All you need to know about ping and ICMP

ICMP and ping tutorial, explaining how to use ICMP and ping to troubleshoot network issues

Share This Post

A true network engineer has several tools in his belt. Above all, the first tool you are going to use is ping. We are talking about a dramatically simple shell command that allows you to perform connectivity tests. Ping leverages ICMP packets to check if you can reach a host, and verify that this host is alive. Even if this technology is simple, in this article we are going to disclose all the details you need to know. After reading this article, you will know exactly how ping works. It is time to start!

ICMP Packet

When you issue a ping, you send an ICMP Request message to a target host. Based on the response you might eventually get, you know if that host is reachable.

ICMP is a stateless protocol directly encapsulated into IP, not using neither TCP nor UDP. Since its stateless nature, it can be compared to UDP in the way it works: no session establishment, no acknowledgments. Unlike transport layers protocol that uses application ports, ICMP does not use a port. Therefore, ICMP is a protocol working at the network layer, since it does not identify applications. Below, its header.

ICMP packet for ping
This is an example ICMP packet.

As from the picture, the header of ICMP packet is extremely simple. You can squeeze it into a 32 bits PDU! Moreover, this protocol doesn’t transport any data, making it very lightweight. Below, the description of the fields in the header.

  • Type – indicates the type of ICMP packet, or – in other words – its purpose
  • Code – adds details about the purpose of the packet, you can think of it like “sub-type”
  • Checksum – header checksum
  • Identifier, sequence number and rest of header – this varies depending on type and code fields

It would be confusing to present all different types and codes of ICMP packets right there. Instead, we will present them as we disclose the usage of ping and ICMP.

Ping: how to use ICMP

Ping for connectivity tests

The simplest thing you can do with ICMP is a connectivity test. You ping a destination IP address and see if it replies back. Just that simple. To do that, open your command prompt and type ping followed by the destination IP address. If DNS is working, you can also ping an FQDN (e.g. ping ictshore.com).

When doing so, you are using Type 8 and Code 0, which means Echo Request. If the host on the other end replies as we expect, we will see an interesting value, the TTL.

ICMP ping Time to Live (TTL)
Highlighted, the TTL for the replies.

From that output, we know that ictshore.com is reachable at the IP address of 50.87.248.237. Moreover, we can see the Time-to-live (TTL) too. This field is set in the IP packet when the target device replies. Then, each router in the path decreases this value. Unix/Linux systems start always with 64, while Windows-based systems starts always with 128. Since it is extremely unlikely to have more than 20 routers between two devices, we know that ictshore.com is a Linux-based device. Here’s what it looks like.

Router decrements TTL
Routers decrements TTL before forwarding it out to the next device.

The main purpose of TTL is to prevent loops. In fact, if a router receives a packet with a TTL of 0, it simply drops the packet. This way, any packet left looping in the network (bouncing from a router to another) will be suppressed after some time.

In case the target device is not responding, we won’t see any reply. Instead, we will see a “Request timeout” message.

Tuning ping on Microsoft Windows

Some people just ping, other people ping like experts. With this powerful tool, you can do a little bit more than testing connectivity. You can verify the stability of the line, gather statistics and retrieve FQDNs. Here’s the syntax you can use.

ping [-a] [-l size] [-t | -n count] destination-ip

The text between square brackets is optional (they are options indeed). Microsoft offers you several options, but these four options are the ones you want to use.

  • -a retrieves the FQDN of a device from the IP (this works only if a PTR DNS record is set, but why don’t give it a try?)
  • -l size set the size in bytes of the entire ICMP packet, filling it with useless content (padding). You can use this option to stress the link and see if it can handle your traffic. The default is 32 bytes.
  • -t repeat ping until you stop it by pressing Ctrl+C.
  • -n count repeat ping “count” times. Default is 4 times, cannot be used together with -t.

Interesting ICMP messages

ICMP is much more than a simple tool for connectivity tests. Some devices may generate ICMP packets under certain circumstances. Generally speaking, ICMP is sourced in the network when something is not going as it should. However, note that many network administrators disable this behavior because it can lead to security weaknesses. The table below presents the most interesting combination of Type and code and the related meeting.

TypeCodeDescription
00Echo reply
1-2AllReserved
30Destination network (subnet) unreachable
31Destination host unreachable
32Destination protocol unreachable
33Destination port unreachable (leveraged by traceroute)
34The path requires fragmentation, but the packet contains DF flag
313Communication administratively prohibited
50Redirect datagram for network
51Redirect datagram for host
ICMP Type and Code significant values

And that’s all! Now you know what ping and ICMP are, and – most importantly – you know how to use them!

Picture of Alessandro Maggio

Alessandro Maggio

Project manager, critical-thinker, passionate about networking & coding. I believe that time is the most precious resource we have, and that technology can help us not to waste it. I founded ICTShore.com with the same principle: I share what I learn so that you get value from it faster than I did.
Picture of Alessandro Maggio

Alessandro Maggio

Project manager, critical-thinker, passionate about networking & coding. I believe that time is the most precious resource we have, and that technology can help us not to waste it. I founded ICTShore.com with the same principle: I share what I learn so that you get value from it faster than I did.

Alessandro Maggio

2018-08-16T16:30:41+00:00

Unspecified

Networking

Unspecified