PING(8) | System Manager's Manual | PING(8) |
ping
— send ICMP
ECHO_REQUEST packets to network hosts
ping |
[-AaCDdfnoQqRrv ] [-b
boundif] [-c
count] [-G
sweepmaxsize] [-g
sweepminsize] [-h
sweepincrsize] [-i
wait] [-k
trafficclass] [-K
netservicetype] [-l
preload] [-M
mask | time ]
[-m ttl]
[-P policy]
[-p pattern]
[-S src_addr]
[-s packetsize]
[-t timeout]
[-W waittime]
[-z tos]
[--apple-connect ]
[--apple-time ] host |
ping |
[-AaDdfLnoQqRrv ] [-b
boundif] [-c
count] [-I
iface] [-i
wait] [-k
trafficclass] [-K
netservicetype] [-l
preload] [-M
mask | time ]
[-m ttl]
[-P policy]
[-p pattern]
[-S src_addr]
[-s packetsize]
[-T ttl]
[-t timeout]
[-W waittime]
[-z tos]
[--apple-connect ]
[--apple-time ]
mcast-group |
The ping
utility uses the ICMP
protocol's mandatory ECHO_REQUEST datagram to elicit
an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams
(“pings”) have an IP and ICMP header, followed by a
“struct timeval” and then an arbitrary number of
“pad” bytes used to fill out the packet. The options are as
follows:
-A
-a
-b
boundif-C
-c
countping
will operate until interrupted. If this
option is specified in conjunction with ping sweeps, each sweep will
consist of count packets.-D
-d
SO_DEBUG
option on the socket being
used.-f
-G
sweepmaxsize-g
sweepminsize-h
sweepincrsize-I
iface-i
wait-f
option.-k
trafficclassping
uses the control traffic class (CTL).
This option is an Apple addition.-K
netservicetype-L
-l
preloadping
sends that many packets as fast as possible
before falling into its normal mode of behavior. Only the super-user may
use this option.-M
mask
|
time
ICMP_MASKREQ
or
ICMP_TSTAMP
instead of
ICMP_ECHO
. For mask
, print
the netmask of the remote machine. Set the
net.inet.icmp.maskrepl MIB variable to enable
ICMP_MASKREPLY
. For time
,
print the origination, reception and transmission timestamps.-m
ttl-n
-o
-P
policy-p
pattern-p ff
” will
cause the sent packet to be filled with all ones.-Q
-v
flag was required to display such errors, but
-v
displays all ICMP error messages. On a busy
machine, this output can be overbearing. Without the
-Q
flag, ping
prints out
any ICMP error messages caused by its own ECHO_REQUEST messages.-q
-R
-r
-S
src_addr-s
packetsize-T
ttl-t
timeout-v
-W
waittime-z
tos--apple-connect
--apple-time
When using ping
for fault isolation, it
should first be run on the local host, to verify that the local network
interface is up and running. Then, hosts and gateways further and further
away should be “pinged”. Round-trip times and packet loss
statistics are computed. If duplicate packets are received, they are not
included in the packet loss calculation, although the round trip time of
these packets is used in calculating the round-trip time statistics. When
the specified number of packets have been sent (and received) or if the
program is terminated with a SIGINT
, a brief summary
is displayed, showing the number of packets sent and received, and the
minimum, mean, maximum, and standard deviation of the round-trip times.
If ping
receives a
SIGINFO
(see the status
argument for stty(1)) signal, the current
number of packets sent and received, and the minimum, mean, and maximum of
the round-trip times will be written to the standard error output.
This program is intended for use in network testing, measurement
and management. Because of the load it can impose on the network, it is
unwise to use ping
during normal operations or from
automated scripts.
An IP header without options is 20 bytes. An ICMP ECHO_REQUEST packet contains an additional 8 bytes worth of ICMP header followed by an arbitrary amount of data. When a packetsize is given, this indicated the size of this extra piece of data (the default is 56). Thus the amount of data received inside of an IP packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space (the ICMP header).
If the data space is at least eight bytes large,
ping
uses the first eight bytes of this space to
include a timestamp which it uses in the computation of round trip times. If
less than eight bytes of pad are specified, no round trip times are
given.
The ping
utility will report duplicate and
damaged packets. Duplicate packets should never occur when pinging a unicast
address, and seem to be caused by inappropriate link-level retransmissions.
Duplicates may occur in many situations and are rarely (if ever) a good
sign, although the presence of low levels of duplicates may not always be
cause for alarm. Duplicates are expected when pinging a broadcast or
multicast address, since they are not really duplicates but replies from
different hosts to the same request.
Damaged packets are obviously serious cause for alarm and often
indicate broken hardware somewhere in the ping
packet's path (in the network or in the hosts).
The (inter)network layer should never treat packets differently depending on the data contained in the data portion. Unfortunately, data-dependent problems have been known to sneak into networks and remain undetected for long periods of time. In many cases the particular pattern that will have problems is something that does not have sufficient “transitions”, such as all ones or all zeros, or a pattern right at the edge, such as almost all zeros. It is not necessarily enough to specify a data pattern of all zeros (for example) on the command line because the pattern that is of interest is at the data link level, and the relationship between what you type and what the controllers transmit can be complicated.
This means that if you have a data-dependent problem you will
probably have to do a lot of testing to find it. If you are lucky, you may
manage to find a file that either cannot be sent across your network or that
takes much longer to transfer than other similar length files. You can then
examine this file for repeated patterns that you can test using the
-p
option of ping
.
The TTL value of an IP packet represents the maximum number of IP routers that the packet can go through before being thrown away. In current practice you can expect each router in the Internet to decrement the TTL field by exactly one.
The TCP/IP specification recommends setting the TTL field for IP packets to 64, but many systems use smaller values (4.3BSD uses 30, 4.2BSD used 15).
The maximum possible value of this field is 255, and most UNIX systems set the TTL field of ICMP ECHO_REQUEST packets to 255. This is why you will find you can “ping” some hosts, but not reach them with telnet(1) or ftp(1).
In normal operation ping
prints the ttl
value from the packet it receives. When a remote system receives a ping
packet, it can do one of three things with the TTL field in its
response:
ping
ing
host.The ping
utility exits with one of the
following values:
<sysexits.h>
.The ping
utility appeared in
4.3BSD.
The original ping
utility was written by
Mike Muuss while at the US Army Ballistics Research
Laboratory.
Flood pinging is not recommended in general, and flood pinging the broadcast address should only be done under very controlled conditions.
The -v
option is not worth much on busy
hosts.
March 29, 2013 | macOS 15.2 |