Ping Command explained
What is Ping (Packet Internet Gopher)
Ping (Packet Internet Gopher) is a computer network tool used to test whether a particular host (host is a computer connected to the Internet/Network) is reachable across an IP network. In short Ping tests the basic connectivity from your computer to the target computer
Mike Muuss wrote the program for Unix and later it was adapted in most of the operating systems. The famous program Trace rout is evolved from Ping.
How ping works
Ping works as it sends ICMP (Internet Control Message Protocol) echo requests to the target or Host and listening for ICMP echo response replies.
What is the output ping gives
Ping calculates the round trip time to send and receive data packets, is there any data packet loss and gives a statistical summary about the time.
How ping helps
Ping result allow as to decide, on which layer we should do the further testing Lower layer (Network layer) or upper layer (Application layer). If the ping gives the positive results we can ensure the problem is with the application layer and network connectivity is working fine.
Basic Format of Ping command
Basic format
ping [host] [packet size] [count]
[host] :- The host name or IP address of the remote host being tested.
[packet size] :- Defines the size in bytes of the test packets. This field is only required if the count field is going to be used. Default packet size is 56 bytes.
[count] :-The number of packets to be sent in the test. Default number is usually 5.
eg:- ping www.google.com -l 64 –n 5
Normal Ping options available on windows
| Option | Description |
| ping -t | Pings a device on the network until stopped |
| ping -a | Resolves addresses to hostnames |
| ping -n count | Specifies the number of echo requests to send |
| ping -r count | Records route for count hops |
| ping -s count | Timestamp for count hops |
| ping -w timeout | Timeout in milliseconds to wait for each reply |
IF you use ping with –t , use ^C to stop the action
Normal ping options available on Linux
ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] destination-list
| Option | Description |
| -t | Ping the specified host until interrupted. |
| -a | Resolve addresses to hostnames. |
| -n count | Number of echo requests to send. |
| -l size | Send buffer size. |
| -f | Set Don't Fragment flag in packet. |
| -i TTL | Time To Live. |
| -v TOS | Type Of Service. |
| -r count | Record route for count hops. |
| -s count | Timestamp for count hops. |
| -j host-list | Loose source route along host-list. |
| -k host-list | Strict source route along host-list. |
| -w timeout | Timeout in milliseconds to wait for each reply |
.
Interpreting Ping Results
This is how we can read the results shown above
Reply from 209.85.153.104: bytes=32 time=44ms TTL=245
Reply from :- 209.85.153.104 ((Host IP here Google)
bytes :- Number of Bytes send to the Host
time :- time taken for the round trip
TTL :- Packet life (Time-to-live (TTL) is a value in an Internet Protocol (IP) packet, which tells a network router how long the packet has been in the network, too long and should be discarded.)
Ping statistics for 209.85.153.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
It tells the number of packets sent to the host (echo requests) and packets received (echo response reply) and number of packets lost in transmission.
Approximate round trip times in mille-seconds:
Minimum = 44ms, Maximum = 45ms, Average = 44ms
Gives a statistical data about the time taken for the round trip .
Example for Ping with switches
We are going to issue following command ping -n 3 -l 64 www.google.com
Here switch -n specifies number of packets to be sent and -l specifies the size of the packet to be sent to the host
You can use switches before or after the host name/address.
Ping Error Messages
When a ping response is not successful you can get a variety of error replies. Here are the main error messages and what they mean.
TTL Expired in Transit :- The TTL value determines the maximum amount of time an IP packet may live in the network without reaching its destination. This message indicates that the TTL expired in transit that means number of required hops exceeds TTL. We can increase TTL by using the ping -i switch.
Destination Host Unreachable :- The host that you are trying to ping is down or is not existing on the network. A local or remote route does not exist for destination host.
Request Timed Out :- The ping command timed out because there was no reply from the host. No Echo Reply messages were received due to network traffic, failure of the ARP request packet filtering, or router error. Increase the wait time using the ping -w switch.
Unknown Host :- The IP Address or the Host Name does not exist in the network or the destination host name cannot be resolved. Verify name and availability of DNS servers
ICMP Packet
Below is the structure of an ICMP packet used in a ping
| Bytes | 0-7 | 8-15 | 16-23 | 24-31 | |
| IP header 20 Bytes | Identification | Flags and Offsets | |||
| TTL | Protocol | Check Sum | |||
| Source IP Address | |||||
| Destination IP Address | |||||
| ICMP Payload 8+ Bytes | Type of Message | Code | Checksum | ||
| Quench | |||||
| Data | |||||
ICMP Echo Request
Below is the structure of an ICMP echo request to host, identifier and sequence number is used to uniquely identify the packet.
| 0-7 Bytes | 8 – 15 Bytes | 16 – 31 Bytes |
| Type= 8 | Code=0 | Header Checksum |
| Identifier | Sequence Number | |
| Data | ||
Type =8 (Echo) and code =0 (Echo Request)
ICMP Echo Reply
Below is the structure of an ICMP echo reply to host, identifier and sequence number is used to determine the reply for which request.
| 0-7 Bytes | 8 -15 Bytes | 16 -31 Bytes |
| Type= 0 | Code=0 | Header Checksum |
| Identifier | Sequence Number | |
| Data | ||
Type =0 (Echo) and code =0 (Echo Reply)
The Other side of the ping
Ping is a very useful tool to detect the network issues, but unfortunately it is used as a harmful tool also. Following are few ways the tool is used for Cracking
ICMP packet magnification (or ICMP Smurf): An attacker sends forged ICMP echo packets to vulnerable networks' broadcast addresses. All the systems on those networks send ICMP echo replies to the victim, consuming the target system's available bandwidth and creating a denial of service (DoS) to legitimate traffic.
Ping of death: An attacker sends an ICMP echo request packet that's larger than the maximum IP packet size. Since the received ICMP echo request packet is larger than the normal IP packet size, it's fragmented. The target can't reassemble the packets, so the OS crashes or reboots.
ICMP flood attack: A broadcast storm of pings overwhelms the target system so it can't respond to legitimate traffic.
ICMP nuke attack: Nukes send a packet of information that the target OS can't handle, which causes the system to crash.
There are lot of sites blocks ping like Microsoft, Amazon etc. they have faced the DoS attacks from Crackers using ping
ICMP Code and Types explained
To understand more about the ICMP type and code please refer the table below
| ICMP code | ICMP code name | type code | type name | type description |
| 0 | echo | 0 | echo-reply | RFC 792 - for echo reply message |
| 3 | unreachable | 0 | net-unreachable | RFC 792 - net unreachable |
| 3 | unreachable | 1 | host-unreachable | RFC 792 - host unreachable |
| 3 | unreachable | 2 | protocol-unreachable | RFC 792 - protocol unreachable |
| 3 | unreachable | 3 | port-unreachable | RFC 792 - port unreachable |
| 3 | unreachable | 4 | fragmentation-df-set | RFC 792 - fragmentation needed and DF set |
| 3 | unreachable | 5 | source-route-failed | RFC 792 - source route failed |
| 3 | unreachable | 6 | dest-network-unknown | RFC 792 - Destination Network Unknown |
| 3 | unreachable | 7 | dest-port-unknown | RFC 792 - Destination Host Unknown |
| 3 | unreachable | 8 | source-host-isolated | RFC 792 - Source Host Isolated |
| 3 | unreachable | 9 | network-admin | RFC 792 - Communication with Destination Network is Administratively Prohibited Communication with Destination Network is Administratively Prohibited |
| 3 | unreachable | 10 | host-admin | RFC 792 - Communication with Destination Host is Administratively Prohibited |
| 3 | unreachable | 11 | network-service | RFC 792 - Destination Network Unreachable for Type of Service |
| 3 | unreachable | 12 | host-service | RFC 792 - Destination Host Unreachable for Type of Service |
| 3 | unreachable | 13 | com-admin-prohibited | RFC 1812 - Communication Administratively Prohibited - generated if a router cannot forward a packet due to administrative filtering |
| 3 | unreachable | 14 | host-precedence-violation | RFC 1812 - Host Precedence Violation. Sent by the first hop router to a host to indicate that a requested precedence is not permitted for the particular combination of source/destination host or network, upper layer protocol, and source/destination port |
| 3 | unreachable | 15 | precedence-cuttof-in-effect | RFC 1812 - Precedence cutoff in effect. The network operators have imposed a minimum level of precedence required for operation, the datagram was sent with a precedence below this level |
| 4 | quench | 0 | source-quench | RFC 792 - source quench (slow down!) |
| 5 | redirect | 0 | redirect-network | RFC 792 - Redirect datagrams for the Network (or subnet) |
| 5 | redirect | 1 | redirect-host | RFC 792 - Redirect datagrams for the Host |
| 5 | redirect | 2 | redirect-service-network | RFC 792 - Redirect datagrams for the Type of Service and Network |
| 5 | redirect | 3 | redirect-service-host | RFC 792 - Redirect datagrams for the Type of Service and Host |
| 6 | alternate | 0 | alternate-host-address | JBP - Alternate address for host |
| 8 | echo | 0 | echo-request | RFC 792 - for echo message |
| 9 | router | 0 | router-advertisement | RFC 1256 - Router advertisement |
| 10 | router | 0 | router-selection | RFC 1256 - Router selection |
| 11 | exceeded | 0 | ttl-exceeded | RFC 792 - time to live exceeded in transit |
| 11 | exceeded | 1 | fragment-reassembly-exceeded | RFC 792 - fragment reassembly time exceeded |
| 12 | error | 0 | pointer-error | RFC 792 - pointer indicates the error |
| 12 | error | 1 | missing-option | RFC 792 - Missing a Required Option |
| 12 | error | 2 | bad-length | RFC 792 - Bad Length |
| 13 | timestamp | 0 | timestamp-request | RFC 792 - for timestamp message |
| 14 | timestamp | 0 | timestamp-reply | RFC 792 - for timestamp reply message |
| 15 | information | 0 | info-request | RFC 792 - for information request message |
| 16 | information | 0 | info-reply | RFC 792 - for information reply message |
| 17 | mask | 0 | mask-request | RFC 950 - Address Mask Request |
| 18 | mask | 0 | mask-reply | RFC 950 - Address Mask Reply |
| 30 | traceroute | 0 | traceroute-forwarded | RFC 1393 - Traceroute - Outbound Packet successfully forwarded |
| 30 | traceroute | 1 | packet-discarded | RFC 1393 - traceroute - No route for Outbound Packet; packet discarded |
| 31 | datagram | 0 | datagram-conversion-error | RFC 1475 - Datagram Conversion Error |
| 32 | mobile | 0 | mobile-host-redirect | David Johnson - Mobile Host Redirect |
| 33 | ipv6-request | 0 | ipv6-where-are-you | Bill Simpson -IPv6 Where-Are-You |
| 34 | ipv6-reply | 0 | ipv6-here-I-am | Bill Simpson - IPv6 I-Am-Here |
| 35 | mobile | 0 | mobile-registration-request | Bill Simpson - Mobile Registration Request |
| 36 | mobile | 0 | mobile-registration-reply | Bill Simpson - Mobile Registration Reply |
| 37 | domain-name | 0 | domain-name-request | RFC 1788 - icmp domain name request |
| 38 | domain-name | 0 | domain-name-reply | RFC 1788 - icmp domain name reply |
| 40 | security | 0 | bad-spi | RFC 2521 - Bad SPI |
| 40 | security | 1 | authentication-failed | RFC 2521 - Authentication Failed |
| 40 | security | 2 | decompression-failed | RFC 2521 - Decompression Failed |
| 40 | security | 3 | decryption-failed | RFC 2521 - Decryption Failed |
| 40 | security | 4 | need-authentication | RFC 2521 - Need Authentication |
| 40 | security | 5 | need-authorization | RFC 2521 - Need Authorization |
This Post is available at www.dileepk.info
No comments:
Post a Comment