Search This Blog

Friday, March 16, 2012

ping: An Overview


ping: It is a computer network administration utility used to test the reachability of a host on an internet protocol (IP) network and to measure the round-trip-time for messages sent from the originating host to a distination computer.

pingoperates by sending internet control message protocol (ICMP) echo-request pachets to the target host and waiting for an ICMP response.

It measures:-

  1. Time from transmission to reception (round-trip-time)
  2. Records any packet lost
  3. Response any packet received (i.e. Records of packet transmitted and packet received)
  4. Maximum, minimum and mean round-trip-time
  5. Standard deviation of the mean

For the following hosts, send 10 packets, each with a length of 56 data bytes. The hosts

are



root@asbidyarthy-Studio-1555:/home/asbidyarthy# ping -c 10 www.iitg.ernet.in

PING www.iitg.ernet.in (202.141.80.6): 56 data bytes

64 bytes from 202.141.80.6: icmp_seq=0 ttl=63 time=0.899 ms

64 bytes from 202.141.80.6: icmp_seq=1 ttl=63 time=3.091 ms

64 bytes from 202.141.80.6: icmp_seq=2 ttl=63 time=2.382 ms

64 bytes from 202.141.80.6: icmp_seq=3 ttl=63 time=0.791 ms

64 bytes from 202.141.80.6: icmp_seq=4 ttl=63 time=0.571 ms

64 bytes from 202.141.80.6: icmp_seq=5 ttl=63 time=3.921 ms

64 bytes from 202.141.80.6: icmp_seq=6 ttl=63 time=0.706 ms

64 bytes from 202.141.80.6: icmp_seq=7 ttl=63 time=1.021 ms

64 bytes from 202.141.80.6: icmp_seq=8 ttl=63 time=4.487 ms

64 bytes from 202.141.80.6: icmp_seq=9 ttl=63 time=0.740 ms

--- www.iitg.ernet.in ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.571/1.861/4.487/1.413 ms

root@asbidyarthy-Studio-1555:/home/asbidyarthy#


Observation:

  1. packet loss = 0%
  2. packets transmitted =10
  3. packets received = 10
  4. minimum round-trip time = 0.571 ms
  5. mean round-trip time = 1.861 ms
  6. maximum round-trip time = 4.487 ms
  7. standard deviation of mean = 1.413 ms


  1. jatinga.iitg.ernet.in

root@asbidyarthy-Studio-1555:/home/asbidyarthy# ping -c 10 jatinga.iitg.ernet.in

PING jatinga.iitg.ernet.in (202.141.81.145): 56 data bytes

64 bytes from 202.141.81.145: icmp_seq=0 ttl=63 time=3.164 ms

64 bytes from 202.141.81.145: icmp_seq=1 ttl=63 time=0.611 ms

64 bytes from 202.141.81.145: icmp_seq=2 ttl=63 time=0.567 ms

64 bytes from 202.141.81.145: icmp_seq=3 ttl=63 time=0.590 ms

64 bytes from 202.141.81.145: icmp_seq=4 ttl=63 time=0.520 ms

64 bytes from 202.141.81.145: icmp_seq=5 ttl=63 time=0.691 ms

64 bytes from 202.141.81.145: icmp_seq=6 ttl=63 time=0.532 ms

64 bytes from 202.141.81.145: icmp_seq=7 ttl=63 time=0.544 ms

64 bytes from 202.141.81.145: icmp_seq=8 ttl=63 time=0.907 ms

64 bytes from 202.141.81.145: icmp_seq=9 ttl=63 time=0.521 ms

--- jatinga.iitg.ernet.in ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.520/0.865/3.164/0.774 ms

root@asbidyarthy-Studio-1555:/home/asbidyarthy#


Observation:

  1. packet loss = 0%
  2. packets transmitted =10
  3. packets received = 10
  4. minimum round-trip time = 0.520 ms
  5. mean round-trip time = 0.865 ms
  6. maximum round-trip time = 3.164 ms
  7. standard deviation of mean = 0.774 ms

  1. 10.10.0.254

root@asbidyarthy-Studio-1555:/home/asbidyarthy# ping -c 10 10.10.0.254

PING 10.10.0.254 (10.10.0.254): 56 data bytes

64 bytes from 10.10.0.254: icmp_seq=0 ttl=64 time=1.123 ms

64 bytes from 10.10.0.254: icmp_seq=1 ttl=64 time=4.456 ms

64 bytes from 10.10.0.254: icmp_seq=2 ttl=64 time=0.746 ms

64 bytes from 10.10.0.254: icmp_seq=3 ttl=64 time=0.762 ms

64 bytes from 10.10.0.254: icmp_seq=4 ttl=64 time=2.113 ms

64 bytes from 10.10.0.254: icmp_seq=5 ttl=64 time=0.812 ms

64 bytes from 10.10.0.254: icmp_seq=6 ttl=64 time=0.769 ms

64 bytes from 10.10.0.254: icmp_seq=7 ttl=64 time=0.737 ms

64 bytes from 10.10.0.254: icmp_seq=8 ttl=64 time=0.690 ms

64 bytes from 10.10.0.254: icmp_seq=9 ttl=64 time=3.024 ms

--- 10.10.0.254 ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.690/1.523/4.456/1.222 ms

root@asbidyarthy-Studio-1555:/home/asbidyarthy#

Observation:

  1. packet loss = 0%
  2. packets transmitted =10
  3. packets received = 10
  4. minimum round-trip time = 0.690 ms
  5. mean round-trip time = 1.523 ms
  6. maximum round-trip time = 4.456 ms
  7. standard deviation of mean = 1.222 ms


Q1. You may find that the packet responses are 64 bytes instead of 56 bytes. Find out the

reason for this.


Answer: when we use ping www.example.com, The default number of data bytes to be sent is 56 bytes, which translates into 64 ICMP data bytes when combined with the 8 bytes of ICMP header data.

Sincepingoperates by sending internet control message protocol (ICMP) echo-request packets to the target host and waiting for an ICMP response. Echo-request message takes additional 8 bytes of ICMP header data to reach distination host and echo-reply takes additional 0 byte of ICMP header data to reach source host. When echo-request message is requested from source to distination and echo-reply message is replied by distination, in this case for echo-reply message source becomes distination and distination becomes source host.

The
ICMP header is composed of a:

-
Type
-
Code
-
Header checksum
-
ID
-
Sequence

Below,
is the ICMP protocol structure. This snapshot can be seen in wireshark. Wireshark is a network packet analyzer. A network packet analyzer will try to capture network packets and tries to display that packet data as detailed as possible.













Below, you can find some ICMP types.
Type
Description




0
Echo reply
3
Destination unreachable
4
Source quench
5
Redirect
8
Echo request
9
Router advertisement
10
Router solicitation
11
Time exceeded
12
Parameter problem
13
Timestamp request
14
Timestamp reply
15
Information request
16
Information reply
17
Address mask request
18
Address mask reply
30
Traceroute


Q2. Explain the differences in minimum round trip time of each of these hosts.


Answer:

--- www.iitg.ernet.in ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.571/1.861/4.487/1.413 ms



--- jatinga.iitg.ernet.in ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.520/0.865/3.164/0.774 ms



--- 10.10.0.254 ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 0.690/1.523/4.456/1.222 ms



The further the destination is from IIT, the longer the propagation time.
If the distance of the distination host willl increase, will also increase minimum round-trip time. Www.iitg.ernet.in and jatinga.iitg.ernet.in both are on IIT campus, hence are oly a few milliseconds away, therefore the minimum round-trip time is very less i.e. 0.571 and 0.520 ms respectively, while 10.10.0.254 is default gateway is also taking very less minimum round-trip time i.e. 0.690 ms .

Q3. Now send pings with 128, 512, and 1024 byte packets to all of the three hosts above.
Write down the minimum, average and maximum round trip time. Why are the minimum
round-trip times to the same hosts different when using 128, 512, and 1024 byte packets?


Answer: # ping -c number_of_packets -s size_if_each_packets www.example.com
128 bytes data packets

--- www.iitg.ernet.in ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 11.284/17.614/20.732/2.813 ms


--- jatinga.iitg.ernet.in ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 9.504/18.226/21.969/3.585 ms



--- 10.10.0.254 ping statistics ---

10 packets transmitted, 9 packets received, 10% packet loss

round-trip min/avg/max/stddev = 9.093/16.821/21.763/4.417 ms


512 bytes data packets

--- www.iitg.ernet.in ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 8.519/17.253/21.761/3.878 ms


--- jatinga.iitg.ernet.in ping statistics ---

10 packets transmitted, 8 packets received, 20% packet loss

round-trip min/avg/max/stddev = 16.707/20.074/22.493/2.243 ms


--- 10.10.0.254 ping statistics ---

10 packets transmitted, 7 packets received, 30% packet loss

round-trip min/avg/max/stddev = 9.210/17.971/22.274/4.404 ms


1024 bytes data packets

--- www.iitg.ernet.in ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 12.214/18.398/22.553/3.818 ms

--- jatinga.iitg.ernet.in ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 11.121/18.681/24.254/3.575 ms

--- 10.10.0.254 ping statistics ---

10 packets transmitted, 10 packets received, 0% packet loss

round-trip min/avg/max/stddev = 8.687/14.737/20.710/4.153 ms


Larger packets have a longer transmission delay, since the sending and receiving machines must spend more time just getting the packet on and off the network. The time it takes to put the packet onto the network is determined by the bandwidth and the amount of data being transmitted. However, the transmission delay is small compared to the latency caused by the propagation delay. Hence the amount of additional time for larger packets is small compared to the round trip time for small packets.


Q4. Note that you cant ping an outside host from inside IITG network. Find out the

reason for this. Now use the online tool http://centralops.net/co/
to ping following hosts,

i) www.berkeley.edu

ii) www.kyoto-u.ac.jp

iii) www.csail.mit.edu

iv) www.iitg.ernet.in

Answer all the questions Q1-Q3 for this part.


Answer:
we send an ICMP Echo request from my IP to external LAN's IP
  1. This routes by way of our router.
  2. Our network address translation (NAT) gateway inside our router rewrites the request to be from external LAN's IP (it's static IP address)
  3. Our router replies to the ICMP Echo request
  4. Since our router does not support ICMP state, it never passes the ECHO Reply back to us.

Q1. You may find that the packet responses are 64 bytes instead of 56 bytes. Find out the reason for this.

Answer: Same as above


Q2. Explain the differences in minimum round trip time of each of these hosts.

Answer:

  1. www.berkeley.edu (Berkeley , California , United States,,)


Statistics

packets
sent
10

times (ms)
min
88


received
10
100%

avg
92


lost
0
0%

max
99


(kyoto, kyoto, Japan)


Statistics

packets
sent
10

times (ms)
min
174


received
10
100%

avg
175


lost
0
0%

max
185


  1. www.csail.mit.edu (Cambridge , Massachusetts , United States,,)


Statistics

packets
sent
10

times (ms)
min
45


received
10
100%

avg
45


lost
0
0%

max
45




Statistics

packets
sent
10

times (ms)
min
300


received
10
100%

avg
300


lost
0
0%

max
301


The further the destination is from http://centralops.net/co/
city name is Houston, state name is Texas, country name is United states, the longer the propagation time.If the distance of the distination host willl increase, will also increase minimum round-trip time. Since Distance from Houston to India>Kyoto> Berkeley> Cambridge therefore minimum round-trip time of www.iitg.ernet.in >www.kyoto-u.ac.jp >www.berkeley.edu >www.csail.mit.edu


Q3. Now send pings with 128, 512, and 1024 byte packets to all of the three hosts above. Write down the minimum, average and maximum round trip time. Why are the minimum round-trip times to the same hosts different when using 128, 512, and 1024 byte packets?

Answer:
128 bytes data packets

i) www.berkeley.edu

ii) www.kyoto-u.ac.jp

iii) www.csail.mit.edu

  1. www.iitg.ernet.in


Note::: The link http://centralops.net/co/
which you have provided to ping outside network hosts is accepting data packets of size less than 100. Data size must be a number from 0 to 100.
-- end --

Q5. Send pings to the host www.wits.ac.za , and www.microsoft.com , for some of the hosts, you may not have received any responses for the packets you sent. What are some reasons as to why you might have not gotten a response? (Be sure to check the hosts in a web browser.)


Answer:


IP country code: ZA IP address country: South Africa IP address state: Gauteng IP address city: Johannesburg IP address latitude: -26.2000 IP address longitude: 28.0833 ISP of this IP [?]: University of the Witwatersrand Organization: University of the Witwatersrand Local time in South Africa: 2011-12-31 21:08

Pinging www.wits.ac.za [146.141.9.215] with 56 bytes of data...

Results

count
ttl (hops)
rtt (ms)

from




1





TimedOut
2





TimedOut
3





TimedOut
4





TimedOut
5





TimedOut
6





TimedOut
7





TimedOut
8





TimedOut
9





TimedOut
10





TimedOut

Statistics

packets
sent
10

times (ms)
min
-


received
0
0%

avg
-


lost
10
100%

max
-




IP country code: US IP address country: United States IP address state: n/a IP address city: n/a

Pinging www.microsoft.com [207.46.19.254] with 56 bytes of data...

Results

count
ttl (hops)
rtt (ms)

from




1





TimedOut
2





TimedOut
3





TimedOut
4





TimedOut
5





TimedOut
6





TimedOut
7





TimedOut
8





TimedOut
9





TimedOut
10





TimedOut

Statistics

packets
sent
10

times (ms)
min
-


received
0
0%

avg
-


lost
10
100%

max
-



Neither of these machines send back any ping responses. A few possible reasons:
  1. Saving of resources: The sites might be trying to minimize the number of services on its web site so that the system can focus on serving web requests.
  2. Security: By providing fewer services, fewer security "holes" are likely to exist. People have been known to use ping to send very large packets to hosts. These packets cause the servers buffers to overflow and crash the system.
  3. Firewall: The www.microsoft.com machine could be hidden behind a firewall which only allows http requests to pass. Hence ICMP packets never make it to www.microsoft.com.
  4. Crash: The system on the other end might have crashed.
  5. Temporary Congestion: The network may be dropping packets because of congestion.
  6. Network failure: The network connection to or from a host may have failed.
  7. Hacked Machine: A machine was modified to behave by dropping packets.
Because both of these hosts run a functioning web server, the true reason for not receiving responses is more likely some of the first three reasons than the last four.

No comments:

Post a Comment

Thank you