ping

send ICMP ECHO_REQUEST packets to network hosts

Syntax:



ping [-dfnqRrv] [-c count] [-i wait]
     [-l preload] [-p pattern] [-s packetsize]

Options:

-c count
Stop after sending (and receiving) this many ECHO_RESPONSE packets.
-d
Set the SO_DEBUG option on the socket being used.
-f
Do a ``flood ping'': output packets either as fast as they come back or one hundred times per second, whichever is faster.

For every ECHO_REQUEST sent, a ``.'' is printed; for every ECHO_REPLY received, a backspace is printed. This quickly shows how many packets are being dropped.


Note: Only the superuser may use the -f option; it can be very hard on a network and should be used with caution.

-i wait
Wait this many seconds between sending each packet (default is one second). This option is incompatible with -f.
-l preload
Send this many packets as fast as possible before returning to normal behavior.
-n
Print numeric output only. No attempt will be made to look up symbolic names for host addresses.
-p pattern
Fill out the packet with this many ``pad'' bytes (maximum is 16). You should find this useful for diagnosing data-dependent problems in a network. For example, -p ff will cause the sent packet to be filled with ones.
-q
Be quiet: display nothing except for the summary lines at startup time and when finished.
-R
Record route.
-r
Bypass the normal routing tables and send directly to a host on an attached network. If the host isn't on a directly attached network, an error is returned. You can use this option to ``ping'' a local host through an interface that has no route through it (e.g. after the interface was dropped by routed).
-s packetsize
Send this many data bytes. The default is 56, which translates into 64 ICMP data bytes when combined with the 8 bytes of ICMP header data.
-v
Be verbose: other than ECHO_RESPONSE, list any ICMP packets received.

Description:

The ping utility uses the ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams, known as pings, have an IP and ICMP header, followed by a ``struct timeval'' and then an arbitrary number of ``pad'' bytes used to fill out the packet.

When using ping for isolating faults, you should first run it on the local host to verify that the local network interface is up and running. You should then ``ping'' hosts and gateways further and further away. Roundtrip times and packet-loss statistics are computed. If duplicate packets are received, they aren't included in the packet-loss calculation, although the roundtrip time of these packets is used in calculating the minimum/average/maximum roundtrip time numbers. When the specified number of packets has been sent (and received), or if you terminate ping with a SIGINT, a brief summary is displayed.


Note: The ping utility is intended for testing, measuring, and managing networks. Because of the load it can impose on the network, you shouldn't use ping during normal operations or from automated scripts.

ICMP packet details

An IP header without options is 20 bytes. An ICMP ECHO_REQUEST packet contains an additional 8 bytes worth of ICMP header followed by an arbitrary amount of data. (Specifying a packetsize via option -s determines the size of this extra piece of data; default is 56). Thus the amount of data received inside of an IP packet of type ICMP ECHO_REPLY is always 8 bytes more than the requested data space (the ICMP header).

If the size of the data space is at least 8 bytes, ping uses the first 8 bytes of this space to include a timestamp that it uses in the computation of round-trip times. If less than eight bytes of padding are specified (option -p), no roundtrip times are given.

Duplicate and damaged packets

The ping utility will report duplicate and damaged packets.

Although they should never happen, duplicate packets can occur in many situations and seem to be caused by inappropriate link-level retransmissions. While duplicates are rarely (if ever) a good sign, the presence of low levels of duplicates isn't always cause for alarm.

Damaged packets, on the other hand, are serious and often indicate malfunctioning hardware somewhere in the ping packet's path (in the network or in the hosts).

Trying different data patterns

The (inter)network layer should never treat packets according to the data contained in the data portion. Unfortunately, data-dependent problems have been known to sneak into networks and remain undetected for long periods of time. In many cases the particular pattern that will have problems is something that doesn't have sufficient ``transitions,'' such as all ones or all zeros, or a pattern right at the edge, such as almost all zeros. It isn't necessarily enough to specify a data pattern of all zeros, for example, on the command line because the pattern of interest is at the data-link level-the relationship between what you type and what the controllers transmit can be complicated.

So if you have a data-dependent problem, you'll probably have to do a lot of testing to find it. If you're lucky, you may manage to find a file that either can't be sent across your network or that takes much longer to transfer than other similar length files. You can then examine this file for repeated patterns that you can test using the -p option.

TTL details

The TTL value of an IP packet represents the maximum number of IP routers that the packet can go through before being thrown away. In current practice you can expect each router in the Internet to decrement the TTL field by exactly one. The TCP/IP specification states that the TTL field for TCP packets should be set to 60, but many systems use smaller values (4.3 BSD uses 30, 4.2 uses 15).

The maximum possible value of this field is 255, and most UNIX systems (including QNX) set the TTL field of ICMP ECHO_REQUEST packets to 255. Thus you'll find you can ``ping'' some hosts, but not reach them with telnet or ftp.

In normal operation, ping prints the ttl value from the packet it receives. When a remote system receives a ping packet, it can do one of three things with the TTL field in its response:

Caveats:

Flood pinging isn't recommended in general; flood pinging the broadcast address should be done only under very controlled conditions.

See also:

ifconfig, netstat, routed