ping & traceroute
ping
Ping is a network utility used to test connectivity between two devices on a network. It measures the round-trip time for messages sent from one host to another and determines if the target host is reachable.
How does ping Work?
ICMP Request: Ping sends an Internet Control Message Protocol (ICMP) Echo Request to the target device (host).
ICMP Reply: The target device responds with an ICMP Echo Reply.
Time Measurement: The time taken for the request to travel to the destination and the reply to come back is recorded. This round-trip time is typically displayed in milliseconds (ms).
Packet Loss: Ping checks if any packets are lost during transmission, providing a percentage of packet loss.
ICMP Brief
ICMP (Internet Control Message Protocol) is a network layer protocol used for error handling, diagnostics, and operational queries in IP networks.
ICMP Echo Request (Type 8): Sent by the source to the target device to check if it is reachable.
ICMP Echo Reply (Type 0): The response sent back by the target device upon receiving the Echo Request, indicating that the target is reachable.
How ICMP Echo Works Technically -
Packet Structure: The ICMP Echo Request packet includes a sequence number and an identifier. The reply mirrors this information, allowing the source to match requests with replies.
TTL (Time To Live): Each ICMP packet has a TTL value, which decreases as the packet traverses routers. If TTL reaches 0, the packet is discarded, helping avoid loops.
Checksum: ICMP uses a checksum to ensure data integrity. It validates the packet’s contents for errors.
Basic ping Commands
If we don't get any ping reply back
The destination computer is unresponsive (e.g., booting up, turned off, or OS crash).
The computer is unplugged from the network, or there's a faulty network device.
A firewall is blocking ICMP packets (either on the system or a network appliance).
The local system is unplugged from the network.
Windows machines don’t respond to ping by default because the Windows Firewall blocks ICMP Echo Requests (ping requests).
OS Identification
Each operating system sets a default Time To Live (TTL) value for outgoing packets. By examining the TTL in a ping reply, you can infer the operating system based on how much the TTL has decreased.
Example -
Linux/Unix: Typically starts with a TTL of 64.
Windows: Typically starts with a TTL of 128.
Cisco Routers: Start with a TTL of 255.
traceroute
Traceroute is a network diagnostic tool used to track the path packets take from a source system to a target host. It identifies the IP addresses of routers (hops) along the path and measures the time taken for the packets to travel through each router.
Process
Purpose: Finds the IP addresses of routers along the packet's path and measures the number of hops.
Dynamic Routing: The route can change due to routers adapting to network conditions using dynamic routing protocols.
OS Commands:
Linux/macOS:
traceroute MACHINE_IPWindows:
tracert MACHINE_IP
ICMP Use: Traceroute relies on ICMP packets and manipulates the Time To Live (TTL) value to "trick" routers into revealing their IP addresses.
TTL Mechanism:
TTL indicates the maximum number of hops a packet can traverse.
Each router decreases TTL by 1, and when it reaches 0, the router discards the packet and sends an ICMP Time Exceeded message back.
Traceroute Process:
Traceroute starts with TTL=1 and increases it with each packet.
Each router sends an ICMP Time Exceeded message when TTL reaches 0, revealing the router’s IP address.
The tool continues this process until the packet reaches the destination.
Multiple Packets: Traceroute sends multiple packets for each TTL value, often three, to account for varying routes or dropped packets.
Varying Routes: Routes may change between different traceroute runs, especially when crossing routers outside your network.
Partial Responses: Sometimes, not all ICMP replies are received, indicated by * in the output.
Basic traceroute Commands
Last updated
