Ping sends very small packets to an IP host who will answer by sending packets back.The ICMP packets sent to the host are called echo_request and the packets sent back echo_response.
The ICMP header is composed of a:
- Type
- Code
- Header checksum
- ID
- Sequence
 |
Below, you can find some ICMP types.
| Type | Description |
| 0 | Echo reply |
| 3 | Destination unreachable |
| 4 | Source quench |
| 5 | Redirect |
| 8 | Echo request |
| 9 | Router advertisement |
| 10 | Router solicitation |
| 11 | Time exceeded |
| 12 | Parameter problem |
| 13 | Timestamp request |
| 14 | Timestamp reply |
| 15 | Information request |
| 16 | Information reply |
| 17 | Address mask request |
| 18 | Address mask reply |
| 30 | Traceroute |
 |
The TTL or Time-To-Live gives you an indication of the number of routers between the source and destination.
The TTL is used to prevent an IP packet from looping inside an IP network and causing a network meltdown.
The initial TTL packet value for an IP packet is 255 and then it is decremented by 1 each time it encounters a router. When this value reaches 0, the packet is discarded by a router. The TTL value is contained in each IP packet including ICMP packets. The TTL value given by the ping command is in fact the TTL value of an echo_response packet.
By default, Windows will decrease the TTL by 128 and Ubuntu Linux by 192.
Let us study three scenarios where A pings B. B is a router (first case), a Microsoft Windows machine (case 2) and a Ubuntu Linux machine (case 3).
The TTL value is initially 255 and then decreased as described as above.
Case 1:
When A pings B, it receives a TTL of 251 because the packets crossed 4 routers (-4).
TTL=255-4=251.
ping B
Case 2:
When A pings B, it receives a TTL of 124 because the packets crossed 3 routers (-3) and a Windows machine (-128).
TTL=255-3-128=124.
ping B
Case 3:
When A pings B, it receives a TTL of 62 because the packets crossed 3 routers (-3) and an Ubuntu machine (-192).
TTL=255-3-192=60.
ping B
By default, Windows will decrease the TTL by 128 and Ubuntu Linux by 192.
Let us study three scenarios where A pings B. B is a router (first case), a Microsoft Windows machine (case 2) and a Ubuntu Linux machine (case 3).
The TTL value is initially 255 and then decreased as described as above.
Case 1:
When A pings B, it receives a TTL of 251 because the packets crossed 4 routers (-4).
TTL=255-4=251.
 |
ping B
| Pinging B [1.1.1.1] with 32 bytes of data: Reply from 1.1.1.1: bytes=32 time=18 ms TTL=251 Reply from 1.1.1.1: bytes=32 time=21 ms TTL=251 Reply from 1.1.1.1: bytes=32 time=20 ms TTL=251 Reply from 1.1.1.1: bytes=32 time=33 ms TTL=251 Ping statistics for 1.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 18ms, Maximum = 33ms, Average = 23ms |
When A pings B, it receives a TTL of 124 because the packets crossed 3 routers (-3) and a Windows machine (-128).
TTL=255-3-128=124.
 |
ping B
| Pinging B [1.1.1.1] with 32 bytes of data: Reply from 1.1.1.1: bytes=32 time=18 ms TTL=125 Reply from 1.1.1.1: bytes=32 time=21 ms TTL=125 Reply from 1.1.1.1: bytes=32 time=20 ms TTL=125 Reply from 1.1.1.1: bytes=32 time=33 ms TTL=125 Ping statistics for 1.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 18ms, Maximum = 33ms, Average = 23ms |
When A pings B, it receives a TTL of 62 because the packets crossed 3 routers (-3) and an Ubuntu machine (-192).
TTL=255-3-192=60.
 |
ping B
| Pinging B [1.1.1.1] with 32 bytes of data: Reply from 1.1.1.1: bytes=32 time=18 ms TTL=60 Reply from 1.1.1.1: bytes=32 time=21 ms TTL=60 Reply from 1.1.1.1: bytes=32 time=20 ms TTL=60 Reply from 1.1.1.1: bytes=32 time=33 ms TTL=60 Ping statistics for 1.1.1.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 18ms, Maximum = 33ms, Average = 23ms |
No comments:
Post a Comment