PING(8) | System Manager's Manual | PING(8) |
ping
— send ICMP
ECHO_REQUEST packets to network hosts
ping |
[-aCDdfLnoPQqRrv ] [-c
count] [-E
policy] [-g
gateway] [-h
host] [-I
srcaddr] [-i
interval] [-l
preload] [-p
pattern] [-s
packetsize] [-T
ttl] [-t
tos] [-w
deadline] host |
ping
uses the ICMP protocol's mandatory
ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or
gateway. ECHO_REQUEST datagrams (``pings'') have an IP and ICMP header,
followed by a “struct timespec” and then an arbitrary number
of ``pad'' bytes used to fill out the packet. The options are as
follows:
-a
-C
-c
count-D
Don't Fragment
bit in the IP header. This
can be used to determine the path MTU.-d
SO_DEBUG
option on the socket being
used.-E
policy-P
in
KAME/FreeBSD and KAME/BSDI (as -P
was already
occupied in NetBSD).-f
-g
gateway-h
host-I
srcaddr-i
interval-L
-l
preloadping
sends that many packets as fast as possible
before falling into its normal mode of behavior. Only the super-user may
use this option.-n
-o
-P
-p
pattern-p ff
” will cause the sent
packet to be filled with all ones.-Q
-q
-R
-g
option. This is why it was necessary to invent
traceroute(8). Many
hosts ignore or discard this option.-r
-s
packetsize-T
ttl-t
tos-v
-w
deadlineWhen using ping
for fault isolation, it
should first be run on the local host, to verify that the local network
interface is up and running. Then, hosts and gateways further and further
away should be ``pinged''.
Round-trip times and packet loss statistics are computed. If duplicate packets are received, they are not included in the packet loss calculation, although the round trip time of these packets is used in calculating the minimum/average/maximum round-trip time numbers.
When the specified number of packets have been sent (and received)
or if the program is terminated with a SIGINT
, a
brief summary is displayed. The summary information can be displayed while
ping
is running by sending it a
SIGINFO
signal (see the “status”
argument for stty(1) for more
information).
ping
continually sends one datagram per
second, and prints one line of output for every ECHO_RESPONSE returned. On a
trusted system with IP Security Options enabled, if the network idiom is not
MONO, ping
also prints a second line containing the
hexadecimal representation of the IP security option in the ECHO_RESPONSE.
If the -c
count option is given, only that number of
requests is sent. No output is produced if there is no response. Round-trip
times and packet loss statistics are computed. If duplicate packets are
received, they are not included in the packet loss calculation, although the
round trip time of these packets is used in calculating the
minimum/average/maximum round-trip time numbers. When the specified number
of packets have been sent (and received) or if the program is terminated
with an interrupt (SIGINT), a brief summary is displayed. When not using the
-f
(flood) option, the first interrupt, usually
generated by control-C or DEL, causes ping
to wait
for its outstanding requests to return. It will wait no longer than the
longest round trip time encountered by previous, successful pings. The
second interrupt stops ping immediately.
This program is intended for use in network testing, measurement
and management. Because of the load it can impose on the network, it is
unwise to use ping
during normal operations or from
automated scripts.
An IP header without options is 20 bytes. An ICMP ECHO_REQUEST packet contains an additional 8 bytes worth of ICMP header followed by an arbitrary amount of data. When a packetsize is given, this indicated the size of this extra piece of data (the default is 56). Thus the amount of data received inside of an IP packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space (the ICMP header).
If the data space is at least sizeof(struct
timespec)
(16) large, ping
uses the first
sizeof(struct timespec)
bytes to include a timestamp
to compute round trip times. Otherwise if the data space is at least eight
bytes large (or the -C
flag is specified),
ping
uses the first eight bytes of this space to
include a timestamp to compute round trip times. If there are not enough
bytes of pad no round trip times are given.
ping
will report duplicate and damaged
packets. Duplicate packets should never occur, and seem to be caused by
inappropriate link-level retransmissions. Duplicates may occur in many
situations and are rarely (if ever) a good sign, although the presence of
low levels of duplicates may not always be cause for alarm.
Damaged packets are obviously serious cause for alarm and often
indicate broken hardware somewhere in the ping
packet's path (in the network or in the hosts).
The (inter)network layer should never treat packets differently depending on the data contained in the data portion. Unfortunately, data-dependent problems have been known to sneak into networks and remain undetected for long periods of time. In many cases the particular pattern that will have problems is something that doesn't have sufficient ``transitions'', such as all ones or all zeros, or a pattern right at the edge, such as almost all zeros. It isn't necessarily enough to specify a data pattern of all zeros (for example) on the command line because the pattern that is of interest is at the data link level, and the relationship between what you type and what the controllers transmit can be complicated.
This means that if you have a data-dependent problem you will
probably have to do a lot of testing to find it. If you are lucky, you may
manage to find a file that either can't be sent across your network or that
takes much longer to transfer than other similar length files. You can then
examine this file for repeated patterns that you can test using the
-p
option of ping
.
The TTL value of an IP packet represents the maximum number of IP routers that the packet can go through before being thrown away. In current practice you can expect each router in the Internet to decrement the TTL field by exactly one.
The TCP/IP specification states that the TTL field for TCP packets should be set to 60, but many systems use smaller values (4.3BSD uses 30, 4.2BSD used 15).
The maximum possible value of this field is 255, and most UNIX systems set the TTL field of ICMP ECHO_REQUEST packets to 255. This is why you will find you can ``ping'' some hosts, but not reach them with telnet(1) or ftp(1).
In normal operation ping prints the ttl value from the packet it receives. When a remote system receives a ping packet, it can do one of three things with the TTL field in its response:
ping
ing
host.ping
returns 0 on success (the host is
alive), and non-zero if the arguments are incorrect or the host is not
responding.
netstat(1), icmp(4), inet(4), ip(4), ifconfig(8), routed(8), spray(8), traceroute(8)
The ping
command appeared in
4.3BSD. IPsec support was added by WIDE/KAME
project.
Flood pinging is not recommended in general, and flood pinging a broadcast or multicast address should only be done under very controlled conditions.
The ping
program has evolved
differently under different operating systems, and in some cases the same
flag performs a different function under different operating systems. The
-t
flag conflicts with
FreeBSD. The -a
,
-c
, -I
,
-i
, -l
,
-P
, -p
,
-s
, and -t
flags conflict
with Solaris.
Some hosts and gateways ignore the RECORD_ROUTE option.
The maximum IP header length is too small for options like RECORD_ROUTE to be completely useful. There's not much that that can be done about this, however.
September 10, 2011 | NetBSD 10.99 |