Windows under ping command knowledge Daquan

Source: Internet
Author: User
Tags echo message requires

ping [-t] [-a] [-N Count] [-l length] [-f] [-i TTL] [-v TOS] [-R Count] [-s count] [-j computer-list]│[-k computer-list] [-w timeout] Destination-list

Options:

-T Ping the specified host until stopped. To see statistics and continue-type control-break; To Stop-type Control-c.

Keep pinging the local host until you press CONTROL-C.

There is no special technique for this feature, but it can be used in conjunction with other parameters, which are mentioned below.

-a Resolve addresses to hostnames.

Resolves the computer NetBIOS name.

Example: C:>ping-a 192.168.1.21

Pinging iceblood.yofor.com [192.168.1.21] with + bytes of data:

Reply from 192.168.1.21:bytes=32 time<10ms ttl=254

Reply from 192.168.1.21:bytes=32 time<10ms ttl=254

Reply from 192.168.1.21:bytes=32 time<10ms ttl=254

Reply from 192.168.1.21:bytes=32 time<10ms ttl=254

Ping statistics for 192.168.1.21:

Packets:sent = 4, Received = 4, Lost = 0 (0% loss), approximate round trip times in Milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

From the above you can know that the computer with IP 192.168.1.21 NetBIOS name is iceblood.yofor.com.

-N count number of ECHO requests to send.

Sends the number of ECHO packets specified by count.

By default, usually only send four packets, through this command can define the number of sent, it is very helpful to measure the network speed, such as I want to test the average time to send 50 packets return, the fastest time is how much, the slowest time can be learned through the following:

C:>ping-n 50 202.103.96.68

Pinging 202.103.96.68 with + bytes of data:

Reply from 202.103.96.68:bytes=32 time=50ms ttl=241

Reply from 202.103.96.68:bytes=32 time=50ms ttl=241

Reply from 202.103.96.68:bytes=32 time=50ms ttl=241

Request timed out.

..................

Reply from 202.103.96.68:bytes=32 time=50ms ttl=241

Reply from 202.103.96.68:bytes=32 time=50ms ttl=241

Ping statistics for 202.103.96.68:

Packets:sent = Received = Lost = 2 (4% loss), approximate round trip times in Milli-seconds:

Minimum = 40ms, Maximum = 51ms, Average = 46ms

From the above I can know that in the process of sending 50 packets to 202.103.96.68, 48 were returned, two of which were lost due to unknown reasons, the fastest return in 48 packets is 40ms, the slowest is 51ms, the average speed is 46ms.

-L size Send buffer size.

Defines the ECHO packet size.

In the default case of Windows ping Send packet size of 32BYT, we can also define its size, but there is a size limit, that is, the maximum can only send 65500byt, perhaps someone will ask why to limit to 65500byt, Because the Windows family system has a security vulnerability (and perhaps other systems), it is likely that the other party will be able to block the packet when it sends a packet greater than or equal to 65532 at a time, so Microsoft has limited the PING packet size in order to address this security vulnerability. Although Microsoft has made this limitation, this parameter is still very powerful with other parameters, for example, we can implement an offensive command by cooperating with the-T parameter: (The following is dangerous, only for testing, do not put on other people's machine easily, otherwise the consequences are self-contained)

C:>ping-l 65500-t 192.168.1.21

Pinging 192.168.1.21 with 65500 bytes of data:

Reply from 192.168.1.21:bytes=65500 time<10ms ttl=254

Reply from 192.168.1.21:bytes=65500 time<10ms ttl=254

..................

So it will continue to send to the 192.168.1.21 computer size of 65500BYT packets, if you have only one computer may not have any effect, but if there are many computers so can make the other side completely paralyzed, I have done this experiment, when I use more than 10 computers ping a Win200 0Pro system computer, less than 5 minutes each other's network has been completely paralyzed, the network is seriously blocked, HTTP and FTP services completely stopped, this shows the power is very serious.

-F Set Don ' t Fragment flag in packet.

Send the "Do not Fragment" flag in the packet.

In general, the packets you send will be sent to each other by route segment, and the route will not be processed again after this parameter is added.

-I TTL time to Live.

Specifies the time that the TTL value stays in the other's system.

This parameter also helps you to check the operation of the network.

-V TOS Type of Service.

Set the service Type field to the value specified by the TOS.

-R Count Record route for Count hops.

Records the routing of outgoing and returned packets in the Record routing field.

In general, you send packets through a route to reach each other, but in the end is what route? You can set the number of routes you want to probe through this parameter, but limit to 9, that is, you can only track to 9 routes, if you want to detect more, can be implemented by other commands, I will explain it to you in a future article. Here's an example:

C:>ping-n 1-r 9 202.96.105.101 (send a packet, record up to 9 routes)

Pinging 202.96.105.101 with + bytes of data:

Reply from 202.96.105.101:bytes=32 time=10ms ttl=249

route:202.107.208.187

202.107.210.214

61.153.112.70

61.153.112.89

202.96.105.149

202.96.105.97

202.96.105.101

202.96.105.150

61.153.112.90

Ping statistics for 202.96.105.101:

Packets:sent = 1, Received = 1, Lost = 0 (0% loss),

Approximate round trip times in Milli-seconds:

Minimum = 10ms, Maximum = 10ms, Average = 10ms

From the above I can know from my computer to 202.96.105.101 altogether through the 202.107.208.187, 202.107.210.214, 61.153.112.70, 61.153.112.89, 202.96.105.149, 202.96.105.97 these several routes.

-S count Timestamp for Count hops.

Specifies the timestamp of the metric specified by count.

This parameter is the same as-R, except that this parameter does not log the route that the packet returns, and only 4 records are logged.

-j host-list Loose Source route along Host-list.

Routes packets using the list of computers specified by Computer-list. The maximum number of consecutive computers that can be separated by an intermediary gateway (Route sparse source) IP is 9.

-K host-list Strict source route along Host-list.

Routes packets using the list of computers specified by Computer-list. Continuous computers cannot be separated by an intermediary gateway (strict routing source) the maximum number of IPs allowed is 9.

-W timeout timeout in milliseconds-to-wait for each reply.

Specifies the time-out interval, in milliseconds.

There are no other tricks for this parameter.

Other tips for pinging: In general, you can ping each other to let the other side return to your TTL value size, roughly determine the target host system type is the Windows series or Unix/linux series, In general, the Windows family system returns a TTL value between 100-130, and the Unix/linux series system returns a TTL value between 240-255, of course, the value of the TTL in the other side of the host can be modified, Windows family systems can be implemented by modifying the registry with the following key values:

[Hkey_local_machinesystemcurrentcontrolsetservicestcpipparameters]

"DefaultTTL" =dword:000000ff

255---FF

---80

----40

20----

There are more basic, everyone will:

A little more detailed.

-A converts the target machine identity to an IP address

-T if the user does not interrupt will continue to ping

-C count requires the ping command to send packets continuously until count requests are issued and received

-D open debug state for socket used

-F is a quick way to ping. The speed of the ping output packet and the packet return from the remote host as fast, or faster, up to 100 times per second. In this way, each request is represented by a period. For each response, print a space bar.

-I seconds a certain number of seconds between packets sent two times. cannot be used with-F.

-N uses only digital methods. In general, the ping attempts to convert the IP address into a hostname. This option requires the ping to print the IP address without looking for the name represented by the symbol. This option is important if you are unable to use the local DNS server for some reason.

-P pattern Advocates can use this option to identify the pad bytes and add these bytes to the packet. This option is useful when diagnosing data-related errors in the network.

-Q causes Ping to print some profile information only at the beginning and end.

-R adds the ICMP record-route option to the Echo_request packet, requiring that the route be recorded in the packet so that the ping can print the routing information when the data is returned. Only 9 routing nodes can be logged per packet. Many hosts ignore or discard this option.

-R enables the ping command to bypass the normal routing table used to send packets.

-S packetsize enables the user to identify the number of bytes to send data. The default is 56 characters, plus 8 bytes of ICMP data header, with a total of 64 ICMP data bytes.

-V causes the ping to be in verbose mode. It wants to ping the command to print all the other returned ICMP packets in addition to the echo-response packets.

Verify the connection to the remote computer or to the local computer. You can use this command only after you install the TCP/IP protocol.

ping [-t] [-a] [-N Count] [-l length] [-f] [-i TTL] [-v TOS] [-R Count] [-s count] [-j computer-list]│[-k computer-list] [-w timeout] Destination-list

Parameters

-T

Verifies the connection to the specified computer until the user interrupts.

-A

Resolves the address to a computer name.

-N Count

Sends a specified number of ECHO messages by count, with a default value of 4.

-L Length

Sends an ECHO message containing the length of the data specified by length. The default value is 64 bytes and the maximum value is 8192 bytes.

-F

Send the "Do not Fragment" flag in the package. The package will not be fragmented by the gateway on the route.

-I. TTL

Set the time to live field to the value specified by the TTL.

-V TOS

Set the service Type field to the value specified by the TOS.

-R Count

Records the routing of the sending and returning messages in the "Record Routing" field. The specified Count value can be a minimum of 1 and a maximum of 9.

-S Count

Specifies the time stamp specified by count for the number of forwards.

-j computer-list

A routed message that passes through the list of computers specified by Computer-list. An intermediary gateway may separate contiguous computers (loose source routing). The maximum number of IP addresses allowed is 9.

-K Computer-list

A routed message that passes through the list of computers specified by Computer-list. An intermediary gateway may separate contiguous computers (strict source routing). The maximum number of IP addresses allowed is 9.

-W Timeout

Specifies the time-out interval in milliseconds.

Destination-list

Specifies the remote computer to validate the connection to.

For more information about pings

ping--Note

The Ping command verifies the connection to the remote computer or to the local computer by sending an ICMP response message to the computer and listening for the return of the response message. For each sending message, the Ping waits up to 1 seconds and prints the number of messages sent and received. Compare each receiving message and the sending paper to verify its validity. By default, four response messages are sent, each containing 64 bytes of data (a periodic capital letter sequence).

You can use the Ping utility to test the computer name and IP address. If the IP address can be successfully verified but the computer name cannot be verified successfully, there is a problem with name resolution. In this case, ensure that the local HOSTS file or the DNS

The computer name to query exists in the database.

The following shows an example of a Ping output: (Windows user available: Start-and-run, enter "command" to bring up command window using this command)

C:>ping ds.internic.net

Pinging ds.internic.net [192.20.239.132] with + bytes of data:

Reply from 192.20.239.132:bytes=32 time=101ms ttl=243

Reply from 192.20.239.132:bytes=32 time=100ms ttl=243

Reply from 192.20.239.132:bytes=32 time=120ms ttl=243

Reply from 192.20.239.132:bytes=32 time=120ms ttl=243

This is all the comparison!

The meaning of the TTL parameter in the Ping result

Simply put, the TTL is time to live, meaning the life cycle.

First of all to explain that the ping command is using the Network layer protocol ICMP, so TTL refers to a network layer of network packets (package) life cycle, this sentence does not understand the first to go back to review the OSI7 layer protocol.

The first question is why there is the concept of a life cycle.

Obviously, a package takes a long path from one machine to another, obviously this path is not single, it is complex, and there is a possibility of loops. If a packet enters a loop during transmission, it will continue to loop if it is not terminated, which is a disaster for the network if many packets are in such a loop. Therefore, it is necessary to set such a value in the package, the packet at each pass through a node, this value minus 1, and so on, and so on, can eventually result in 2 results: The package when the value is still positive to reach the destination, or after a certain number of nodes, this value is reduced to 0. The former represents a normal transmission, the latter means that the package may have chosen a very long path or even into the loop, which is obviously not what we expected, so at this value of 0, the network device will not pass this package, but directly discard him, and send a notification to the package source address, said the package is dead.

In fact, the TTL value of this thing itself and does not represent what, for the user, the concern should be whether the package reached the destination rather than after a few nodes arrived. But the TTL value can still get interesting information.

Each operating system has a different TTL value, which can be modified even by modifying the network parameters of some systems, such as the default of Win2000 128, which can be modified through the registry. And Linux is mostly defined as 64. In general, however, very few people will change the value of their machines, which gives us the opportunity to use Ping's echo ttl to roughly determine what the operating system of a machine is.

Take our company 2 machines for example

Look at the following command

D:/documents and Settings/hx>ping 61.152.93.131

Pinging 61.152.93.131 with + bytes of data:

Reply from 61.152.93.131:bytes=32 time=21ms ttl=118

Reply from 61.152.93.131:bytes=32 time=19ms ttl=118

Reply from 61.152.93.131:bytes=32 time=18ms ttl=118

Reply from 61.152.93.131:bytes=32 time=22ms ttl=118

Ping statistics for 61.152.93.131:

Packets:sent = 4, Received = 4, Lost = 0 (0% loss

Approximate round trip times in Milli-seconds:

Minimum = 18ms, Maximum = 22ms, Average = 20ms

D:/documents and Settings/hx>ping 61.152.104.40

Pinging 61.152.104.40 with + bytes of data:

Reply from 61.152.104.40:bytes=32 time=28ms ttl=54

Reply from 61.152.104.40:bytes=32 time=18ms ttl=54

Reply from 61.152.104.40:bytes=32 time=18ms ttl=54

Reply from 61.152.104.40:bytes=32 time=13ms ttl=54

Ping statistics for 61.152.104.40:

Packets:sent = 4, Received = 4, Lost = 0 (0% loss

Approximate round trip times in Milli-seconds:

Minimum = 13ms, Maximum = 28ms, Average = 19ms

The first TTL is 118, it is basically possible to judge that this is a Windows machine, from my machine to this machine through 10 nodes, because 128-118=10. And the second one should be Linux, for the same reason 64-54=10.

Knowing something above, someone might have some questions, such as the following:

1, not that the package may go a lot of paths, why I see the 4 package TTL is the same, no different?

This is because the path passed by the packet is determined by some optimal selection algorithm, after a period of stable network topology, the packet routing path will be relatively stable in a shortest path. Specifically how to calculate the routing algorithm to study, not in the discussion.

2, for the above example the second machine, why do not think it is after 74 nodes of the Windows machine? Because of the 128-74=54.

For this problem, we are going to introduce another good ICMP protocol tool. But the first thing to declare is that a packet through 74 nodes this is a bit scary, such a path is still not good.

The tool to be introduced is tracert (*nix under Traceroute), let's take a look at the result of this command on the second machine above

D:/documents and Settings/hx>tracert 61.152.104.40

Tracing route to 61.152.104.40 over a maximum of hops

MS-MS-MS 10.120.32.1

Geneva MS-MS 219.233.244.105

219.233.238.173 Ms Ten MS

Ms. Ms 219.233.238.13

MS-MS 202.96.222.73

MS-MS-MS 202.96.222.121

(ms) Ms 61.152.81.86

MS-MS 61.152.87.162

Ms 61.152.99.26

Ms Ms 61.152.99.94

MS-MS-61.152.104.40

Trace complete.

From the result of this command can see the route from my machine to the server, it is really 11 nodes (said 10 as if I have made a mistake to forget to count 0, should be 64-54+1, hey), instead of 128 TTL through more than 70 nodes.

Now that you've talked about it, you might as well say something advanced about the two ICMP commands.

The first is the ping command, in fact Ping has a parameter that ignores the operating system default TTL value and uses its own defined value to send the ICMP request packet.

For example, use that Linux machine for the following command:

D:/documents and settings/hx>ping 61.152.104.40-i 11

Pinging 61.152.104.40 with + bytes of data:

Reply from 61.152.104.40:bytes=32 time=10ms ttl=54

Reply from 61.152.104.40:bytes=32 time=13ms ttl=54

Reply from 61.152.104.40:bytes=32 time=10ms ttl=54

Reply from 61.152.104.40:bytes=32 time=13ms ttl=54

Ping statistics for 61.152.104.40:

Packets:sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in Milli-seconds:

Minimum = 10ms, Maximum = 13ms, Average = 11ms

D:/documents and Settings/hx>

This command we define the package's TTL is 11, and we know that I go to this server is going through 11 nodes, so this output is not different from the previous one. Now try this again:

D:/documents and Settings/hx>ping 61.152.104.40-i 10

Pinging 61.152.104.40 with + bytes of data:

Reply from 61.152.99.94:ttl expired in transit.

Reply from 61.152.99.94:ttl expired in transit.

Reply from 61.152.99.94:ttl expired in transit.

Reply from 61.152.99.94:ttl expired in transit.

Ping statistics for 61.152.104.40:

Packets:sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in Milli-seconds:

Minimum = 0ms, Maximum = 0ms, Average = 0ms

D:/documents and Settings/hx>

As you can see, the results are different, I defined the TTL as 10来, and the result is TTL expired in transit. That means the lifetime of the package is over before it arrives at the server. Pay attention to this sentence before the IP, this IP is exactly the last 1 IP that we tracert before the result to the server, the TTL of the package is reduced here to 0, according to our previous discussion, when the TTL is reduced to 0 o'clock the device discards the packet and sends a TTL expired ICMP feedback to the source address, The result here is the best proof.

Through here again proves that from my machine to the server is through 11 nodes instead of more than 70, hehe.

Finally, to consolidate the knowledge, some people may think that tracer This command is magical, you can find a package through the routing path. In fact, the principle of this command is in our discussion above.

Imagine if I sent a packet with a TTL of 1 to the destination server, what would the result be?

According to the previous discussion, the TTL will be reduced to 0 at the first node at the port of arrival, when the node responds to the TTL failure feedback, which contains the IP address of the device itself, so that we get the address of the first node of the routing path.

As a result, we continue to send ttl=2 packets and receive a TTL failure response from the second node.

And so on, one of our discoveries, when the result of the final return is not the TTL invalidation but the ICMP response, our tracert is over, that's it.

By the way, a ping command also has a-n parameter specifying the number of packets to be contracted, specifying this number will be the same as your request to the contract instead of the default 4 packages. If you use the-t parameter, the command will continue to contract until you forcibly abort it.

The return information for ping is "Request Timed out", "Destination Net unreachable" and "bad IP address" and "Source Quench received".

The message "Request Timed out" indicates that the other host can reach time out, which is usually caused by a packet loss that the other party refuses to receive packets that you send to it. Most of the reason may be that the other side is equipped with a firewall or offline.

The "Destination Net unreachable" message indicates that the other host does not exist or has not established a connection with the other. Here to explain the difference between "destination host unreachable" and "Time Out", if the routing table of the routed router has a route to the destination, and the destination is unreachable for other reasons, "Time Out" appears, If there are no routes in the routing table that reach the destination, then "destination host unreachable" appears.

The "Bad IP address" message indicates that you may not be connected to a DNS server so it cannot be resolved, or the IP address may not exist.

"Source Quench received" information is very special, it appears very little chance. It indicates that the other or Midway server is busy and unable to respond.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.