Ping: is a computer network tool used to test whether a particular host is reachable across an IP network; it is also used to self test the network interface card of the computer, or as a speed test. It works by sending ICMP “echo request” packets to the target host and listening for ICMP “echo response” replies. Ping does not estimate the round-trip time, as it does not factor in the user's connection speed, but instead is used to record any packet loss, and print a statistical summary when finished.
The word ping is also frequently used as a verb or noun, where it is usually incorrectly used to refer to the round-trip time, or measuring the round-trip time.
History: Mike Muuss wrote the program in December, 1983, as a tool to troubleshoot odd behavior on an IP network. He named it after the pulses of sound made by a sonar, since its operation is analogous to active sonar in submarines, in which an operator issues a pulse of energy at the target, which then bounces from the target and is received by the operator. (The pulse of energy in sonar is analogous to a network packet in ping).
The usefulness of ping in assisting the "diagnosis" of Internet connectivity issues was impaired from late in 2003, when a number of Internet Service Providers began filtering out ICMP Type 8 (echo request) messages at their network boundaries.
This was partly due to the increasing use of ping for target reconnaissance, for example by Internet worms such as Welchia that flood the Internet with ping requests in order to locate new hosts to infect. Not only did the availability of ping responses leak information to an attacker, it added to the overall load on networks, causing problems for routers across the Internet.
Although RFC 1122 prescribes that any host must accept an echo-request and issue an echo-reply in return, this is supposedly a security risk, and thus this standard is frequently not followed on the public Internet.
ICMP packet
Generic composition of an ICMP packet
Header (in blue), with Protocol set to 1 and Type of Service set to 0.
Type of ICMP message (8 bits)
Code (8 bits)
Checksum (16 bits), calculated with the ICMP part of the packet (the header is not used)
The ICMP 'Quench' (32 bits) field, which in this case (ICMP echo request and replies), will be composed of identifier (16 bits) and sequence number (16 bits).
Data load for the different kind of answers (Can be an arbitrary length, left to implementation detail. However must be less than the maximum MTU of the network.
Sample with Windows
Windows appears not to inform the user about duplicated return packets.
Message format
Echo request
The echo request is an ICMP message whose data is expected to be received back in an echo reply ("pong"). The host must respond to all echo requests with an echo reply containing the exact data received in the request message.
Type must be set to 8.
Code must be set to 0.
The Identifier and Sequence Number can be used by the client to match the reply with the request that caused the reply. In practice, most Linux systems use a unique identifier for every ping process, and sequence number is an increasing number within that process. Windows uses a fixed identifier, which varies between Windows versions, and a sequence number that is only reset at boot time.
The data received by the Echo Request must be entirely included in the Echo Reply.
Echo reply
: The echo reply is an ICMP message generated in response to an echo request, and is mandatory for all hosts and routers.
Type and code must be set to 0.
The identifier and sequence number can be used by the client to determine which echo requests are associated with the echo replies.
The data received in the echo request must be entirely included in the echo reply.
Payload: The payload of the packet is generally filled with letters of the alphabet as this ASCII tcpdump shows
16:24:47.966461 IP (tos 0x0, ttl 128, id 15103, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.146.22 > 192.168.144.5: ICMP echo request, id 1, seq 38, length 40
References: Wikipedia
The word ping is also frequently used as a verb or noun, where it is usually incorrectly used to refer to the round-trip time, or measuring the round-trip time.
History: Mike Muuss wrote the program in December, 1983, as a tool to troubleshoot odd behavior on an IP network. He named it after the pulses of sound made by a sonar, since its operation is analogous to active sonar in submarines, in which an operator issues a pulse of energy at the target, which then bounces from the target and is received by the operator. (The pulse of energy in sonar is analogous to a network packet in ping).
The usefulness of ping in assisting the "diagnosis" of Internet connectivity issues was impaired from late in 2003, when a number of Internet Service Providers began filtering out ICMP Type 8 (echo request) messages at their network boundaries.
This was partly due to the increasing use of ping for target reconnaissance, for example by Internet worms such as Welchia that flood the Internet with ping requests in order to locate new hosts to infect. Not only did the availability of ping responses leak information to an attacker, it added to the overall load on networks, causing problems for routers across the Internet.
Although RFC 1122 prescribes that any host must accept an echo-request and issue an echo-reply in return, this is supposedly a security risk, and thus this standard is frequently not followed on the public Internet.
 | Click this bar to view the full image. |
ICMP packet
| Click this bar to view the full image. |
Generic composition of an ICMP packet
Header (in blue), with Protocol set to 1 and Type of Service set to 0.
Type of ICMP message (8 bits)
Code (8 bits)
Checksum (16 bits), calculated with the ICMP part of the packet (the header is not used)
The ICMP 'Quench' (32 bits) field, which in this case (ICMP echo request and replies), will be composed of identifier (16 bits) and sequence number (16 bits).
Data load for the different kind of answers (Can be an arbitrary length, left to implementation detail. However must be less than the maximum MTU of the network.
Sample with Windows
| Click this bar to view the full image. |
Windows appears not to inform the user about duplicated return packets.
Message format
Echo request
The echo request is an ICMP message whose data is expected to be received back in an echo reply ("pong"). The host must respond to all echo requests with an echo reply containing the exact data received in the request message.
| Click this bar to view the full image. |
Type must be set to 8.
Code must be set to 0.
The Identifier and Sequence Number can be used by the client to match the reply with the request that caused the reply. In practice, most Linux systems use a unique identifier for every ping process, and sequence number is an increasing number within that process. Windows uses a fixed identifier, which varies between Windows versions, and a sequence number that is only reset at boot time.
The data received by the Echo Request must be entirely included in the Echo Reply.
Echo reply
: The echo reply is an ICMP message generated in response to an echo request, and is mandatory for all hosts and routers.
| Click this bar to view the full image. |
Type and code must be set to 0.
The identifier and sequence number can be used by the client to determine which echo requests are associated with the echo replies.
The data received in the echo request must be entirely included in the echo reply.
Payload: The payload of the packet is generally filled with letters of the alphabet as this ASCII tcpdump shows
16:24:47.966461 IP (tos 0x0, ttl 128, id 15103, offset 0, flags [none], proto: ICMP (1), length: 60) 192.168.146.22 > 192.168.144.5: ICMP echo request, id 1, seq 38, length 40
| Click this bar to view the full image. |
References: Wikipedia
No comments:
Post a Comment