Another interesting result from ping is round-trip time calculation. Measured in milliseconds, round-trip time indicates the delay between the sending of a ping request packet and the receipt of the corresponding response packet. The network delay or latency indicated by ping offers a good indicator of the responsiveness of network services on that remote host.

More of this Feature Part 1: Ping Basics Related Resources Ping Tool Directory IP Tutorials From Other Guides Hacker Tools Elsewhere on the Web RFC 792 - ICMP The Ping of Death

Multiplayer network gamers will be familiar with this statistic. Ping latency can dramatically affect the quality of play of Web-based games like Quake 3 and Unreal Tournament. In such environments, a latency of 100 milliseconds or less is most desirable but relatively difficult to achieve over dial-up connections; latency over 500 milliseconds can make one a sitting duck target!

Ping and Domain Names

When using host names with ping instead of IP addresses, one is relying on a network name service like DNS to translate that name into the address that ping eventually uses. However, name services can take time (anywhere from minutes to hours) to receive the latest addressing updates. Devices that use frequently-changing dynamic addresses (such as mobile computers that are occasionally-connected to the network) can be difficult to track via ping.

Internet Control Message Protocol - ICMP

ICMP was defined in the early 1980s and documented in RFC 792. ICMP travels on top of the IP layer and consists of a 4-byte header (including checksum) followed by data. Multiple ICMP message types exist to support ping requests (type 8 Echo Request) and replies.

Most operating systems include facilities for programming applications that can work with ICMP. Even though the interface is undocumented, Microsoft includes an ICMP.DLL with Windows.

TTL

Another important concept in ping is Time to Live or TTL. TTL prevents circular routing -- the condition where an ICMP packet bounces in an infinite loop among intermediate hosts. The mechanism counts intermediate hosts along the route from source to destination. Each time an IP device such as a router receives a ping packet, it decrements the TTL counter by one. Should the packet's TTL reach zero, the device discards the packet and ping will report the following result:

Reply from 192.168.0.1: TTL expired in transit

Successful pings will typically report the final TTL number. A ping that starts with a TTL of 128 and returns with a TTL of 49 (as illustrated earlier) means that 79 intermediate "hops" were traversed along the route. Routes with 50-100 hops are fairly common on today's Internet, but this number will usually be less than 10 for an intranet.

The So-Called "Ping of Death"

In 1996 and 1997, a common practice in the hacker community involved sending malicious ICMP packets to computers on the Internet with the intention of "crashing" them. This technique became known as the Ping of Death for its unpredictable consequences and its relatively high probability of success.

The technique only worked because many network operating systems at the time were not designed to handle these packets gracefully. Earlier versions of UNIX and Linux computers, Macintoshes, NetWare servers, and some Windows computers were all prone to attack. In a nutshell, the Ping of Death involved sending an unusually large ICMP request that created buffer overflow conditions on the remote computers. Such overflows could hang the computer's network applications, crash the operating system, or possibly create other undesirable effects.

Although developers quickly fixed the "holes," actually these operating systems were susceptible to other sources of buffer overflow besides ping. Effectively any oversized (larger than 64 kilobyte) IP packet -- TCP, UDP, ICMP, and others -- could do the trick; ping utilities merely happened to be more convenient way to generate them.

Custom Pingers

Standard and very functional ping utilities have existed for more than a decade, but these command line utilities lack appeal with the new generation of Net users raised on graphic user interfaces (GUIs). In response to the changing times, a slew of souped-up graphic ping tools have appeared as shareware and freeware programs in recent years.

Predominately for Windows clients, these tools augment the basic command utility with features like

• support for multiple concurrent targeting or subnet ping sweeps
• advanced result reporting and logging
• timed monitoring (periodic scheduling)
• integration of related features such as port monitoring and route tracing

Conclusion

If computer networking were like television viewing, ping would be comparable to 60 Minutes -- an old concept but still a very useful and respected program. In the past, only IT administrators and engineers used ping, but the new generation of Net gamers and network-savvy home users should become familiar with this utility too.

More Feature Articles