PING (Packet InterNet Groper) is a utility
used for testing network connectivity between 2 systems. When we say system;
this could be anything like a normal PC, server, switch, router etc. and works
in Layer 3 of the OSI model.
Generally PING is used to verify if the
specified address is Active or not; it is also used for recording the
round-trip time and helps to record errors.
Here, we are going to review a few useful
ping commands and its applications.
The PING command transmits a message
through ICMP payload which encapsulates the IP header packet.
MTU: The largest number of bytes for packet
(IP header, protocol headers in TCP or UDP, data payload etc.) that can be
transmitted through the system. The headers can be combination of different
headers. Generally set to 1500 bytes which could be increased or decreased
depending upon the environment.
ICMP in the Data Link later would be having
an additional 14 bytes for the Ethernet header.
Now, let’s dig deeper into the ICMP types
and what it means.
As per RFC 792; below are the types of ICMP
and the codes used.
Code
|
Type
|
0
|
Echo Reply
|
3
|
Destination Unreachable
|
4
|
Source Quench
|
5
|
Redirect
|
8
|
Echo Request.
|
11
|
Time Exceeded
|
12
|
Parameter Problem
|
13
|
Timestamp
|
14
|
Timestamp Reply
|
15
|
Information Request
|
16
|
Information Reply
|
Below is a snippet of a ICMP-type 3 in Wireshark:
The below diagram basically shows that
representation of a client sending a ICMP Echo Request and a different client
sending the Echo Reply.
Now, this can be done by a simple PING.
The below image shows the PING to the
destination IP 10.1.1.190 which shows that the client is alive now.
Did you
notice that the response also contains the size and the TTL mentioned?
If you remember the first part of this
article; I have mentioned that PING can also record the round-trip time and the
errors.
Let’s take a closer look at this now.
The TTL is determined by the remote hosts.
Common default TTL values set :
· Router
- 255
· Windows
- 128
·
Linux-Mac - 64
If
you see the TTL for the above; it is showing as 63 which means that it crossed
1 network to get a response to you. In other words we can say that depending
on how many networks it crosses to get back to you, the TTL is deducted by a
value of 1. You can also perform a traceroute to confirm this.
Below
snippet would give you more clarity.
Both the IP’s shown below are the IP’s of 2 different devices in the same network:
Now,
let’s get back to my remote host server (linux)
10.1.1.190 traffic capture to have a better understanding about the packet frames.
10.1.1.190 traffic capture to have a better understanding about the packet frames.
Reply:
Below
is a table showing the length of the packet and how it got 74 bytes.
Ethernet Header
|
IP Header
|
ICMP Header
|
ICMP Payload Size
|
Total
|
14 bytes
|
20 bytes
|
8 bytes
|
32 (default size)
|
74 Bytes
|
Now,
that we have seen the packet frames of PING; we will move on to some ping
commands that may come handy.
1. Resolve IP to host name
(DNS resolution)
ping -a <IP address>
2. If you see the above
image; you can see the number of packets sent is 4 which is the default value.
If you want to specify the number of packets you can use the command:
ping -n<space> <number of
packets><space><Destination IP Address>
3. Similarly, we can set the
TTL value of the PING using the command shown below:
ping -i <TTL value
><space><Destination IP Address>
If you see the traffic capture you
can see the TTL as 12 below:
Do you have a question? Is it something like: “When I have mentioned 13 as the TTL; why does the TTL in traffic capture show as 12?”
Well,
I would recommend you start reading from the beginning 😊.
Now,
one other thing that you should know is no matter the request TTL is set to 13;
the response TTL always depends on the default settings.
4. Now, regarding the Payload of ICMP is set to
32 bytes by default. What if we need to
increase the payload size of ICMP? We can increase the Payload of ICMP as well.
It can be done by using the command:
ping -l
<space><value><space><Destination IP Address>
Now,
let’s look at the traffic capture with all the above commands:
Now, generally the network MTU is set to 1500 which in-turn means that the packet size it can handle 1500 bytes. If the size is more than it can relay the router would not allow to get this packet pass to the destination.
If
you enable the fragmentation; the packets with the same payload size would be
allowed. Here, the payload was set to 4086 bytes. The fragments is having an
addition of 8 bytes which is the ICMP header which makes it a total of 4096
bytes.
Let’s
look by disabling the fragmentation bit and pinging the destination.