The ping command

The ping command
Craig Hunt

Many people use the ping command to test connectivity on a TCP/IP network, without knowing all that it can tell...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

them. This tip, excerpted from TCP/IP Network Administration, Help for UNIX System Administrators, tells all about ping, how you use it, what you can learn from it, and how to interpret the info it gives you.

The basic format of the ping command on a Solaris system is:*

Ping host [packetsize] [count]

host: The hostname or IP address of the remote host being tested. Use the hostname or address provided by the user in a trouble report.
packetsize: Defines the size in bytes of the test packets. This field is required only if the count field is going to be used. Use the default packetsize of 56 bytes.
Count: The number of packets to be sent in the test. Use the count field, and set the value low. Otherwise, the ping command may continue to send test packets until you interrupt it, usually by pressing CTRL-C (^C). Sending excessive numbers of test packets is not a good use of network bandwidth and system resources. Usually five packets are sufficient for a test.

To check that nx.uu.net can be reached from [your workstation], sent five 56-byte packets with the following command.

% ping -s ns.uu.net 56 5
PING ns.uu.net: 56 data bytes
64 bytes from ns.uu.net (137.39.1.3): icmp_seq=0. time=32.0 ms
64 bytes from ns.uu.net (137.39.1.3): icmp_seq=1. time=15.3 ms
64 bytes from ns.uu.net (137.39.1.3): icmp_seq=2. time=13.1 ms
64 bytes from ns.uu.net (137.39.1.3): icmp_seq=3. time=32.4 ms
64 bytes from ns.uu.net (137.39.1.3): icmp_seq=4. time=28.1 ms

----ns.uu.net PING Statisticss----
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms) min/avg/max = 13.1/24.3/32.8

The -s option is included because [we are using] a Solaris workstation, and we want packet-by-packet statistics. Without the -s option Sun's ping command only prints a summary line saying "ns.uu.net is alive." Other ping implementations [on a Windows workstation, e.g.] do not require the -s option; they display the statistics by default.

This test shows an extremely good wide area network link to ns.uu.net with no packet loss and fast response. The round-trip between [the workstation] and ns.uu.net took an average of only 24.3 milliseconds. A small packet loss, and a round-trip time an order of magnitude higher, would not be abnormal for a connection made across a wide-area network. The statistics displayed by the ping command can indicate a low-level network problem. The key statistics are:

The sequence in which the packets are arriving, as shown by the ICMP sequence number (icmp_seq) displayed for each packet.
How long it takes a packet to make the round trip, displayed in milliseconds after the string time=.
The percentage of packets lost, displayed in a summary line at the end of the ping output.

If the packet loss is high, the response time is very slow, or packets are arriving out of order, there could be a network hardware problem. If you see these conditions when communicating over great distances on a wide area network, there is nothing to worry about. TCP/IP was designed to deal with unreliable networks, and some wide area networks suffer a lot of packet loss. But if these problems are seen on a local area network, they indicate trouble.

On a local network cable segment, the round-trip time should be near 0, there should be little or no packet loss, and the packets should arrive in order. If these things are not true, there is a problem with the network hardware. On an Ethernet the problem could be improper cable termination, a bad cable segment, or a bad piece of "active" hardware, such as a hub, switch or transceiver. Check the cable with a cable tester. Good hubs and switches often have built-in diagnostic software that can be checked. Cheap hubs and transceivers may require the "brute force" method of disconnecting individual pieces of hardware until the problem goes away.

The results of a simple ping test, even if the ping is successful, can help you direct further testing toward the most likely causes of the problem. But other diagnostic tools are needed to examine the problem more closely and find the underlying cause.

*Check your system's documentation. ping varies slightly from system to system. On Linux, the format shown above would be: ping [-c count] [-s packetsize] host

To learn more about TCP/IP Network Administration, Help for UNIX System Administrators, or to buy this book, click here.

Did you like this tip? If you did (or if you didn't) then send us an email and let us know. Or visit our tips page where you can rate this, and other tips.

This was last published in February 2001

Dig Deeper on Network Security Monitoring and Analysis

All
News
Get Started
Evaluate
Manage
Problem Solve

Related Resources

Dig Deeper on Network Security Monitoring and Analysis

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.