Problem solve Get help with specific problems with your technologies, process and projects.

The ping command

The ping command
Craig Hunt

Many people use the ping command to test connectivity on a TCP/IP network, without knowing all that it can tell them. This tip, excerpted from TCP/IP Network Administration, Help for UNIX System Administrators, tells all about ping, how you use it, what you can learn from it, and how to interpret the info it gives you.

The basic format of the ping command on a Solaris system is:*

Ping host [packetsize] [count]

The hostname or IP address of the remote host being tested. Use the hostname or address provided by the user in a trouble report.
Defines the size in bytes of the test packets. This field is required only if the count field is going to be used. Use the default packetsize of 56 bytes.
The number of packets to be sent in the test. Use the count field, and set the value low. Otherwise, the ping command may continue to send test packets until you interrupt it, usually by pressing CTRL-C (^C). Sending excessive numbers of test packets is not a good use of network bandwidth and system resources. Usually five packets are sufficient for a test.
To check that can be reached from [your workstation], sent five 56-byte packets with the following command.

% ping -s 56 5
PING 56 data bytes
64 bytes from ( icmp_seq=0. time=32.0 ms
64 bytes from ( icmp_seq=1. time=15.3 ms
64 bytes from ( icmp_seq=2. time=13.1 ms
64 bytes from ( icmp_seq=3. time=32.4 ms
64 bytes from ( icmp_seq=4. time=28.1 ms PING Statisticss----
5 packets transmitted, 5 packets received, 0% packet loss
round-trip (ms) min/avg/max = 13.1/24.3/32.8
The -s option is included because [we are using] a Solaris workstation, and we want packet-by-packet statistics. Without the -s option Sun's ping command only prints a summary line saying " is alive." Other ping implementations [on a Windows workstation, e.g.] do not require the -s option; they display the statistics by default.

This test shows an extremely good wide area network link to with no packet loss and fast response. The round-trip between [the workstation] and took an average of only 24.3 milliseconds. A small packet loss, and a round-trip time an order of magnitude higher, would not be abnormal for a connection made across a wide-area network. The statistics displayed by the ping command can indicate a low-level network problem. The key statistics are:

  • The sequence in which the packets are arriving, as shown by the ICMP sequence number (icmp_seq) displayed for each packet.
  • How long it takes a packet to make the round trip, displayed in milliseconds after the string time=.
  • The percentage of packets lost, displayed in a summary line at the end of the ping output.
If the packet loss is high, the response time is very slow, or packets are arriving out of order, there could be a network hardware problem. If you see these conditions when communicating over great distances on a wide area network, there is nothing to worry about. TCP/IP was designed to deal with unreliable networks, and some wide area networks suffer a lot of packet loss. But if these problems are seen on a local area network, they indicate trouble.

On a local network cable segment, the round-trip time should be near 0, there should be little or no packet loss, and the packets should arrive in order. If these things are not true, there is a problem with the network hardware. On an Ethernet the problem could be improper cable termination, a bad cable segment, or a bad piece of "active" hardware, such as a hub, switch or transceiver. Check the cable with a cable tester. Good hubs and switches often have built-in diagnostic software that can be checked. Cheap hubs and transceivers may require the "brute force" method of disconnecting individual pieces of hardware until the problem goes away.

The results of a simple ping test, even if the ping is successful, can help you direct further testing toward the most likely causes of the problem. But other diagnostic tools are needed to examine the problem more closely and find the underlying cause.

*Check your system's documentation. ping varies slightly from system to system. On Linux, the format shown above would be: ping [-c count] [-s packetsize] host

To learn more about TCP/IP Network Administration, Help for UNIX System Administrators, or to buy this book, click here.

Did you like this tip? If you did (or if you didn't) then send us an email and let us know. Or visit our tips page where you can rate this, and other tips.

This was last published in February 2001

Dig Deeper on Network Security Monitoring and Analysis