"What are the Loose, Strict, Record, Timestamp, and Verbose options in the ping command for?"- I recently came across such a question in a vendor exam. They allow you to influence the routing of ICMP packets and collect information about transit L3 devices. But having been involved in network technologies for a long time, I almost never used them.
It became not entirely clear to me why such a question was even present in the test. When I returned home, I decided to find out if I really constantly lose sight of something important?
The ping utility is familiar to all of us. In addition to the standard "ping 8.8.8.8", you can use various options, among which are those of interest to us. Their name and description are approximately the same for vendors.
Of the most commonly used, I would note the following.
- Number of packets sent
Instead of a predetermined number of packets by default (for example, in Windows - four, in Cisco equipment - five), we can send the right one. This also includes the beloved “-t” option in Windows, which starts the endless sending of packets. - Source interface
First of all, it is relevant for network equipment. By default, when using the ping command, the device sends a packet with the address of the closest interface to the destination. In the case of testing NAT functions or checking VPN, it becomes necessary to send ICMP packets from another interface. Another classic example: how to prove to a colleague that he has a firewall enabled on the host, and not the network is buggy. We start ping from the network core without specifying the interface - it responds. With an indication of the nearest interface, it does not respond. - Setting the DF bit
A packet with the DF bit set (=1) cannot be fragmented. This option is useful for determining the maximum allowable frame size (MTU) between two points. Usually used in conjunction with the parameters below. - Package size
You can change the package size. Together with setting the DF bit, it helps in determining the MTU. We send a large packet - 1500 bytes. Doesn't pass. We send a little less - 1300. Passes. We send 1400. And so on. In general, the method of dichotomy and MTU is defined.
On Windows, we specify the size of the ICMP data segment of the packet. On Cisco devices, the IP packet size including headers. - Packet size variation within the specified range
For those who do not like the dichotomy method, this mode may come in handy. We specify the initial value of the packet size, the final value and the step. Next, the device sends packets, gradually increasing their size. The main thing is not to forget to set the DF-bit, otherwise everything is down the drain.
Loose, Strict, Record, Timestamp, Verbose options are included in the ping utility on many network devices. There is support in Windows.
Record (Record Route)
An ICMP packet with the Record option, when passing through L3 devices, records the IP addresses of outgoing interfaces. This is done both towards the destination and back. This is useful, for example, when diagnosing problems related to asynchronous routing. It turns out like traceroute, only better.
"Options"
I use the word "options" in two contexts: options in the ping command and options in the ICMP packet. In the case of ICMP, options are additional parameters that are set in the IPv4 header (hereinafter referred to as simply IP) in the Options field. Therefore, it is more correct, of course, to talk about IP options. ICMP just uses them in its work.
But it's too early to rejoice: the maximum number of entries is nine. Moreover, they include data about the IP addresses of devices both sides. This is due to the fact that information about IP addresses is not stored in the body of the packet, but in the header. The options field cannot be too large. It is limited to 40 bytes. We, in the end, need to drive payload data over the network, not headers. This volume fits only nine entries (4 bytes per IPv4 address). The remaining (40-4*9)=4 bytes go to mark the option type, length, and other attributes. Let me remind you that the maximum size of the entire IPv4 header is 60 bytes.
We start from a PC running Windows ping with the Record Route (-r) option to the address 192.168.36.2:
C:\Users\user>ping -n 1 -r 9 192.168.36.2
Packet exchange from 192.168.36.2 to 32 bytes of data: Reply from 192.168.36.2: number of bytes=32 time=12ms TTL=252 Route: 192.168.31.2 -> 192.168.32.2 -> 192.168.34.2 -> 192.168.35.2 -> 192.168.36.2 -> 192.168.35.1 -> 192.168.33.1 -> 192.168.31.1 -> 192.168.20.1 Ping stats for 192.168.36.2: Packets: sent = 1, received = 1, lost = 0 (0% loss) Estimated time round trip in ms: Minimum = 12ms, Maximum = 12ms, Average = 12ms
ICMP Echo Request packet with the Record Route (Type = 7) option set in the IP header:
ICMP Echo Request reaches the recipient. Along the way, addresses of transit devices are added to it. The receiver takes the completed IP header option fields, copies them into an ICMP Echo Reply, and sends them back. Until the ICMP Echo reply reaches the ping initiator, it will be overgrown with reverse route records.
In the ICMP Echo Reply that the PC receives, the Record Route option will already be filled in:
You can see that asymmetric routing takes place in our network.
An example of ping with the Record option on Cisco network equipment.
R1#ping Protocol : Target IP address: 192.168.36.2 Repeat count : 1 Datagram size : Timeout in seconds : Extended commands [n]: y Source address or interface: Type of service : Set DF bit in IP header? : Validate reply data? : Data pattern : Loose, Strict, Record, Timestamp, Verbose: R Number of hops [ 9 ]: Loose, Strict, Record, Timestamp, Verbose: Sweep range of sizes [n]: Type escape sequence to abort. Sending 1, 100-byte ICMP Echos to 192.168.36.2, timeout is 2 seconds: Packet sent with a source address of 192.168.20.1 Packet has IP options: Total option bytes= 39, padded length=40 Record route:<*>(0.0.0.0) (0.0.0.0) (0.0.0.0) (0.0.0.0) (0.0.0.0) (0.0.0.0) (0.0.0.0) (0.0.0.0) (0.0.0.0) Reply to request 0 ( 3ms). Received packet has options Total option bytes= 40, padded length=40 33.1) (192.168.31.1) (192.168.31.2)<*>End of list Success rate is 100 percent (1/1), round-trip min/avg/max = 3/3/3 ms
Timestamp
When an ICMP packet with the Timestamp option passes through an L3 device, it writes a timestamp to the device with the current time. The operation scheme is similar to the Record option, only the time is put instead of the address. As in the previous case, the package can contain only nine time records (for Windows OS - four, since in addition to the timestamp, the device's IP address is added).
The time in the packet is in UNIX time format. Data analysis makes at least some sense if all devices are time synchronized (this is not the case in our example).
An example of ping with the Timestamp (-s) option on a Windows PC.
C:\Users\user>ping -n 1 -s 4 192.168.36.2 Packet exchange from 192.168.36.2 with 32 data bytes: Reply from 192.168.36.2: number of bytes=32 time=4ms TTL=252 Timestamp: 192.168. 31.2: 43990397 -> 192.168.32.2: 43990389 -> 192.168.34.2: 2187294073 -> 192.168.35.2: 2190888543 Ping stats for 192.168.36.2: Packets: Sent = 1, Received = 0, Approximate Lost = 0 round-trip time in ms: Minimum = 4ms, Maximum = 4ms, Average = 4ms
Strict (Strict Source Route)
When using this option, a list of IP addresses of L3 devices is specified, through which the ICMP packet must pass. And exactly in the order that we indicated. Records, by tradition, a maximum of nine.
The option works simply: on each hop, the destination IP address is changed to the address that we specified when running the ping utility.
All addresses are stored in the IP header of our ICMP packet. Therefore, each transit device can spy on them. This scheme allows you to bypass the current routing rules on each device, since in fact we have a packet forwarding to a neighboring device.
In our scheme, R2 has a route to the network 192.168.36.0/24 through R3. But since we have hardcoded devices in the ICMP packet options, R2 will pass it directly to R4.
We launch the ping utility with the -k (Strict Source Route) option in Windows and write the device addresses.
C:\Users\user>ping –n 1 -k 192.168.20.1 192.168.31.1 192.168.33.1 192.168.35.1 192.168.36.2
Packet exchange from 192.168.36.2 to 32 bytes of data: Reply from 192.168.36.2: number of bytes=32 time=5ms TTL=252 Route: 192.168.35.1 -> 192.168.33.1 -> 192.168.31.1 -> 192.168.20.1 Ping statistics for 192.168.36.2: Packets: sent = 1, received = 1, lost = 0 (0% loss) Approximate round trip time in ms: Minimum = 5ms, Maximum = 5ms, Average = 5ms
An ICMP Echo Request packet with the Strict Source Route (Type = 137) option set in the IP header on our PC looks like this:
The PC substituted 192.168.20.1 as the destination address. The remaining addresses of transit devices were safely packed into the fields of the IP option (Source Route records). Added the address of the end device to the Destination entry.
The same packet, after it passes R1:
The sender's IP address remained unchanged. The recipient's IP address has changed to a new one - 192.168.31.1. This value is taken from the Source Route field when the ICMP packet first arrived on R1.
It is important to note that R1 added a new entry to the options field - Recorded Route. The IP address of interface R1 is substituted there. This field is required for the response packet (ICMP Echo reply) to return along the same route as the ICMP Echo request. Other devices will do the same. Therefore, when an ICMP packet hits R5, the Strict Source Route option will contain a list of IP addresses of interests through which the response packet must pass.
ICMP Echo reply received by PC:
The Recorded Route field is rewritten as the ICMP Echo reply packet passes, since it always contains the outgoing interface address for the current packet. So R1, when it receives an ICMP Echo reply, will replace 192.168.31.2 with 192.168.20.1.
If we omit one of the addresses in the ping command, for example, the last one (192.168.35.1 - R5), R4 will have to send the packet immediately to the device with the address 192.168.36.2. But since this network is not local to him, R4 will report that the specified node is unreachable. It will not route the packet according to the usual rules.
To process the Record option, the source routing mode must be enabled on the network equipment. For example, on Cisco equipment it is enabled by default.
Loose (Loose Source Route)
This option is essentially very similar to the Strict option. But, unlike Strict, the Loose option does not specify a hard route for the ICMP packet, but only selective devices. Those. the packet can be routed by other devices as well. The maximum number of addresses is nine.
The scheme of work is similar to the previous case. The difference is that a packet with the Loose option can be routed by transit devices according to the usual rules.
We launch the ping utility with the -j (Loose Source Route) option in Windows and write down the device addresses.
C:\Users\user>ping -n 1 -j 192.168.32.1 192.168.36.2
Packet exchange from 192.168.36.2 to 32 bytes of data: Reply from 192.168.36.2: number of bytes=32 time=4ms TTL=250 Path: 192.168.32.1 Ping statistics for 192.168.36.2: Packets: sent = 1, received = 1, lost = 0 (0% loss) Approximate round-trip time in ms: Minimum = 4ms, Maximum = 4ms, Average = 4ms
An ICMP Echo Request packet with the Loose Source Route (Type = 131) option set in the IP header on our PC looks like this:
The PC has substituted the address R3 (192.168.32.1) as the recipient. At the same time, the address of the R5 end device (192.168.36.2) was specified in the IP option (Destination entry). Further, the packet is routed in the network according to the usual rules until it reaches R3. R3 will substitute the address of R5 as the destination address and in the options will prescribe its address, through which the response packet will have to return (Recorded Route entry). Then it will send it to the network.
The response packet ICMP Echo reply is not of particular interest, since it is similar to those previously considered. The options will contain the address of the outgoing R3 interface (Recorded Route entry) through which the packet passed.
This option is activated automatically when you select any of the previously described. Provides a more detailed display of information on the screen. It does not affect the ICMP packet itself. On Windows, there is no such option in the ping command.
In order for us to take advantage of these options, the intermediate hardware must support them. There will be no problems with this. It is not necessary to attribute all this “rocket science” to the innovations of the IT world. The conclusion suggests itself: the options Loose, Strict, Record, Timestamp can be useful, even with the limit of "nine". If not for the following nuances related to security.
First. The Record and Timestamp options can be safely used for network reconnaissance. With their help, you can explore the network topology, get fingerprints, by which you can determine the OS and type of device through which the packet with these options passed.
Second. The Loose and Strict options allow you to control the flow of the packet, ignoring the standard routing rules. This provides ample opportunities for attempts to penetrate into various segments of the network, where in the case of normal routing, access should not be. It is also possible to conduct reconnaissance to analyze the network topology. Carrying out attacks to utilize bandwidth on certain network segments. There are many options.
Third. Part of the network equipment processes packets with installed options programmatically at the control-plane level (without using various traffic routing optimization schemes), which certainly loads the CPU. This means that it is possible to carry out a DoS attack on such a device.
Many vendors (there is even a separate RFC 7126) recommend that packages with the specified options not be processed in any way. Various options are offered. Up to discarding such packets. True, some of the manufacturers have dissonances: on the one hand, we recommend discarding such packages, on the other hand, “Record is a very useful option”.
A quick attempt to test compliance with these recommendations with a couple of Internet service providers showed that some of the options still work. But source routing is disabled everywhere.
It turns out an interesting conclusion. The Loose, Strict, Timestamp, Record options can be useful in diagnosing network problems. But the question of safety levels it.
In the end, I still have a feeling of incomprehension. Why was the question voiced at the beginning present in the test? The Record option is relatively useful, and even then with a small network depth. Other options are questionable.
Finally, a little poll. Have a nice day, everyone!
Only registered users can participate in the survey. Come in, please.
The ping command is used to make sure that a computer can communicate with the network and the resources within it. Ping works by sending echo request messages over the ICMP protocol ( Internet Control Message Protocol) and waiting for a response. It allows you to find out how many responses were received, and how long it took:
Ping Command Syntax
ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [-w timeout] [- R] [-S srcaddr] [-p] [-4] [-6] target
T = This option will ping the target device until you force the request to stop with the Ctrl+C keyboard shortcut.
A = will query the hostname of the target IP address.
N number = specifies the number of ICMP messages to be sent. If you run the ping command without specifying this parameter, 4 requests will be sent by default.
L size = sets the size of the echo request packet (from 32 to 65,527 ). Without this option, ping sends 32-byte echo requests.
F = prevents fragmentation of echo requests by routers in the chain between you and the target device. The -f option is often used to debug PMTU related problems ( Path Maximum Transmission Unit).
I TTL = sets the TTL duration ( Time to Live), which has a maximum value of 255 .
V TOS = sets the value of TOS ( Type of Service). The option does not work on Windows 7 and above.
R number = This option for the ping command should be used to specify the number of hops between you and the target computer that you want to record and output. The maximum value is 9 , so if you're interested in knowing the exact number of links between two devices, it's best to use tracert .
S number = Internet Timestamp time for each echo request to be received and sent. The maximum value here is 4 , which means that only the first 4 transitions can be captured.
W timeout = timeout values in milliseconds during which ping will wait for each response. If you do not use the -w option, then the default timeout will be 4000 milliseconds ( 4 seconds).
R = use header to check reverse route as well.
S srcaddr = source address to use.
P = used to check address status Hyper-V Network Virtualization.
4 = Check connection status for IPv4 only. This is required when the target only has a hostname and an unknown IP address.
6 = Force an IPv6 connection status check. This is necessary when only the hostname is known.
target (target) = the remote device whose status you want to check. This can be either an IP or a hostname.
/? = displays help about all available options for the ping command.
Note: -f , -v , -r , -s , -j , and -k only work when checking the status of IPv4 addresses. The -R and -S options only work with the IPv6 protocol.
The description of the ping command also includes less popular options: [-j host-list] , [-k host-list] , and [-c compartment] . For more information about them, use the /? .
Ping Command Examples
ping -n 5 -l 1500 www.google.com
This example uses the ping command to check the status of the www.google.com host. The -n option tells ping to send five ICMP echo requests instead of the standard four, and the -l option sets the packet size per request to 1500 bytes instead of the default 32 bytes. With such a query, you will get the following result:
Pinging www.google.com with 1500 bytes of data: Reply from 74.125.224.82: bytes=1500 time=68ms TTL=52 Reply from 74.125.224.82: bytes=1500 time=68ms TTL=52 Reply from 74.125.224.82: bytes= 1500 time=65ms TTL=52 Reply from 74.125.224.82: bytes=1500 time=66ms TTL=52 Reply from 74.125.224.82: bytes=1500 time=70ms TTL=52 Ping statistics for 74.125.224.82: Packets: Sent = 5, Received = 5, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 65ms, Maximum = 70ms, Average = 67ms
The 0% loss item in the 74.125.224.82 status check statistic indicates that all echo requests sent to www.google.com were returned. This means that as long as the network is active, you can interact with the Google site without any problems.
This example of using the ping command in cmd checks the status of 127.0.0.1 , which is also known as the localhost IP address in IPv4.
Ping 127.0.0.1 is a great way to test that all Windows features are working. But using this request will not be able to find out about the state of your own or a remote computer. There is also an IPv6 version of this check - ping::1 .
ping -a 192.168.1.22
In this example, we are trying to find out the hostname associated with the IP address 192.168.1.22 . In this case, the check should be carried out in the normal mode, even if the host name cannot be found out.
Pinging J3RTY22 with 32 bytes of data: Reply from 192.168.1.22: bytes=32 time<1ms TTL=64 Reply from 192.168.1.22: bytes=32 time<1ms TTL=64 Reply from 192.168.1.22: bytes=32 time=1ms TTL=64 Reply from 192.168.1.22: bytes=32 time<1ms TTL=64 Ping statistics for 192.168.1.22: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms
As you can see from the example above, the Windows 7 ping command determined the IP address to be checked as the host name J3RTY22 and then performed a status check with default settings.
ping -t -6 SERVER
In this example, we use the -6 option to force the use of IPv6 and then proceed to endlessly check the status of SERVER ( with the -t option).
Pinging SERVER with 32 bytes of data: Reply from fe80::fd1a:3327:2937:7df3%10: time=1ms Reply from fe80::fd1a:3327:2937:7df3%10: time<1ms Reply from fe80::fd1a:3327:2937:7df3%10: time<1ms Reply from fe80::fd1a:3327:2937:7df3%10: time<1ms Reply from fe80::fd1a:3327:2937:7df3%10: time<1ms Reply from fe80::fd1a:3327:2937:7df3%10: time<1ms Reply from fe80::fd1a:3327:2937:7df3%10: time<1ms Ping statistics for fe80::fd1a:3327:2937:7df3%10: Packets: Sent = 7, Received = 7, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 0ms, Maximum = 1ms, Average = 0ms Control-C ^C
After seven replies received, we deliberately aborted the status check. Remember how to stop the ping command? With Ctrl+C . Also -6 led to the use of IPv6 addresses.
Tip: The number after the % sign in the responses generated in this example indicates the IPv6 Zone ID, which identifies the network gateway being used. You can generate a table from Zone IDs that match the name of your network gateway using netsh interface ipv6 show interface. The IPv6 Zone ID is displayed as a number in the Idx column.
Ping command support
The ping command is supported on the command line of Windows 10, Windows 8, Windows 7, Windows Vista, and Windows XP, as well as Windows 98 and 95.
Command PING it is perhaps the most used command line network utility. PING is present in all versions of all network-enabled operating systems and is a simple and convenient means of querying a host by name or its IP address.
A special control message protocol is used to exchange service and diagnostic information on the network. ICMP(Internet Control Message Protocol). Command ping allows you to send a control message like echo request(type is 8 and is indicated in the ICMP message header) to the addressed node and interpret the response received from it in a form convenient for analysis. The data field of the sent icmp packet usually contains English characters. In response to such a request, the polled node should send an icmp packet with the same data that was received and the message type echo reply(the type code in the ICMP header is 0) . If there is a problem with icmp messaging, the ping utility will display information to help diagnose the problem.
Command line format:
Ping [-t] [-a] [-n number] [-l size] [-f] [-i TTL] [-v TOS] [-r number] [-s number] [[-j Nodelist] | [-k Nodelist]] [-w timeout] endName
Parameters:
-t- Continuous sending of packets. Keyboard shortcuts are used to complete and display statistics Ctrl+Break(statistics output and continued), and ctrl+c(output of statistics and completion).
-a- Determination of addresses by hostnames.
-n number- The number of echo requests to send.
-l size- The size of the data field in bytes of the request being sent.
-f- Setting a flag that prohibits packet fragmentation.
-iTTL- Setting the lifetime of the package ("Time To Live" field).
-v TOS- Setting the type of service ("Type Of Service" field).
-r number- Record the route for the specified number of transitions.
-s number- Timestamp for the specified number of transitions.
-j List of Nodes- Free choice of route according to the list of nodes.
-k list of nodes- Rigid route selection based on the list of nodes.
-w timeout- The maximum time to wait for each response in milliseconds.
Examples of using:
ping google.com- echo request to the node with the name google.com with default parameters - the number of packets is 4, the length of the data array = 32 bytes.
ping-6 ya.ru- node ping ya.ru using IPv6 protocol
ping -a 192.168.1.50- perform a ping with the definition of the name of the host node by its address.
ping -s 192.168.0.1computer- node ping computer from source 192.168.0.1. Used when the computer has multiple network interfaces.
ping w 5000- ping with a waiting timeout of 5 seconds (default - 4 seconds).
ping -n 5000 -l 1000 site- node poll website 5000 times, in 1000byte data packets. The allowed maximum data length is 65500.
ping -n 1 -l 3000 -f ya.ru- ping with packet fragmentation prohibited.
ping -n 1-r 3- send 1 echo request per node ya.ru with display of the first 3 transitions along the route.
ping -i 5 ya.ru- ping with time to live TTL=5. If more hops are required to reach the destination node, then the router that aborted the delivery will respond with the message “TTL exceeded while transmitting the packet.”
A generalized scheme for connecting a computer (tablet, laptop, home network) to a remote end node can be represented as follows:
The most common network with IP addresses 192.168.1.0 /255.255.255.0 is used as the home network. We are talking about IPv4 - IP protocol version 4, where 4 bytes are used for addressing. IP addresses are usually represented as decimal byte values separated by dots. Each device on the network must have its own unique address. In addition to the address, network settings use mask network (subnet mask). The mask has the same presentation format as the address. The combination of the address and the mask defines the range of addresses that belong to the local network - 192.168.1.0-192.168.1.255. The first and last addresses of the range are not assigned to individual network devices because they are used as the network address and broadcast address. Usually the router address is set to 192.168.1.1 or 192.168.1.254. This is not a mandatory standard, but is used quite often in practice. The 1 bits of the mask determine the constant part of the network IP address, and the zero bits are allocated to individual hosts. Meaning 255 is a byte with bits set to one. The netmask serves as a means of determining the range of IP addresses that belong to the local network. Devices with these addresses are reachable locally, without using routing. Routing is a way of exchanging data with network devices that do not belong to a given local network through a special device - router(router, router). Routers are specialized computers with several network interfaces and specialized software that forwards IP packets between the sender and recipient located on different networks. Multiple routers may be involved in this forwarding, depending on the complexity of the route. A home router is the simplest type of router that forwards packets destined for external networks to the next router on the route in the provider's network. The next router checks the reachability of the destination host address locally and either forwards the data to it or passes it on to the next router according to the routing table. This happens until the data reaches the recipient or the packet lifetime expires.
The PING command can be used to diagnose individual hosts:
ping 127.0.0.1 is a ping of the loopback interface. Should run without errors if the network software components are installed and in a healthy state.
ping your IP or name- ping to your own address or name. Should complete without error if all IP software is installed and the network adapter is healthy.
ping router IP address- must be performed if the network card of the computer is working, the cable or wireless connection used to connect to the router is working, and the router itself is working. In addition, the IP settings must be such that the address of the computer and the router belong to the same subnet. This is usually the case when network settings are made automatically by the router's DHCP server.
ping yandex.ru- poll the node with the name yandex.ru. If the poll ends with an error, then the reason may be not only the lack of communication with the provider's router, but also the inability to determine the host address yandex.ru due to problems with name resolution software.
ping 8.8.8.8- poll the host with IP address 8.8.8.8 . If polling by address runs without errors, but polling by name ends with an unknown host message, then the problem is name resolution. The reason may be the inoperability of the provider's DNS server. In this case, you can try changing it in the network connection settings to Google's public DNS servers with addresses 8.8.4.4 and 8.8.8.8. Also, the problem can be caused by poor communication quality with the provider, which is accompanied by too long response times and packet drops.
ping -t yandex.ru- perform ping before pressing the CTRL + C combination, When you press CTRL + Break - statistics are issued and the polling of the node continues.
Ping -n 1000 -l 500 192.168.1.1 - ping 1000 times using 500 byte messages. Ping with packets of a standard length of 32 bytes can be performed without errors, and with long packets - with errors, which is typical for wireless connections with a low signal level in conditions of intense interference.
Ping -n 1 -r 9 -w 1000 yandex.ru - ping 1 time (key -n 1), give a route for the first 9 hops (-r 9), wait 1 second (1000ms) for a response
As a result of executing this command, the route trace is also displayed:
Packet exchange with yandex.ru with 32 bytes of data:
Response from 87.250.251.11: number of bytes=32 time=36ms TTL=54
Route: 81.56.118.62 ->
81.56.112.1 ->
10.109.11.9 ->
10.109.11.10 ->
195.34.59.105 ->
195.34.52.213 ->
195.34.49.121 ->
195.34.52.213 ->
87.250.239.23
Ping stats for 87.250.251.11:
Packets: Sent = 1, Received = 1, Lost = 0
(0% loss)
Approximate round-trip time in ms:
Minimum = 36ms, Maximum = 36ms, Average = 36ms
In this example, a chain of 9 routers is built between the sender and receiver of packets. It is necessary to take into account the fact that in the version of the utility ping.exe for Windows, the number of transitions can take a value from 1 to 9. In cases where this value is not enough, the command is used tracert
The lack of an echo response is not always a sign of a problem, because sometimes, for security reasons, some hosts are configured to ignore echo requests sent by PING. An example would be a node microsoft.com and some routers in small ISP networks.
Using PING in batch files.
Often, the PING command is used to delay batch files. The loopback interface is pinged with the required value of the packet counter specified by the parameter -n. Pings are sent at 1 second intervals, and the response on the loopback interface is almost instantaneous, so the delay will be approximately equal to the counter minus one:
ping -n 11 127.0.0.1- 10 second delay.
The PING command is used in batch files to determine the availability of IP addresses. Since the result of the poll is not reflected in the ERRORLEVEL variable in any way, instead of analyzing it, a search for certain features in the PING standard output data is used. If you look closely at the messages of the ping.exe program when polling an available and inaccessible host, you will notice that they differ significantly
ping 456.0.0.1- ping to a non-existent address
The response to such a command may differ from the specific version of the utility, and may be something like this
Ping failed to locate host 456.0.0.1. Check the hostname and try again.
ping yandex.ru- ping to the address of the yandex.ru node
Reply to ping an available host:
Packet exchange with yandex.ru for 32 bytes:
Response from 87.250.250.11: number of bytes=32 time=10ms TTL=55
Thus, to solve the problem of determining the availability of a node in a batch file, it is enough to analyze the characteristic words in the output of ping.exe in case of a successful response. Most characteristic in this case is the presence of the word TTL. It never occurs when an error occurs and consists of only English characters. To search for "TTL" in the results of ping.exe, it is most convenient to chain its execution with the command to search for a character string FIND.EXE(ping and find pipeline). If the text is found by the FIND command, then the value of the ERRORLEVEL variable will be equal to 0
ping -n 1 COMPUTER | find /I "TTL" > null
if %ERRORLEVEL%==0 goto LIVE
ECHO computer not available
unreachable state routine
...
exit
:LIVE - start of subroutine for processing node availability state
...
...
In a simpler version, you can use the commands:
PING yandex.ru |find "TTL=" && ECHO Yandex pingable- the ECHO command is executed if the ERRORLEVEL value set by FIND is 0, i.e. the node yandex.ru responds to ping.
PING Server64 |find "TTL=" || ECHO Server64 not pingable- The ECHO command is executed if the ERRORLEVEL value set by FIND is not equal to 0, i.e. node Server64 did not respond to ping.
Ping (ping) and tracert (traceroute) command - how to use it correctly?
The ping command
Command ping- a special program for checking the availability of network resources. Networking professionals use the ping command more often than any other command, although the action performed by this command is the most elementary. The ping command sends a packet of the specified size to the specified host, which is then returned back.
The ping command is executed very simply - "ping ya.ru". Here "ya.ru" is the name of the pinged server. You can also use an IP address, such as "ping 213.180.204.3". After running the ping command, all you have to do is look at the amount of delay.
How to reduce ping?
You can often hear from people playing online games about their desire to reduce ping. This is logical enough, since a shorter ping time means less latency when playing. Accordingly, a player with a minimum ping time can gain an advantage in the game. The most popular game for which users like to measure ping is Counter Strike or CS for short.
There are really not so many options for reducing the ping time. The ping time depends on the load on the user's channel and on the route that the packets take from the provider's router to the game server.
First of all, if you are experiencing problems with ping, try disabling all file download programs. And you need not just stop the download, but close the program for downloading files.
If you share an Internet feed with someone else, such as if you have multiple computers at home, then the feed can load another computer. To check, try turning off another computer and ping again.
If clearing the channel does not help reduce ping, you can try changing the game server, because. ping to different servers can vary by several times. The most preferred in terms of reducing the ping of servers located in Russia.
If clearing the channel and changing the server does not help reduce ping, the option of changing the provider may help. It is useless to contact your ISP with a complaint about the ping. no one will rewrite routes for you, and it’s not a fact that your provider has several parallel channels to top-level providers.
tracert command (traceroute)
Very often, users wonder what is the reason for the difference in spelling tracert And traceroute? In fact, the tracert command is used in Windows operating systems, and traceroute is used in Linux operating systems and in the Cisco router operating system.
The simplest and most common example of using the tracert command is "tracert ya.ru". When using the tracert command with the literal address of the host being checked, the health and availability of the DNS server is also automatically checked. After all, in order to start the tracing process, the tracert command must first contact the DNS server and obtain the IP address of the host being checked.
An example of information output by the tracert command:
c:\windows\system32>tracert ya.ru
Route tracing to ya.ru
with a maximum number of jumps 30:
1 1 ms 1 ms 1 ms psk-cr1-fe-0-0-v03.site
2 1 ms 1 ms 1 ms ge-2-2-0-v2.1g.m20-1-pskv.nwtelecom.ru
3 4 ms 4 ms 4 ms ae0.20g.mx960-1-210.nwtelecom.ru
4 4 ms 4 ms 4 ms as13238-yandex.gateway.nwtelecom.ru
5 12 ms 12 ms 12 ms apollo-vlan304.yandex.net
6 12 ms 12 ms 13 ms grechko-vlan121.yandex.net
7 15 ms 14 ms 14 ms silicon-vlan4.yandex.net
8 14 ms 13 ms 13 ms l3link-iva1-ugr1.yandex.net
9 14 ms 13 ms 15 ms www.yandex.ru
The trace is complete.
The tracert command sequentially polls and measures the latency to all routers along the packet's path until the destination host is reached. If there is a large increase in delay between any two routers, then this section of the route is affecting the increase in ping.
It should also be taken into account that the main task of routers is to transmit packets with useful information, and not to respond to tracert and ping commands. Therefore, some routers along the path of the packet may ping even with packet loss, but the destination host will be reachable without packet loss. So before calling your ISP's tech support yelling "I know where you're losing packets!", make sure the target host is also pinging with packet loss. Otherwise, they will simply tell you what is written above.
If you encounter problems with the network, you need to find out the cause of the malfunction and the Ping command can help with this, which you can run through the command line.
The Ping command is not just a command, but a program included in the operating systems of the Windows family. If you do not go into special subtleties, then the essence of its work is to send a request to a remote address and receive a response from it. If there is no response, then the computer to which the request was sent is either turned off, or there is a problem with the network equipment or cable.
Let's look at the operation of this program, for this we will run the command line ( Start\Programs\Accessories\Run\cmd)
And so, let's say we need to check the connection with a server or workstation on the network, for this we enter the ping command and the ip address or dns name of the computer with which we need to check the connection ( ping 192.168.0.3).
There are situations when the browser does not want to display the site and there may be a suspicion that the provider is not doing its job well. However, the browser, like any program, can be buggy or simply not configured correctly, so you need to make sure that the Internet is not there for a software reason. To do this, we “ping” or, as the common people say, “we will ping” some server on the Internet. And it is better to check the connection with the servers of large Internet companies such as Yandex, Google, Microsoft. Since for them, the unavailability of the server threatens to lose millions, while the servers of other companies may be unavailable, and you will think that there is no Internet ( pingyandex.en)
And so, what information does the ping command provide us with:
1) IP address of the server - with which we are testing the connection " Packet exchange with yandex.ru with 32 bytes of data". Those. ip address of this server is 213.180.204.11.
2) Server response time- this time is determined from the moment the request is sent until the response is received and is measured in milliseconds. The smaller this value, the better the connection.
3) Number of nodes, which traverses the data packet until it reaches its destination. This is what the TTL value tells us (in decryption time to life). The operation of this parameter is that with the passage of each node in the network (router), the TTL value decreases by one and thus you can find out how many nodes the packet has passed until it reaches its destination. It seems like the default TTL is set to 128, but in different operating systems in different ways.
But there is a simpler way to find out the number of nodes and the IP addresses of these nodes, through the command tracert yandex.ru.
By default, 4 packets are sent sequentially, and after they are sent, statistics are given. The number of packets sent, received and lost, depending on these values, the percentage of losses is calculated. And the approximate time of reception and transmission is also calculated.
And so, what can the data received after executing the ping command tell us:
1) If you “ping” a computer on the local network and the “pings” do not go through, then there are several reasons:
Incorrect network connection setup;
Cable break;
The remote computer is turned off;
Network hardware failure (local or remote network card, switch, or router)
Or packets are blocked by a firewall.
2) If you are checking the connection to the Internet, then the following reasons are possible:
Router malfunction (it happens that the router is buggy, so you should reboot it and check the connection again);
The server of the site that you are “pinging” is not available, but as I said, it is better to “ping” the sites of large organizations, since they should be accessible anyway;
Provider error. If the sites do not “ping” and the external network indicator does not light on the router, then most likely there are problems with the provider that provides access to the Internet. But not a fact, there can be many reasons: incorrect configuration of the router or software, cable breakage, poor contact between the cable and the network device, failure of network equipment or a network card. In general, all this needs to be checked.
The ping command also has many additional parameters, to find out which ones, just type the command ping /?, but I will talk about those that I myself use.
ping yandex.ru –t– this command will endlessly check the connection with the given node until you press Ctrl+C. This helps when there is no connection, and in order not to refresh the browser page, just enter the command and as soon as the “pings” go, the connection will appear.
ping –a 213.180.193.11- this command allows you to find out the DNS name of the computer by ip address. Personally, I had a situation where one of the computers took a lot of Internet traffic, and only the ip address was known, and so this command allowed me to find the pest!
