection on one of the machines. But these functions can only be used with superuser privileges. For