Ping definition:

Ping is a computer network tool working at the application layer of the TCP/IP network architecture. It is used to test whether packets can reach a specific host over IP.

Ping sends an ICMP request echo packet to the target host and waits for the response packet to be received. The program estimates packet loss rate (packet loss rate) and Round trip delay time (network delay, round-trip delay time) based on the time and the number of successful responses.

ICMP Protocol Introduction

ICMP is the Internet Control packet protocol. When network packets are transmitted on complex networks, various problems often occur. When a problem is encountered, the specific cause is returned.

ICMP checks whether an IP packet is successfully sent to the destination address, and notifies the reason why an IP packet is discarded during sending.

ICMP packets are encapsulated in IP packets. An ICMP packet consists of an IP header, an ICMP header, and an ICMP packet. If the protocol field in the IP header is 1, it is an ICMP packet.

  • Type: a byte that identifies the type of ICMP packets. Different types have different codes. ICMP packets are classified into error packets and query packets.

  • Code: Identifies the detailed type of an ICMP message together with the type field.

  • Checksum: Checks whether errors occur during packet transmission. It is the same as the checksum in the IP header.

Querying the Packet Type

Ping is an ICMP protocol that proactively requests and receives an ICMP response. When ping initiates a Request command, it sends an ICMP Echo Request to the peer end. When the Request is replied, it is called ICMP Echo Reply. Compared with the original ICMP, it has two more fields, one identifier and one serial number. In addition, the ping command calculates the response time and TTL (lifetime) to calculate the return time, indicating the length of the distance.

Suppose we are in A subnet and host A’s IP address is 192.168.6.1 and host B’s IP address is 192.168.6.2. Ping 192.168.6.2 on host A

  1. When the ping command is executed, the source host constructs an ICMP request packet. There are two important fields, that is we said in front of the identifier and sequence number, the type of the field for request packet is 8 (loopback request), another is the serial number, to distinguish between continuous ping when multiple data packets, each sending a request packet, serial number will be automatically add 1, and will insert send time in the data section of the message.

  2. ICMP sends this packet along with 192.168.6.2 to the IP layer. The IP layer constructs an IP packet with 192.168.6.2 as the target address, the local IP address as the source address, and some control information

  3. Add the MAC address header and check whether the IP address is in a subnet. If yes, find the MAC address of IP address 192.168.6.2 in the ARP mapping table. If no, send ARP to query the MAC address and obtain the MAC address. Construct a data frame, attach some control information, according to the Ethernet media access rules, send the packet.

  4. 192.168.6.2 After receiving this data frame, check the MAC target address and compare it with the MAC address of the host. If the MAC address is consistent, accept it. If the MAC address is inconsistent, discard it. The IP packet is extracted from the frame and sent to the local IP layer. After the IP layer checks the frame, useful information is extracted and sent to the ICMP protocol.

  5. 192.168.6.2 After receiving the request packet, an ICMP reply packet is constructed. The type field of the reply packet is 0, and the sequence number is the serial number of the received request packet. The ICMP reply packet is sent to the host 192.168.6.1

  6. If the source host (192.168.6.1) does not receive an ICMP reply packet within the specified period, the destination host is unreachable. If the source host receives an ICM reply packet, the destination host is reachable. The current time is then checked minus the time when the data was originally sent from the source host, which is the time delay of the ICMP packet.

Note: There are many intermediate devices that forbid ping, not that the network is down. At this time we need to use other protocols to check whether the network is smooth, such as Telnet

Error message type

This is another ICMP packet type. There are five types of error packets. Destination unreachable, port unreachable, source suppression, timeout, parameter issues, route changes (redirection)

  1. Assume that send A mail to host A to host B, network transmission to go through A lot of router, if R1 after receiving mail, malfunctioned, don’t know what the next step to which the host routing device or equipment, this email also can’t reach the host B and the routing R1 will send packet discard and to host A send A destination unreachable message data. In this case, the type of the data packet is 3, indicating that it is an unreachable error.

  2. When the target system receives an IP packet for a service request that is unavailable locally, it returns an ICMP port unreachable message of type 3 to the source.

  3. Assume that send A video to host A to host B, host A transmission is very fast, host B receives the slow, may lead to data congestion on A device, the device cannot solve the congestion problem, will give the source host sends A source point suppress feedback message to the source host, told the source host data congestion in sending data will be lost, tell him slow to send data. The type is 4.

  4. When host A sends A data packet to host B, the packet has A TTL field on the network. If the packet does not pass any route, the TTL field decreases by 1. If the TTL field decreases by 1 after the router receives the packet, the TTL field becomes 0. The router discards the packet and sends an ICMP timeout packet of type 11 to host A.

  5. If some field values in the header of the datagram are incorrect, the router will discard the datagram and send a packet with parameter problems of type 12 to the source point.

  6. The router changes the route and sends the packet to the host so that the host knows to send the data packet to another router next time. The type is 5.

In addition, the ping tool uses ICMP, and Traceroute is also a network detection and tracking tool that uses ICMP. It mainly uses ICMP error packets and TTL, as described in the following details