The Ping Command is the most commonly used command by network administrators. It is used to diagnose network connection faults, mainly the connection status between the terminal and the router, and between the router and the DNS server. Of course, it is also a common network command for intruders. The purpose is to send a specific form of ICMP packet (Simple Network Management Protocol) to request the host's response, and then obtain some host attributes, it can test whether the target host is active, query the host name of the target host, use ARP commands to query the MAC address of the target host, or even infer the target host operating system, or conduct DDoS attacks.
I. Ping Command Format:
ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS] [-r count] [-s count] [[-j host-list] | [-k host-list]] [-w timeout] target_name
Its main parameters are described as follows:
-T: Continue to ping. You can use Ctrl + C to terminate the operation;
-A: When Ping is performed, the IP address is converted to the host name.
For example, Ping-A 127.0.0.1.
-N: count indicates the number of ECHO packets. The default value is 4.
-F: the "Do Not segment" flag is sent to the data packet. Packets are not segmented by the gateway on the route.
-I TTL: Set the ICMP packet survival time (that is, the ICMP packet can be uploaded to the monitoring nodes)
In general, the normal return value of the ping command is as follows. The meaning of the data is: 32 bytes of data are sent each time, the return time is xxms, And the TTL value is 55; 4 packets are sent, 4 packets are received, and the loss is 0.
TTL: (time to live) the TTL returned by Ping varies with operating systems. The UNIX return value is 255, Win95 is 32, winnt/2000/XP/2003 is 128, and Compaq Tru64 5.0 is 64. For example, Ping cnblogs.com
Why is the return value 118? TTL indicates how long the ping packet can exist on the network. When the host is pinged, the local machine sends a data packet, which is sent to the target host through a certain number of routers. After the data packet is sent to a vro, the TTL is automatically reduced by 1, if it is reduced to 0 or not transmitted to the target host, it will be automatically lost, that is, the "request time out" situation will occur. As you can see, cnblogs uses the win2003 operating system, and the servers from my local computer to cnblogs go through 128-118 = 10 routers. In the same case, Ping Baidu.com and my machine returns 55. Therefore, we can conclude that Baidu uses a Linux host.
Ii. Ping Command Application
1. diagnose network connectivity
A. Use ipconfig/all to check whether the local network is set properly. Of course, a large amount of information about the local machine is returned, such as the computer name, MAC address, subnet mask, gateway, and DNS server:
B. Ping 127.0.0.1 to check whether the local TCP/IP protocol is normal, but it only checks whether the protocol is normal, even if the NIC is disabled or the network is not inserted, the system returns normal.
For more information about the reason why TTL is Linux 64, I think it should have been modified by ghostversion XP, see.
C. Ping the local IP address and check whether the local IP address is normal.
D. Ping the router or other hosts in the same network segment.
Result Description: the connection to 192.168.1.1 is normal, and 192.168.1.159 cannot be connected.
E. The pingdns server can also be an Internet address. In this way, check whether the local server is connected to the Internet.
2. Obtain the IP address corresponding to the domain name: directly ping the domain name.