Good afternoon, my network worker friend.
Internet workers deal with ping every day in their lives, and ping comes and goes. Many people know ping, but they don't know how to use ping in more ways.
Today, I will give you a comprehensive guide on the use of the ping command. In more different project scenarios, how to use ping can help you work efficiently.
The whole article exceeds 10,000 words, please collect and forward it to your network worker group and circle of friends in time, save it for future use!
Today's article reading benefits: " In-depth understanding of computer networks"
If you want to make good use of ping, the premise is to learn the network well. Private message me and send the password "Internet" to receive this classic online book resource.
01 Typical sequence for detecting network faults
Normally, when you use the Ping command to find the problem or verify the operation of the network, you will need to use many Ping commands, and if everything is running correctly, you can trust that the basic connectivity and configuration parameters are OK.
It can also indicate where to look if certain ping commands fail to work. A typical detection sequence and corresponding possible faults are given below:
1. ping127.0.0.1
This ping command is sent to the IP software of the local computer, and the command never exits the computer. Failure to do so indicates some fundamental problem with the installation or operation of TCP/IP.
2. Ping local IP
This command is sent to your computer's configured IP address, your computer should always respond to this ping command, if it doesn't, there is a problem with your local configuration or installation. When this problem occurs, LAN users please disconnect the network cable and resend the command. If the command is correct after the network cable is disconnected, it means that another computer may be configured with the same IP address.
3. Ping other IPs in the LAN
The command should leave your computer, travel through the network card and network cable to the other computer, and back again. Receiving an echo reply indicates that the network card and carrier on the local network are functioning correctly. But if you get 0 echo replies, then the subnet mask (the code that separates the network portion of an IP address from the host portion when subnetting) is incorrect or the network card is misconfigured or there is a problem with the cabling system.
4. Ping gateway IP
If this command is answered correctly, it means that the gateway router in the LAN is running and able to respond.
5. Ping the remote IP
If 4 replies are received, the default gateway is used successfully. For dial-up Internet users, it means that they can successfully access the Internet (but it does not rule out that there may be problems with the ISP's DNS).
6. ping localhost
localhost is an operating system network reserved name, which is an alias for 127.0.0.1, and every computer should be able to convert this name to this address. If it doesn't, there is a problem in the hosts file (/Windows/host).
Ping the address of this domain name, usually through the DNS server. If there is a failure here, it means that the IP address of the DNS server is not configured correctly or the DNS server is faulty (for dial-up Internet users, some ISPs do not need to set the DNS server).
By the way: You can also use this command to convert domain names to IP addresses.
If all of the ping commands listed above are working properly, then you can basically rest easy on your computer's ability to communicate locally and remotely. However, the success of these commands does not mean that all your network configurations are correct, for example, some subnet mask errors may not be detected by these methods.
02 Ping command application example
The Ping command is one of the most frequently used tools in our daily network management work. It is mainly used to test the network connection. In the actual process of solving network failures at ordinary times, the steps of "soft first and then hard" should generally be followed.
Among them, "soft" refers to using the Ping command to roughly determine the location of the network failure. Today we will introduce to you three typical applications of the Ping command.
01 Verify the working status of the network card
One of the simplest applications of Ping is to verify whether the working status of the network card is normal.
Enter "ping 127.0.0.1" at the command prompt and press Enter, if it returns four lines "Reply from 127.0.0.1: bytes=32 time<1ms TTL=128", then the local network card is installed normally, if it returns " Request timed out." means that the local network card is not working properly (as shown in the figure below).
Tips: Users can also directly use "Ping the IP address of the local computer" to verify whether the IP is set successfully.
02Judge the network connection status
When judging the network connection, our usual practice is to ping the gateway address and the remote host address, so as to judge the location of the network failure.
If "Request timed out." appears in "ping gateway address", it means that there is a problem with the internal network, and the data packets sent by the local network card cannot reach the gateway; If "Request timed out." appears, it may be a problem with the external connection.
In the actual application, there will be such a situation. During the execution of ping, information such as "Requesttimedout." and "Reply from192168.0.1:bytes=32time<1ms TTL=128" will be included at the same time.
In this case, the network is unstable and packet loss occurs.
For this, you can use "ping IP address - t", that is, add the "-t" parameter after the original command, so that ping will continuously try to connect with the target host, so as to observe the stability of the network.
Of course, the "time<1ms" of the returned information is also very important information. If the network is smooth, such as testing the connection with the intranet host, it will generally be "time<1ms". If the value is relatively large, it also means that the network is not enough Stable, it may be that the equipment is not compatible, it may be that the node is not in good contact, or there may be a large number of viruses in the network causing congestion.
03 Verify DNS server
The DNS server is responsible for converting the domain name (URL) into an IP address. We can use the ping command to determine whether its configuration is correct and whether it is working properly.
The method is very simple, you only need to enter "ping domain name address" at the command prompt, such as "ping www.itedit.cn", if "unknown Host Name" appears, it means that it cannot be reached, and the prompt "Reply from 222.191.251.34: bytes =32 time=27ms TTL=120" proves that the DNS server can successfully convert the domain name to an IP address. With this method, we can also view the IP addresses used by well-known websites (as shown below).
Mastering the correct use of the Ping command is very helpful for us to quickly judge network failures.
03 Use the Windows Ping command correctly
I believe everyone is very familiar with the ping command under Windows, but there are not many people who can maximize the function of ping. I have summed up some small experiences, and now I will share them with you.
Now I will refer to the help instructions of the ping command to tell you the skills I will use when using ping. Ping can only be used after the TCP/IP protocol is installed:
ping [-t] [-a] [-n count] [-l length] [-f] [-i ttl] [-v tos] [-r count] [-s count] [[-j computer-list] | [-k computer-list]] [-w timeout] destination-list
Options:
-tPingthespecifiedhostuntilstopped.Toseestatisticsand continue - type Control-Break;To stop - type Control-C.
Keep pinging the local host until you press Control-C.
There is no special trick to this function, but it can be used with other parameters, which will be mentioned below.
-a Resolve addresses to hostnames.
Resolves the computer NetBios name.
Example:
C:\ >ping -a 192.168.1.21
Pinging http://iceblood.yofor.com [192.168.1.21] with 32 bytes of data: Reply from 192.168.1.21: bytes=32 time<10ms TTL=254
Reply from 192.168.1.21: bytes=32 time<10ms TTL=254
Reply from 192.168.1.21: bytes=32 time<10ms TTL=254
Reply from 192.168.1.21: bytes=32 time<10ms TTL=254
Ping statistics for 192.168.1.21:
Packets:Sent = 4,Received = 4,Lost= 0 (0% loss),Approximateround trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
From the above, we can know that the computer NetBios with IP 192.168.1.21 is named
-n count Number of echo requests to send.
Sends the number of Echo packets specified by count.
By default, only four data packets are generally sent. This command can be used to define the number of data packets to be sent, which is very helpful for measuring the network speed. For example, I want to test the average return time of sending 50 data packets. The fastest time and the slowest time can be known through the following:
C:\ >ping -n 50 202.103.96.68
Pinging 202.103.96.68 with 32 bytes of data:
Reply from 202.103.96.68: bytes=32 time=50ms TTL=241
Reply from 202.103.96.68: bytes=32 time=50ms TTL=241
Reply from 202.103.96.68: bytes=32 time=50ms TTL=241
Request timed out.
,,,,,,
Reply from 202.103.96.68: bytes=32 time=50ms TTL=241
Reply from 202.103.96.68: bytes=32 time=50ms TTL=241
Ping statistics for 202.103.96.68:
Packets:Sent = 50, Received = 48, Lost = 2 (4% loss),Approximateround trip times in milli-seconds:
Minimum = 40ms, Maximum = 51ms, Average = 46ms
From the above, I can know that in the process of sending 50 data packets to 202.103.96.68, 48 were returned, and two of them were lost due to unknown reasons. Among the 48 data packets, the fastest return speed was 40ms, and the slowest was 51ms, with an average speed of 46ms.
-l size Send buffer size.
Defines the echo packet size.
By default, the size of the packet sent by windows ping is 32bytes. We can also define its size, but there is a size limit, that is, the maximum size can only be sent 65500bytes.
Some people may ask why it is limited to 65500byte, because there is a security hole in Windows series systems (maybe also include other systems), that is, when the data packet sent to the other party is greater than or equal to 65532, the other party is likely to block the machine. Therefore, in order to solve this security hole, Microsoft limited the packet size of ping.
Although Microsoft has made this restriction, the harm of this parameter is still very powerful when combined with other parameters. For example, we can implement an aggressive command by using the -t parameter: (The following introduction is dangerous, only use For experimentation, please do not easily apply it to other people's machines, otherwise the consequences will be at your own risk)
C:\ >ping -l 65500 -t 192.168.1.21
Pinging 192.168.1.21 with 65500 bytes of data:
Reply from 192.168.1.21: bytes=65500 time<10ms TTL=254
Reply from 192.168.1.21: bytes=65500 time<10ms TTL=254
,,,,,,
In this way, it will keep sending data packets with a size of 65500byte to the 192.168.1.21 computer. If you only have one computer, it may not have any effect, but if there are many computers, it can completely paralyze the other party. I have done this before In the experiment, when I used more than 10 computers to ping a computer of Win2000Pro system at the same time, the network of the other party was completely paralyzed in less than 5 minutes, the network was seriously blocked, and the HTTP and FTP services were completely stopped. This shows that the power is extraordinary.
-f Set Don't Fragment flag in packet.
Send a "do not fragment" flag in the packet. In general, the data packets you send will be segmented through the route and then sent to the other party. After adding this parameter, the route will not be segmented again.
-i TTL Time To Live.
Specify the time for the TTL value to stay in the other party's system. This parameter is also to help you check the operation of the network.
-v TOS Type Of Service.
Set the "Type of Service" field to the value specified by tos.
-r count Record route for count hops.
Record the route of outgoing and return packets in the Record Route field. Under normal circumstances, the data packets you send reach the other party through routes one by one, but which routes have they passed through?
Through this parameter, you can set the number of routes you want to detect, but it is limited to 9, that is to say, you can only trace 9 routes. If you want to detect more, you can use other commands. I will I will explain it to you in a future article.
Here is an example:
C:\ >ping -n 1 -r 9 202.96.105.101 (send a packet, record up to 9 routes)
Pinging 202.96.105.101 with 32 bytes of data:
Reply from 202.96.105.101: bytes=32 time=10ms TTL=249
Route: 202.107.208.187 ->
202.107.210.214 ->
61.153.112.70 ->
61.153.112.89 ->
202.96.105.149 ->
202.96.105.97 ->
202.96.105.101 ->
202.96.105.150 ->
61.153.112.90
Ping statistics for 202.96.105.101:
Packets: Sent = 1, Received = 1, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 10ms, Maximum = 10ms, Average = 10ms
From the above, I can know that 202.107.208.187, 202.107.210.214, 61.153.112.70, 61.153.112.89, 202.96.105.149, 202.96.105.97 have been passed from my computer to 202.96.105.101 routing.
-s count Timestamp for count hops.
Specifies a timestamp for the number of hops specified by count.
This parameter is similar to -r, except that this parameter does not record the route through which the data packet returns, and only records 4 at most.
-j host-list Loose source route along host-list.
Route packets using the list of computers specified by computer-list. Consecutive computers can be separated by intermediate gateways (routing sparse source) The maximum number of IPs allowed is 9.
-k host-list Strict source route along host-list.
Route packets using the list of computers specified by computer-list. Consecutive computers cannot be separated by intermediate gateways (routing strict source) The maximum number of IPs allowed is 9.
-w timeout Timeout in milliseconds to wait for each reply.
Specifies the timeout interval in milliseconds. This parameter has no other tricks.
Other tricks for the ping command:
In general, you can also ping the other party to ask the other party to return the TTL value to you, and roughly judge whether the system type of the target host is Windows series or UNIX/Linux series. Generally, the TTL value returned by the Windows series system is between 100- 130, and the TTL value returned by the UNIX/Linux series system is between 240-255. Of course, the TTL value can be modified in the host of the other party. The Windows series system can be realized by modifying the following key values in the registry:
[HKEY_LOCAL_MACH\INSEYSTE\M CurrentControlSet\Services \Tcpip \Parameters] "DefaultTTL"=dword:000000ff
255---FF
128---80
64----40
32----20
04 Detect packet loss
How to test for packet loss?
I know ping a website for information and traceroute information.
However, I have heard from some people that they have problems with packet loss on their broadband Internet connections. I suspect that I may be experiencing packet loss, because when I ran the speed test, the speed was slower than before, and I didn't change hardware or use any new applications.
Testing packet loss on a broadband connection from home is a very difficult job. Packet loss can happen anywhere along the wire from your computer to the destination you're connecting to on the Internet.
Causes of packet loss include: network congestion, overloaded routers or switches, slow signal round-trip times, and traffic prioritization used by the service provider or company hosting the website you're visiting.
Without actively measuring actual duplicated TCP traffic (such products are too expensive for home broadband connections), it is difficult to determine whether duplicated transmissions are actually occurring.
The mechanisms you point to ping and traceroute are the most useful tools for helping home users determine where things are slow on the Internet.
Ping measures the round-trip time of a signal between your computer and the IP address you're connecting to.
Traceroute measures the reaction time of the router on the tunnel between your computer and the IP address of the route you are tracing.
Use Ping
The best way to measure packet loss using Ping is to send a large number of ping commands to an IP address, and then check for those ping commands that are not answered.
If you ping 50 times quickly, you can check for no replies and count the no replies as dropped packets. A non-response rate of more than 5% is probably cause for concern.
On a Windows computer, this can be done by entering the following command at the command prompt:
Ping -n 50 (IP address or domain name, such as http://www.website.com ) The "-n" switch in this command tells the number of times to send the ping command, and "50" is the number of times to send.
You will then be given a test summary. This summary will include the amount and percentage lost:
Ping statistics for 199.181.132.250 address: Packets: Sent = 6, Received = 6, Lost = 0 (0%) Approximate round trip time is displayed in milliseconds (ms):
Min = 26ms, Max = 29ms, Average = 27ms
If you see high average round trip times (over 100ms), this will also slow down your network download speed.
One way to try to troubleshoot certain parts of the network that are causing packet loss is to do ping tests on various parts of the channel. The first place I started testing was the local "Default Gateway".
This is the first router that all your data travels on the Internet. If there is a high rate of packet loss in this part, then the problem is on your service provider's network.
You can find out the IP address of your default router by entering the "ipconfig" command at the Windows command prompt. This result is displayed as follows:
Ethernet interface local area connection:
The DNS suffix of the specific connection: http://domainname.com
IP address. . . . . : 192.168.2.189 Subnet mask. . . . : 255.255.252.0 Default gateway. . . : 10.10.0.1
What you're looking for here is the IP address of the default gateway. In the above example it would be 10.10.0.1.
Using tracerouting Tracerouting is implemented using the traceroute command at the Windows command prompt.
In Windows XPZH this command is: tracert (IP address or hostname) Although the result cannot show you packet loss, it can show you the slowdown of the router's response speed in the path. This output will show the response time of all routers. Below is an example:
5 ms 2 ms 3 ms http://malibu.domain.com [10.10.0.1]
10 ms 6 ms 7 ms 10.60.0.6
9 ms 7 ms 7 ms 10.20.0.1
6 ms 7 ms 7 ms http://x130.cd9e68.sj.concentric.net [205.158.104.130]
7 ms 7 ms 8 ms http://ge9-0.dcr2.dc-fremont-ca.us.xo.net [205.158.60.169]
7 ms 7 ms 7 ms http://ge2-0.dcr1.dc-fremont-ca.us.xo.net [65.106.2.205]
10 ms 7 ms 8 ms http://p5-1-0-2.rar2.sanjose-ca.us.xo.net [65.106.2.153]
10 ms 9 ms 11 ms http://p1-0.ir1.paloalto-ca.us.xo.net [65.106.5.178]
9 ms 10 ms 15 ms 206.http://111.12.114.ptr.us.xo.net [206.111.12.114]
9 ms 10 ms 10 ms http://svl-core-03.inet.qwest.net [205.171.205.29]
29 ms 28 ms 29 ms http://stl-core-02.inet.qwest.net [205.171.5.85]
30 ms 29 ms 29 ms http://sea-edge-03.inet.qwest.net [205.171.26.42]
* * * Request timed out.
* * * Request timed out.
28 ms 28 ms 29 ms http://sam.abcnews.go.com [199.181.132.250]
If you see traceroute round-trip times in the path that exceed 100ms (one-tenth of a second), this may be causing a slowdown in transfer times over the network.
From the above example, you can see that data is transmitted over many different nets (XO, Qwest, ABC).
This is part of the beauty of the internet. The downside is that one user can't work out the slowed reaction time. The best place to start is to make sure there is no packet loss between you and your service provider.
05 special reminder
When using the Ping command, sometimes a strange phenomenon occurs.
Ping is a command line program that comes with Windows. It is the main command used to detect difficult problems of network connectivity, reachability and name resolution under the TCP/IP environment.
The main purpose of Ping is to detect whether the target host can be connected. Its essence is to send an ICMP echo request message to the target host, wait for the echoed ICMP response, and then print out the echoed message. The application of the Ping command does not need to be discussed in detail in this article. Here is an unnoticed detail to remind everyone to pay special attention.
Enter ping 127.0.0.1 at the Windows2000/XP command prompt and press Enter, and an echo message will appear indicating that the ping is successful. Interestingly, if you enter ping 127.0..1 and press Enter (note that it is not 127.0.0.1, enter a 0 in the middle), you can also ping through! Windows will automatically fill the last "0" in the IP address to form 127.0.0.1, as shown in the figure (Figure 1).
Executing this command under Windows98/Me has the same result! In another way, enter the command on the command line: ping 127..0.1, you can also ping through, and the system will automatically add a "0" to become a complete form. The reason for this is that when you use the Ping command to Ping an IP address, you can omit the part of the IP address where the null value is "0", and use the format ".." to automatically add a null value to it , so we can omit the "0" in it.
If we enter Ping 202.108.36.172 respectively under the command line (this is the IP address of Netease)
Will the echo result be the same as Ping 202.108.036.172? At first I thought it was the same, but the result after the command was executed was beyond my expectation—it was completely different from what I imagined.
After entering Ping 202.108.36.172 and pressing Enter, the displayed results are all normal, exactly as we expected. However, when Ping 202.108.036.172 is displayed in the command prompt window, it is actually Ping another IP address: 202.108.30.172 (Figure 2)
What's more interesting is that if you enter Ping 202.108.044.172 and press Enter, what is displayed in the command prompt window is our Ping address 202.108.36.172 (Figure 3)
Isn't this also unexpected?
In addition to the Windows system, the test results on FreeBSD are the same.
why? This is because the system regards "036" in the above IP address as an octal number instead of a decimal number, and the conversion of the octal value "036" to decimal is exactly "30" (you can use the calculator that comes with Windows to check), so the system Only then will we think that we are Ping 202.108.30.172.
Add 0 in front of the decimal number of the IP address to indicate that it is an octal number, and add 0x to indicate that it is a hexadecimal number
We can verify it, enter Ping 0x7f.0.0.1 at the command prompt, and after pressing Enter, you will find that our Ping is 127.0.0.1.
Because 0x7f is exactly the hexadecimal representation of the decimal value 127. Try typing Ping 0x7f.0..1 again, and guess what?
That's right, the IP address 127.0.0.1 is still input for Ping.
Note that when using the Ping command to ping an IP address, only one part of the four parts of the IP address can be entered in octal or hexadecimal, and the rest must be in decimal, otherwise an error will occur.
For example, if you convert the IP address 202.108.36.172 to octal 0312.0154.044.0254, and then go to Ping, the system will report an error (Figure 4). Similarly, if you convert all parts of the dotted decimal IP address to hexadecimal Control, and then go to Ping the system will also report an error, unable to ping through. So it is better to use the decimal IP address to ping honestly.
06 Common parameter options of the Ping command
ping IP -t
Ping the IP address continuously until interrupted by the user with Ctrl+C.
ping IP -l 2000
Specifies that the data length in the Ping command is 2000 bytes instead of the default 32 bytes.
ping IP -n
Execute a specific number of Ping commands.
Netstat
Netstat is used to display statistical data related to IP, TCP, UDP and ICMP protocols, and is generally used to check the network connection status of each port of the machine.
Don't be surprised if your computer sometimes receives datagrams that cause erroneous data deletions or malfunctions. TCP/IP is tolerant of these types of errors and can automatically resend datagrams.
But if the cumulative number of error conditions accounts for a significant percentage of received IP datagrams, or if its number is increasing rapidly, then you should use Netstat to investigate why these conditions occur.
Finishing: Lao Yang 丨 10-year senior network engineer, more network workers to improve dry goods, please pay attention to the official account: Network Engineer Club