Ping and ICMP
Ping is a simple utility found across hosts (Windows, Linux, Mac…) and network devices (such as routers).
Ping uses the Internet Control Message Protocol to send an ‘echo request’ to another device. Typically the address of the other device may be given directly as an IP address or as a hostname which the ‘pinger’ tries to resolve to an IP address using DNS.
If a device is configured to respond to pings (echo requests), then it sends an ‘echo reply’ in response.
The ping program then displays information about the responses received such as
- Size of data received
- IP Address
- ICMP Sequence Number
- Time To Live (TTL) value
- Round trip time
Ping is a simple but effective tool for testing network connectivity and troubleshooting issues.
ICMP: The Internet Control Message Protocol
ICMP can do a lot more than basic pings. For example, it may be used to share information about a network and attempted connections. RFC 792 defines ICMP.
ICMP is encapsulated directly inside an IP packet and consists of a header and payload. The header consists of:
- Type (1 byte)
- Code (1 byte)
- Checksum (2 bytes)
- 4 bytes of type-specific header content (or just unused space)
The payload varies depending on the message type.
In theory, there could be up to 255 different types of message, but most of these are deprecated or currently unassigned.
Common ICMP Message Types
Type 0: Echo Request (ping)
Type 3: Destination Unreachable
Type 5: Redirect Message
Type 8: Echo Request (ping reply)
What ICMP message type is a ping?
What protocol is used by the 'ping' utility?
Follow On Cyber Learning
Using tcpdump: Options, Filters and Examples
'tcpdump' is a command-line tool available for UNIX based systems (including macOS and Linux) that captures network traffic and displays it on screen or saves it to a file. It is a simple but powerful tool for troubleshooting network problems, understanding protocols, investigating suspicious network activity, and much more.