H-1. pingping is probably the most widely used tool for network troubleshooting. It uses ICMP packets to measure how long it takes to send a packet to a remote host and receive a response. ECHO_REQUEST and ECHO_REPLY are used by ping for this purpose. ECHO_REQUEST is used to indicate that a host requests an ICMP reply, and ECHO_REPLY is used to denote a reply to an ICMP request. In theory, all TCP/IP-based devices should respond to an ECHO_REQUEST. In practice, this is not always the case. ping can be viewed as a layer-three testing tool. If ping doesn't work, suspect layers three and below. If it does work, suspect layers four and higher. Note that some routers can be configured to block ICMP responses to ICMP packets, so be aware of this. Here are some general ping error messages you should know about, and an explanation of what they indicate:
Here is some ping output from Windows: C:\> ping www.yahoo.com Pinging www.yahoo.akadns.net [68.142.226.49] with 32 bytes of data: Reply from 68.142.226.49: bytes=32 time=34ms TTL=47 Reply from 68.142.226.49: bytes=32 time=26ms TTL=47 Reply from 68.142.226.49: bytes=32 time=29ms TTL=47 Reply from 68.142.226.49: bytes=32 time=27ms TTL=47 Ping statistics for 68.142.226.49: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 26ms, Maximum = 34ms, Average = 29ms The ping times look pretty good. Now look at the ping output from Unix: $ ping www.yahoo.com PING www.yahoo.akadns.net (68.142.226.46) 56(84) bytes of data. 64 bytes from p15.www.re2.yahoo.com (68.142.226.46): icmp_seq=1 ttl=52 time=18.7 ms 64 bytes from p15.www.re2.yahoo.com (68.142.226.46): icmp_seq=2 ttl=53 time=19.8 ms 64 bytes from p15.www.re2.yahoo.com (68.142.226.46): icmp_seq=3 ttl=53 time=19.3 ms 64 bytes from p15.www.re2.yahoo.com (68.142.226.46): icmp_seq=4 ttl=53 time=19.5 ms ^C --- www.yahoo.akadns.net ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3002ms rtt min/avg/max/mdev = 18.724/19.342/19.820/0.412 ms $ This set of ping times is higher than the one we saw from Windows. Could this be a problem? Not necessarily. It could be that someone was transferring a large file on the network when we decided to perform our test. Also, some network devices may place ICMP at a lower priority than other protocols, so the response you get may look delayed, but in reality, it was a victim of priority scheduling. You may be tempted to use the TTL to estimate hop counts, but it isn't an accurate measurement because it may be reset along the path to prevent routing loops. Finally, here are the basic steps for using ping to troubleshoot network problems:
|