Skip to content

Using ping for network troubleshooting

Ping which stands for Packet INetrnet Gropper, is a great utility when it comes to troubleshooting network issues. It is part of iputils package. It sends ICMP “echo request” packets to the target system and listen for “echo response” replies. Ping records the round-trip time and records any packet loss. It prints a summary at the end showing number of packets sent and received, percent packet loss and total time. It also prints out minimum, average, maximum and maximum deviation (standard deviation).

After the brief introduction, let’s dig into the nitty-gritty of ping

In its simplest and usual form, ping is used to to see if a host is alive.

We will ping www.google.com and analyze the output, so type

ping  www.google.com
PING www.l.google.com (64.233.169.103) 56(84) bytes of data.
64 bytes from yo-in-f103.google.com (64.233.169.103): icmp_seq=1 ttl=128 time=31.7 ms
64 bytes from yo-in-f103.google.com (64.233.169.103): icmp_seq=2 ttl=128 time=30.9 ms
64 bytes from yo-in-f103.google.com (64.233.169.103): icmp_seq=3 ttl=128 time=32.0 ms
64 bytes from yo-in-f103.google.com (64.233.169.103): icmp_seq=4 ttl=128 time=31.2 ms

— www.l.google.com ping statistics —
4 packets transmitted, 4 received, 0% packet loss, time 3001ms
rtt min/avg/max/mdev = 30.979/31.509/32.093/0.481 ms

Let’s see what we have from the output.

The first line shows that ping is sending ICMP “echo request” to the host www.l.google.com with an IP 64.233.169.103 with 56 bytes of data. This first line proves that our DNS resolution is working so ping can be used as a simple name resolution tool.

The second line states information about the echo response packet. It received 64 bytes (why 64 bytes while it said 56 bytes above? I will explain it later), name of the host with its IP the data was received from, icmp sequence number, time to live value and the the time duration between the packet was sent and then received. Important things to look for in these lines is sequence numbers which should increment by 1 if there are no packet loss and time where a higher value would indicate network latency.

At the end we have summary of pings performed. Here 4 packets were sent, 4 received with 0% packet loss. The whole process, from the time when I start ping to the point when I stopped it, took 3001 milliseconds.

Then we have minimum, average, maximum and standard deviation of round-trip traffic.

ICMP echo request and echo reply contains 8 byes worth of ICMP headers. That’s why we see 8 bytes more than the amount of data (default 56) we sent.

By default all Linux distributions continuously ping the target host until stopped with ctrl+c.

To send a limited number of pings, use -c (for count). The following will send 5 ICMP packets of type echo request

ping -c 5 www.google.com

By default ping waits one second between sending packet. It can be changed with –i (for interval) option. The following will wait 2 second before sending another packet.

ping –i 2 www.google.com

Interval can be made even smaller. For example, to wait half a second before sending a packet, use

ping -i .5 www.google.com

To change the default packet size of 56 bytes, use -s (for size) option. To send 168 bytes, use the following

ping -s 168 www.example.com
PING www.example.com (208.77.188.166) 168(196) bytes of data.
176 bytes from www.example.com (208.77.188.166): icmp_seq=1 ttl=128 time=93.6 ms
176 bytes from www.example.com (208.77.188.166): icmp_seq=2 ttl=128 time=94.3 ms
176 bytes from www.example.com (208.77.188.166): icmp_seq=3 ttl=128 time=95.1 ms

— www.example.com ping statistics —
3 packets transmitted, 3 received, 0% packet loss, time 2000ms
rtt min/avg/max/mdev = 93.667/94.391/95.167/0.708 ms

Notice the new size 176 bytes because of the addition of 8 bytes header data.

Maximum packet size is 65,535 bytes.

Be careful of sending very large packets to target host.

Different options can be combined as well. For example to send 3 packets of size 200 bytes with .5 sec interval, we would use

ping -i .5 -s 200 -c 3 www.example.com

Another option (can be dangerous) is –f (for flood). It sends a lot packets very fast. If interval is not given, it sets interval to zero and outputs packets as fast as they come back or one hundred times per second, whichever is more. Only the super-user may use this option with zero interval.

ping -f www.host.com

 

 

Share The Knowledge:
  • Print this article!
  • Digg
  • del.icio.us
  • Facebook
  • Google Bookmarks
  • blogmarks
  • Diigo
  • E-mail this story to a friend!
  • LinkedIn
  • Live
  • Reddit
  • StumbleUpon
  • Twitter
  • Blogosphere News
  • Identi.ca
  • Slashdot
  • Technorati

Posted in Centos, Debian, Fedora, Network, Red Hat, Ubuntu.

Tagged with , , , , , , .

2 comments

By amjad 2009/09/12

2 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

  1. Daniel says

    You also can use the command
    $ mtr http://www.google.com

    which is a combination of ping and traceroute

    ——————–
    Linux ubuntu

    2011/01/11, 6:17 am

Continuing the Discussion



Some HTML is OK

or, reply to this post via trackback.

« Backing up and restoring MySQL databases and tables Configuring Bind9 Domain name server on Centos or Red Hat »