Summary: One of the oldest diagnostic tools, ping simply validates connectivity from point A to point B and doing so provides additional useful information.
Sometimes when I search for solutions for my home networking problem, I frequently see some people suggesting that I ping my PC by IP and/or by computer name. What does PING command actually do? What's the point of using this command? How do we read and understand the results (sent, received, and lost) of the packets?
•
Ping is perhaps one of the oldest and most basic network diagnostic tools. In concept the tool is very, very simple: it sends out an "are you there?" kind of request, and expects to hear back a "yes, here I am!" kind of response.Very basic, very simple, and yet very powerful as a first line of network diagnosis.
•
The ping command runs in a Windows Command Shell (or a Linux/Mac/BSD/Solaris/etc. terminal window - it's a very ubiquitous command), and has a very basic syntax at it's core:ping domain_name
For example, if you open up a command window and type in "ping google.co.in", you'll see something like this:[C:\]ping google.co.in
Pinging google.co.in [209.85.231.104] with 32 bytes of data:
Reply from 209.85.231.104: bytes=32 time=111ms TTL=50
Reply from 209.85.231.104: bytes=32 time=101ms TTL=50
Reply from 209.85.231.104: bytes=32 time=96ms TTL=50
Reply from 209.85.231.104: bytes=32 time=99ms TTL=50
Ping statistics for 209.85.231.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 96ms, Maximum = 111ms, Average = 101ms
Pinging google.co.in [209.85.231.104] with 32 bytes of data:
Reply from 209.85.231.104: bytes=32 time=111ms TTL=50
Reply from 209.85.231.104: bytes=32 time=101ms TTL=50
Reply from 209.85.231.104: bytes=32 time=96ms TTL=50
Reply from 209.85.231.104: bytes=32 time=99ms TTL=50
Ping statistics for 209.85.231.104:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 96ms, Maximum = 111ms, Average = 101ms
"the tool is very, very simple: it sends out an 'are you there?' ... and expects to hear back a 'yes, here I am!'"
There's a lot of information here, and I'm not going to get into all the geeky details, but here are some of the basic, and important things that ping does:- "Pinging google.co.in [209.85.231.104]" - Ping only pings IP addresses so the first thing it did when I asked it to ping "google.co.in" is it looked up the corresponding IP address. This is perhaps one of the quickest ways I know of to determine the IP address associated with a domain. Also, if this look-up fails, you'll know that there's a typo in the domain name, or the domain name look-up (DNS) is failing for some reason.
- "Reply from 209.85.231.104:" - this tells you that the remote server at that IP address replied, obviously. What that means, though, is that the entire route across the internet, from your machine through routers and switches and networking equipment and whatever else, worked. As did the return path carrying the server's reply. If this fails, ("timed out") then something along the connection between you and the server might be broken, the server might be off line, or the server might not even exist. It's also possible that the server is explicitly configured not to respond to ping requests.
- "time=101ms" - this is the round trip time; the time between sending the "are you there?" and receiving the "yes I am!". In this case, 101 milliseconds. Since the ping is repeated several times you can see that this time is fairly consistent, which is good. The time will vary depending on many factors including how close you are to the remote server, how many routers and other networking equipment are in between you and that server, and more. In the example above, the ping was from me in the Seattle area to the google! server housed in India. A quick test of a ping to a server in Japan resulted in times twice as long.
- "Sent = 4, Received = 4" - one of the things that TCP/IP is designed to deal with is packet loss. Ideally, every packet you send should get to where it's going, but for various reasons that doesn't always happen. As long as the packets can get there after a retry or two, in normal usage you'd never notice. Ping sends multiple packets and reports specifically on the success rate, so that you can see if a particular connection is prone to packet loss.
- "Approximate round trip times" - while on average the same kind of packet sent to the same destination should take roughly the same amount of time, that's also not always the case. Sometimes for reasons as diverse as the equipment and paths that the packets take, some take longer than others. Ping reports these statistics so that you can see if a particular connection is prone to this type of problem.
There's one usage that is not intuitive, and yet something I use all the time. As you've seen above, ping can be used to quickly translate an domain name into its corresponding IP address (i.e. "google.co.in" into "72.3.133.152"), but it can also do the reverse:
[C:\]ping -a 72.3.133.152
Pinging pugetsoundsoftware.com [72.3.133.152] with 32 bytes of data:
Reply from 72.3.133.152: bytes=32 time=67ms TTL=47
...
Using the "-a" switch to ping, and giving it an IP address, ping does what's called a reverse lookup and displays a domain name that is assigned to that IP address. This is very handy at times since many IP addresses are also assigned fairly descriptive domain names.Pinging pugetsoundsoftware.com [72.3.133.152] with 32 bytes of data:
Reply from 72.3.133.152: bytes=32 time=67ms TTL=47
...
Note: in the example above you'll see I used the IP address for "advcomp.co.cc", and yet ping reported that IP as being "google.com". This is simply because any single IP address can be assigned any number of domain names, so ping just reports the first one it finds. For a more complete list of domain names associated with an IP address you'll need to use a service like MyIPNeighbors, which given an IP address will list the domains that share that IP address, and likely all reside on the same server.
Aside from a quick tool for DNS and reverse-DNS look-ups, ping is most commonly used simply to verify basic connectivity between two machines. The ping service is typically one of the first, and simplest services to be loaded onto a server, and runs independently of any other. It's not uncommon at all for a server who's websites are inaccessible because of a software problem to still respond to a ping. That typically helps determine that there's not a connectivity problem, but rather a problem on the server itself.
It's also worth noting that some servers actively disable responding to ping requests for assorted security related reasons. For example, even though the server is most definitely up and running, you typically cannot ping "microsoft.com", but on the other hand you can ping "google.com". In fact, pinging a site like "google.com" or "yahoo.com" is often a quick way to ensure that your own internet connection is, in fact, working.
No comments:
Post a Comment