Analysis of the process behind the ping command and its return information

The Ping command is a common command for us to judge network failures, but do you really understand what happens when this command is run, and what kind of information appears to explain it? I will usually work in the accumulated experience introduced to you.

The behind-the-scenes process of "Ping"

We use the following network as an example: There are a, B, C, D four machines, a route RA, subnet mask is 255.255 255.0, the default route is 192.168.0.1

1. Within the same network segment

What happens after you run "Ping 192.168.0.5" on Host a? First, the ping command constructs a fixed format ICMP request packet, and then the ICMP protocol passes the packet along with the address "192.168.0.5" to the IP layer protocol (like ICMP, which is actually a set of background-running processes), and the IP layer protocol addresses " 192.168.0.5 "As the destination address, the native IP address as the source address, plus some other control information, build an IP packet, and find a way to get 192.168.0.5 MAC address (physical address, this is the Data Link layer protocol to build data link layer Transmission Unit- Frames required to construct a data frame to the data link layer. The key is here, the IP layer protocol through the IP address of machine B and its own subnet mask, found that it is the same network, directly in the network to find this machine Mac, if the previous two machines have communication, in a machine ARP cache table should have B-machine IP and its Mac mapping relationship, if not, Send an ARP request broadcast, get the Mac of the B machine, and give it to the data link layer. The latter constructs a data frame, the destination address is the IP layer passes over the physical address, the source address is the local physical address, but also must attach some control information, according to the Ethernet media access rule, transmits them out.

Host B receives this data frame, first check its destination address, and the physical address of the machine, if the match, then receive; After receiving the data frame, the IP packet is extracted from the frame and given to the IP layer protocol of the computer. Similarly, after the IP layer check, the useful information is extracted to the ICMP protocol, the latter processing, immediately build an ICMP answer package, sent to host A, the process and host a sent ICMP request packet to Host B exactly the same.

2. Not within the same network segment

After you run "Ping 192.168.1.4" on host a, starting with the above, to how to get the MAC address, IP protocol through the calculation found that D-machine and itself is not in the same network segment, will be directly routed processing, that is, the route of the Mac, as to how to get the route of the Mac, Like the above, first in the ARP cache table look, can not find the broadcast bar. Once the data frame is routed, the host D is contacted, and if it is not found, a timeout message is returned to host a.

Analysis of the return information after the ping

1.Request timed out

This is often encountered by the message, many articles that this is the other machine to filter the ICMP packets, from the above work process, this is not completely correct, at least in the next few cases.

(1) The other side has shut down, or the network does not have this address at all: for example, in the above figure in host a ping 192.168.0.7, or Host B shutdown, in host a ping 192.168.0.5 will get timeout information.

(2) The other side is not in the same network segment, through routing can not find each other, but sometimes the other side does exist, of course, does not exist is also return timeout information.

(3) The other does exist, but ICMP packet filtering is set up (for example, firewall settings).

How to know that each other is present, still does not exist, you can use the ping command with a parameter-A to detect each other, if you can get the other's NetBIOS name, then the other side is there, there is a firewall set up, if not, most of them do not exist or shutdown, or not in the same network segment.

(4) Error setting IP address

Under normal circumstances, a host should have a network card, an IP address, or multiple network cards, multiple IP addresses (these addresses must be in a different IP subnet). However, if a computer has a dial-up networking adapter (equivalent to a soft card) in TCP/IP settings, set a network card IP address on the same subnet IP address, so that, in the IP layer protocol, this host has two different interfaces in the same network segment. This problem occurs when you ping another machine from this host:

A. The host does not know which network interface The packet is being sent to, because there are two network interfaces connected to the same network segment.

B. The host does not know which address to use as the source address of the packet. Therefore, from this host to Ping other machines, the IP layer protocol can not be processed, after the timeout, the ping will give a "timeout no answer" error message prompt. However, ping this host from other hosts, the request package from a specific network card, ICMP only need to simply convert the destination, the source address, and change some flags, ICMP answer packets can be successfully issued, other hosts will be able to successfully ping this machine.

2.Destination Host Unreachable

(1) The other side is not in the same network segment, and they have not set the default route, such as in the example in a machine does not set the default route, run Ping 192.168.0.1.4 will appear "destination host unreachable."