Little skill --- Ping

I. Ping Introduction

Ping is a command in windows, which is also available in UNIX and Linux. Ping also belongs to a communication protocol and is part of the TCP/IP protocol. The ping command can be used to check whether the network is connected, which helps us analyze and determine network faults. Application Format: Ping Space IP address . Ping is a DOS command. It is generally used to detect network connection or failure. It is also called latency. The larger the value, the slower the speed. Ping (packet Internet groper), an Internet package explorer, used to test the number of network connections. Ping sends an ICMP (Internet Control Messages protocol), that is, the Internet message control protocol. echo requests the message to the destination and reports whether the desired icmp echo is received (ICMP echo response ). It is a command used to check whether the network is smooth or the network connection speed. As an administrator or hacker living on the network, the ping command is the first DOS command that must be mastered. It uses the following principle: the uniqueness of the IP address of the machine on the network, send a packet to the target IP address, and then ask the other party to return a packet of the same size to determine whether the two network machines are connected and the latency is. Ping refers to end-to-end connection, which is usually used as an availability check. However, some viruses force a large number of remote ping commands to seize your network resources, leading to system slowdown and network slowdown. Ping intrusion is strictly prohibited as a basic function of most firewalls. In general, if you do not need to perform server or network tests, you can select it with confidence to protect your computer.

1. The ping command is used to check whether the network is smooth or the network connection speed.

(1) As an administrator or hacker living on the network, the ping command is the first DOS command that must be mastered. The principle used is as follows: each machine on the network has a unique IP address. When we send a packet to the target IP address, the other party will return a packet of the same size. Based on the returned packet, we can determine the existence of the target host, the operating system of the target host can be preliminarily determined. Next let's take a look at some of its common operations. Let's take a look at the help. In the DOS window, type: Ping /? Press enter to display the help screen shown in.

(2) Here, we can only master some basic useful parameters.

Refer to the help instructions of the ping command to explain the skills required during use. Ping can be used only after the TCP/IP protocol is installed:

-T indicates that data packets are continuously sent to the target IP address until you press control-C to force it to stop. Imagine that if you use M broadband access and the target IP address is a 56 K kitten, it will not take long for the target IP address to be dropped because it cannot bear so much data, an attack is implemented in this simple way.

- Resolve addresses to hostnames. Resolve the computer name. Example: C :\> Ping-A 192.168.1.21pinging iceblood. yofor COM [192.168.1.21] with 32 bytes of data: reply from 192.168.1.21: bytes = 32 time <10 ms TTL = 254 reply from 192.168.1.21: bytes = 32 time <10 ms TTL = 254 reply from 192.168.1.21: bytes = 32 time <10 ms TTL = 254 reply from 192.168.1.21: bytes = 32 time <10 ms TTL = 254 Ping statistics for 192.168.1.21: Packets: Sent = 4, stored ED = 4, lost = 0 (0% loss), approximate round trip Times in Milli-seconds: Minimum = 0 ms, maximum = 0 ms, average = 0 Ms From the above we can know that the NetBIOS Name of the computer whose IP address is 192.168.1.21 is iceblood. yofor COM.

-L defines the size of the sent data packet. The default value is 32 bytes. We can use it to define a maximum of 65500 bytes. It works better with the-t parameter described above.
-N indicates the number of data packets sent to the target IP address. The default value is 3. If the network speed is slow and three times is a waste of time, because our goal is to determine whether the target IP address exists. Note: If the-t parameter and the-n parameter are used together, the ping command is based on the following parameters, such as "Ping IP-T-N 3 ", although the-t parameter is used, the Ping is not always done, but only three times. In addition, the ping command does not have to ping the IP address. You can also directly ping the host domain name to obtain the Host IP address.

(4) Example:

Ping Command example
① Example format of ping your machine: If the NIC installation configuration is correct, it should be similar to the following:

If you execute this command in MS-DOS mode and the display is: Request timed out, it indicates that the NIC installation or configuration is incorrect. Disconnect the network cable and run this command again. If the command is displayed normally, the IP address used by the local machine may be the same as the IP address of another machine in use. If it is still abnormal, it indicates that the local Nic is installed or the configuration is incorrect. You must continue to check the related network configurations.

② Example of Ping gateway/Router
Ping the IP address of the gateway/router. In this example, the IP address of the gateway/router is "10.1.1.254"

For example:

If the gateway IP address is 172.166.1, Ping 172.166.1. Run this command in MS-DOS mode if it displays information similar to the following: reply from 172.166.1 bytes = 32 time = 9 ms TTL = 255 Ping statistics for 172.166.1packets sent = 4 bytes ED = 4 lost = 0 approximate round trip times in Milli-secondsminimum = 1 ms maximum = 9 ms average = 5 ms indicates that the Gateway Router in the LAN is running normally. Otherwise, the gateway is faulty.

③ Example of a ping center Router
The IP address of the center switch in the ping center is "202.120.119.254"

④ Example of the ping center Home Page Server: Ping www.cc.shu.edu.cn
Ping the Home Page Server domain name "www.cc.shu.edu.cn"

⑤ Ping Shanghai University homepage server example
Ping the domain name www.shu.edu.cn on the home page of Shanghai University"

⑥ Ping Shanghai Jiao Tong University homepage server example
Ping the domain name "www.sjtu.edu.cn" on the home page of Shanghai Jiao Tong University"

7. Ping the China Education and Scientific Research Network Server example
Ping the domain name "www.edu.cn" of the Chinese Education and Research Network Server"

Ping failure example
Ping the IP address of the gateway/router. In this example, the IP address of the gateway/router is "10.1.1.254"

(9) ping the network address

 

(10) remote IP Address

This command can detect whether the local machine can access the Internet normally. For example, the IP address of the local telecom operator is 202.102.48.141. Run the command in MS-DOS mode: Ping 202.102.48.141 if the screen displays: reply from 202.102.48.141 bytes = 32 time = 33 Ms TTL = 252 reply from 202.102.48.141 bytes = 32 time = 21 Ms TTL = 252 reply from 202.102.48.141 bytes = 32 time = 5 ms TTL = 252 reply from 202.102.48.141 bytes = 32 time = 6 ms TTL = 252 Ping statistics for sent = 4 encrypted ED = 4 lost = 0 0% lossapproximate round trip times in Milli-secondsminimum = 5 MS Maximum = 33 ms average = 1 6 ms indicates normal operation and normal access to the Internet. Otherwise, the host file (Windows/host) is faulty.

Special cases:

1. The other server (IP address) is indeed disconnected from the Internet; 2. the other server rejects Ping; 3. The other server rejects Ping; 4. The other server is disconnected from the Internet.

(5) Analysis of the Information returned after Ping
1. request timed out
This is a message that people often encounter. Many articles say that this is because the machine on the other side has set ICMP packet filtering. From the previous work process, this is not completely correct, there are at least several cases.
(1) the peer has been shut down, or there is no such address on the Network: for example, Ping 192.168.0.7 in host a, or host B is shut down, ping 192.168.0.5 in host a to obtain timeout information.
(2) if the other party is not in the same network segment as the other party, the other party cannot be found through the route. However, sometimes the other party does exist. Of course, the timeout information is returned if the other party does not exist.
(3) the peer does exist, but ICMP packet filtering (such as firewall setting) is configured ).
How do you know whether the other party exists or does not exist? You can use the ping command with the parameter-a to detect the other party. If the other party's NetBIOS name can be obtained, it indicates that the other party exists, there is a firewall setting. If not, most of them do not exist or shut down, or are not in the same network segment.
(4) Incorrect IP Address Setting
under normal circumstances, a host should have one Nic, one IP address, or multiple NICs, multiple IP addresses (these addresses must be in different IP address subnets ). However, if a computer's "dial-up network adapter" (equivalent to a soft Nic) TCP/IP Settings, set an IP address in the same subnet as the nic ip address, in this way, in the IP layer protocol, this host has two different interfaces in the same network segment. When you ping other machines from this host, the following problem occurs:
. the host does not know which network interface to send data packets to, because two network interfaces are connected to the same network segment.
B. The host does not know which address is used as the source address of the data packet. Therefore, if you ping other machines from this host, the IP layer protocol will not be able to process it. After the timeout, Ping will give an error message indicating "no response timeout. However, when you ping the host from another host, the request packet is sent from a specific network adapter. ICMP only needs to swap the destination and source addresses and change some signs, the ICMP response packet can be sent smoothly, and other hosts can successfully ping this machine.

2. destination host unreachable
(1) the other party and himself are not in the same CIDR block, but they have not set the default route. For example, in the previous example, machine A does not set the default route, run Ping 192.168.0.1.4 and "destination host unreachable" will appear ".
(2) network cable failure
The difference between "destination host unreachable" and "time out" is described here. If the route table of the router that passes through has a route to the target, and the target cannot be reached for other reasons, at this time, "Time Out" will appear. If no route is connected to the target in the route table, "destination host unreachable" will appear ".

3. Bad IP Address
This information indicates that you may not be connected to the DNS server, so you cannot resolve this IP address, or the IP address may not exist.

4. Source Quench received
This information is special and has very low probability of appearance. It indicates that the other party or the server in the middle is busy and cannot respond.

5. Unknown host -- unknown host
This error message means that the remote host name cannot be converted to an IP address by the Domain Name Server (DNS. The cause of the failure may be that the Domain Name Server is faulty, its name is incorrect, or the communication line between the system of the network administrator and the remote host is faulty.

6. No answer -- no response
This fault indicates that the local system has a route to the central host, but it cannot receive any information sent to the central host. The fault may be caused by one of the following reasons: the central host is not working; the network configuration of the local or central host is incorrect; the local or central router is not working; and the communication line is faulty; A routing problem exists in the central host.

7. Ping 127.0.0.1: 127.0.0.1 is the local loop address.
If the address cannot be pinged, the TCP/IP protocol on the local machine cannot work normally.

8. No rout to host: The NIC is abnormal.

9. Transmit failed, error code: 10043 NIC Driver abnormal

Fault check

In fact, no matter what type of fault diagnosis tool is, it seems powerless in the face of some special network faults. At this time, what we can do is to rely on ourselves to use Ping Command First, manually troubleshoot the cause. First, ping the circular address 127.0.0.1 of the local workstation. When you encounter some special network faults that cannot directly find the cause of the fault, we first need to use the ping command to test whether the circular address 127.0.0.1 of the local workstation can be pinged normally, if the address cannot be pinged properly, it indicates that the local workstation's TCP/IP protocol The program is damaged, or Nic The device is damaged. In this case, open the Device Manager window of the local workstation system, find the NIC device option, right-click the option, and run the "properties" command from the shortcut menu, open the properties setting window of the NIC device. On the "General" tab page of the window, we can see whether the current Nic is working properly. If you find that the NIC is working normally, it is likely that the local workstation TCP/IP protocol The program is damaged. In this case, open the local connection Property setting window, select and delete the TCP/IP protocol option in the setting window, and then reinstall the TCP/IP protocol program, we believe that the loop address 127.0.0.1 of the local workstation can be pinged normally. Ping the IP address of the local workstation. When we confirm that the 127.0.0.1 address can be pinged, we continue to use the ping command to test whether the static IP address of the local workstation can be pinged normally, if the address cannot be pinged properly, it indicates that the local workstation's Nic Parameters Not set correctly, or NIC Driver The program is incorrect, or it may be local. Route table Damaged. At this point, we can re-check whether the network parameters of the local workstation are correctly set. If the network parameters are correctly set, the local IP address cannot be pinged, we 'd better re-install the original driver of the NIC device, so we can correctly ping the static IP address of the local workstation. Once the static IP address of the local workstation is successfully pinged, it indicates that the local workstation can be added to the LAN. Ping the default gateway address of the local area network. Because the local workstation communicates with other workstation in the LAN through the gateway, the local workstation can communicate with other workstation normally only when the connection between the local workstation and the default gateway is normal. If the gateway address can be pinged properly, it indicates that the local workstation can communicate with other workstation in the LAN. If the ping command fails, the gateway device may be faulty, or the connection between the local workstation and the gateway is abnormal, it is also possible that the local workstation and the gateway are not configured in the same subnet. In this case, we can first use a professional cable testing tool to test the connectivity of Network cables, check whether the network parameters of the local workstation are set to the same subnet as those of the gateway. If the network parameters are correctly set, ping the gateway address from another workstation to check whether the gateway exists. If other workstation in the LAN cannot ping the gateway, most of the problems exist in the gateway device itself. At this time, we only need to lock the troubleshooting focus on the gateway device. Ping the IP address of any remote workstation in the LAN to check whether the local workstation can communicate with other workstation in the LAN through the gateway device. If we find that the IP address of the Remote Workstation cannot be pinged, it is likely that the remote workstation itself cannot respond, or the connection between the remote workstation and the gateway device is faulty, in this case, we can focus on the remote workstation or the network device of the LAN. Finally, ping the Host Name of the remote workstation on the LAN. When we confirm that the remote workstation IP address can be pinged and the remote workstation content cannot be accessed, we need to perform this test. If the host name cannot be successfully pinged, it is likely that there is a DNS resolution problem, rather than a network connection failure. At this time, we may wish to lock the fault check on the DNS server. TIPS: In order to effectively find out the cause of network failure, we try to ensure that only one gateway is configured in the LAN and the host to be pinged remains in normal use when using the ping command for testing, at the same time, make sure that the IP Security setting policy is not enabled for the local workstation, so that the ping command can obtain the correct test results.

Command skills

(1) ". 0" can be omitted with conditions We often use the "Ping 127.0.0.1" command to perform loop tests on the local machine to verify whether the local TCP/IP protocol cluster is correctly installed. But have you found out? The command "Ping 127.1" can also get the same test result (). In fact, the two commands "Ping 127.1" and "Ping 127.0.0.1" are the same and are all conducting loop tests. Why? This is how to use IP addresses in the ping command application. As we all know, IP addresses are composed of 32-bit binary numbers. To help you remember, convert every 8-bit binary number into a decimal number, therefore, an IP address (such as 127.0.0.1) consisting of four decimal digits is easily remembered ). Because Windows has the function of automatically filling in ". 0", I can change "127.0.0.1" to "127.1 ". However, the omission of ". 0" is conditional and cannot be omitted at will. In the ping command application, Only one or more ". "0" is omitted. For example, rewrite the "Ping 127.0.0.1" command to "Ping 127.1 ". If one or more ". 0 "is not followed by the last part of the decimal number, but is in another position, then this". "0" cannot be omitted. For example, "Ping 202.0.96.1" cannot be written as "Ping 202.96.1 ". This is because "Ping 202.96.1" returns "202.96.0.1" instead of "202.0.96.1. (2) digit string instead of IP Address In the ping command, you can also use a number string to replace the IP address. Do you believe this? Run the "Ping 3658906394" command and you will see the returned information of the IP address "218.22.123.26. Why? In fact, "3658906394" is another representation of the IP address "218.22.123.26. Of course, you can ping other IP addresses in the same way. How is a string converted? In fact, it is not complicated. Take the IP address "218.22.123.26" as an example. The method for converting an IP address to a number string is as follows: Convert "218.22.123.26" to "da.16.7b" in hexadecimal format. 1A ", then remove the decimal point, change to" da167b1a ", and finally convert the hexadecimal number to" 3658906394 ", then" 218.22.123.26 "is changed to" 3658906394. The same method is used to convert other IP addresses to strings. Tip: In some LAN environments, the "Ping + digit string" command may fail and the message "unknown host digit string" appears ", this is because the numeric string is resolved to the host name rather than the IP address. Therefore, after mastering the above skills, the network management system can skillfully use the "omitted" method during network testing or maintenance to reduce the character input of ping commands and improve work efficiency. At the same time, using a digital string instead of an IP address can also confuse common users with strong curiosity, so as not to set them randomly. Others:

返回到上一级目录  cd ..
返回到根目录 cd \
返回到指定的盘 cd f:\  cd c:\(如果是 cd f: 则显示为 f:\110)
进入文件夹 cd name (文件夹名字，不区分大小写)

Little skill --- Ping