(reference) TCP/IP detailed, Volume 1: protocol
The name "ping" is derived from the sonar positioning operation. The goal is to test whether another host can be reached. The program sends an ICMP echo request message to the host and waits to return an ICMP echo reply.
In general, you cannot telnet or FTP to a host computer if you cannot ping it. Conversely, if you can't telnet to a host, you can usually use a ping program to determine where the problem is. The ping program can also measure the round-trip time of this host to indicate how far the host is from us.
Ping program
We call the ping that sends the Echo request to the customer, and the ping host is called the server. Most TCP/IP implementations support ping servers directly in the kernel.
The ICMP echo request and echo Response messages sent by the PING program are as follows:
When implementing a Ping program, UNIX sets the Identity field in ICMP to the ID number of the sending process. This allows the PING program to recognize the corresponding round-trip information even if multiple pings are running simultaneously on the same host computer.
The serial number starts at 0 and adds 1 for each new echo request sent. The ping program prints out the serial number of each packet that is returned, allowing us to see if there are groups missing, out of sequence, or duplicated. IP is a best-effort datagram transport service, so these three conditions can occur.
Running the ping program on the LAN generally outputs the following format:
Bytes from 192.168.8.1:icmp_req=1 ttl=64 time=1.04 ms64 bytes from 192.168.8.1:icmp_req=2 ttl=64 time=1.05 ms64 bytes From 192.168.8.1:icmp_req=3 ttl=64 time=1.06 ms64 bytes from 192.168.8.1:icmp_req=4 ttl=64 time=1.41 ms64 bytes from 19 2.168.8.1:icmp_req=5 ttl=64 time=1.41 ms64 bytes from 192.168.8.1:icmp_req=6 ttl=64 time=1.20 ms64 bytes from 192.168.8. 1:icmp_req=7 ttl=64 time=1.42 ms64 bytes from 192.168.8.1:icmp_req=8 ttl=64 time=0.649 ms
When an ICMP echo reply is returned, the serial number and TTL are printed out, and the round trip time is calculated. The ping program calculates the round-trip time by storing the time value of the sending request in the ICMP message. When the answer returns, the current time is subtracted from the time value stored in the ICMP message, and the round trip time.
IP Record Routing options
The ping program gives us the opportunity to view the IP record routing (RR) option. Most different versions of the PING program provide the-r option to provide the ability to record routes. It enables the PING program to set the IP RR option in the outgoing IP datagram (which contains the ICMP echo request message). In this way, each route that handles the datagram puts his IP address into the option field. When the data is reported to the destination, the IP address list should be copied to the ICMP echo response. The router address that is passed on the way back is also added to the list, and when the ping program receives the echo response, he prints out the list of IP addresses. 
This process sounds simple, but there are some flaws. The source-side host generates the RR option, the intermediate router handles the RR option, and the RR manifest in the ICMP echo request is copied to the ICMP answer, all of which are option features. Fortunately, most routers now support these option features, and only some systems do not replicate IP manifests in ICMP requests to ICMP replies.
However, the biggest problem is that there is only a limited amount of space in the IP header to hold the IP address. In the in, we can see that the IP header length field is only 4bit, so the entire IP header can only contain 15 32bit long words (and 60 bytes). Since the IP header has a fixed length of 20 bytes, the RR Star uses 3 bytes, which leaves only 37 bytes to hold the IP address list (60-20-3), which means that only 9 IP addresses are stored.
The RR options in the IP datagram format are as follows:
Traceroute principle Code is a byte that indicates the type of IP option. For the RR option, his value of 7.len is the total byte length of the RR option, in this case 39. (Although you can set a length that is smaller than the maximum length for the RR option, the PING program always provides a 39-byte option field that can record up to 9 IP addresses, As the IP header is left with limited space for options, he is generally set to the maximum length)
PTR is called a pointer field. He is a pointer based on 1, he points to the location of the next IP address, his minimum value is 4, point to the location of the first IP address, with each IP address into the list, PRT values are 8, 12 Max to 36. When 9 IP addresses are recorded, the value of PTR is 40, indicating that the manifest is full.
Traceroute Program
The Traceroute program allows us to see the routes that the IP datagram passes from the Ethernet host to the other host.
Traceroute operation of the program
Now that you have an IP record Routing option (RR), why not use this routing option and develop a new application? There are three main reasons, first, not all routers previously supported logging routing options, so this option is not available on some paths.
Second, record routing is generally an option for a single item. The sender set this option, then the receiving side has to extract all the information from the received IP header, and then return it all to the sending side. Most ping server implementations return the received RR list, but this makes the recorded IP address double.
The last reason is also the main reason, the IP header left the option space is limited, cannot hold the most current path.
Traceroute Program principle
The Traceroute program uses the ICMP message and the TTL field in the IP header (the life cycle).
Each router that processes datagrams subtracts 1 of the TTL value or subtracts the number of seconds the datagram stays in the router. Since most routers forward datagrams have a delay of less than 1 seconds, the TTL eventually becomes a hop-off counter, with each router passing its value minus 1.
The purpose of the TTL field is to prevent datagrams from endlessly flowing through the network while routing. For example, when a router crashes or a connection between two routers is lost, the routing protocol sometimes goes back to checking the lost router and continues. The TTL field is the addition of a survival limit to these warm-up datagrams.
When the router receives a copy of the IP datagram, if the TTL field is 0 or 1, the router does not forward the datagram (the destination host that receives the datagram can hand it over to the application because it does not need to forward the datagram.) However, under normal circumstances, the system should not receive datagrams with a TTL field of 0. Typically, the router discards the datagram and sends an ICMP timeout message to the source host. The key to the Tracerouter program is that the ICMP timeout information contains the address of the router.
Tracerouter then sends an IP datagram with a TTL field of 1 to the destination host. The first router handling this datagram subtracts the TTL value by 1, discards the datagram, and sends back a time-out ICMP message. This gives the IP address of the first router in the path. The tracerouter then sends a datagram with a TTL of 2, which gives the IP address of the second router. So, continue this process until the destination host is reached. Even if the destination host receives a datagram with a TTL value of 1, it will not discard the datagram and produce an ICMP message because it has reached its final destination. At this time, the Tracerouter program sends a UDP datagram to the destination host, but chooses an impossible value as the destination port number (greater than 30000), making it impossible for any program of the destination host to use the port. Because, when the datagram arrives, it will cause the destination host's UDP module to produce a "Port unreachable" error ICMP message, so the Tracerouter program to do is to distinguish whether the ICMP packet is timed out or the port is unreachable, to determine when the end.
Principles of Ping Program and Traceroute Program (v)