45 36 bytes from 172.16.2.1: Destination Host Unreachable Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 5034 0 0000 fe 01 0e46 172.16.2.13 172.16.4.1 C --- 172.16.4.1 ping statistics --- 2 packets transmitted, 0 packets received, 100 packet loss Since the router has no path to the network, it returns the ICMP DESTINATION_HOST_UNREACHABLE message. In general, you will receive a Destination Host Unreachable warning or a Destination Network Unreachable warning if the problem is detected on the machine where ping is being run. If the problem is detected on a device trying to forward a packet, you will receive only a Destination Host Unreachable warning. In the next example, an attempt is being made to cross a router that has been configured to deny traffic from the source: bsd1 ping 172.16.3.10 PING 172.16.3.10 172.16.3.10: 56 data bytes 36 bytes from 172.16.2.1: Communication prohibited by filter Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 5618 0 0000 ff 01 0859 172.16.2.13 172.16.3.10 36 bytes from 172.16.2.1: Communication prohibited by filter Vr HL TOS Len ID Flg off TTL Pro cks Src Dst 4 5 00 5400 561b 0 0000 ff 01 0856 172.16.2.13 172.16.3.10 C --- 172.16.3.10 ping statistics --- 2 packets transmitted, 0 packets received, 100 packet loss The warning Communication prohibited by filter indicates the packets are being discarded. Be aware that you may be blocked by filters without seeing this message. Consider the following example: bsd1 ping 172.16.3.10 PING 172.16.3.10 172.16.3.10: 56 data bytes C --- 172.16.3.10 ping statistics --- 6 packets transmitted, 0 packets received, 100 packet loss The same filter was used on the router, but it was applied to traffic leaving the network rather than inbound traffic. Hence, no messages were sent. Unfortunately, ping will often be unable to tell you why a packet is unanswered. While these are the most common ICMP messages you will see, ping may display a wide variety of messages. A listing of ICMP messages can be found in RFC 792. A good discussion of the more common messages can be found in Eric A. Halls Internet Core Protocols: The Definitive Guide. Most ICMP messages are fairly self-explanatory if you are familiar with TCPIP.

3.3.2.3 Options

A number of options are generally available with ping. These vary considerably from implementation to implementation. Some of the more germane options are described here. 46 Several options control the number of or the rate at which packets are sent. The -c option will allow you to specify the number of packets you want to send. For example, ping -c10 would send 10 packets and stop. This can be very useful if you are running ping from a script. The commands -f and -l are used to flood packets onto a network. The -f option says that packets should be sent as fast as the receiving host can handle them. This can be used to stress-test a link or to get some indication of the comparative performance of interfaces. In this example, the program is run for about 10 seconds on each of two different destinations: bsd1 ping -f 172.16.2.12 PING 172.16.2.12 172.16.2.12: 56 data bytes ..C --- 172.16.2.12 ping statistics --- 27585 packets transmitted, 27583 packets received, 0 packet loss round-trip minavgmaxstddev = 0.3030.3100.8350.027 ms bsd1 ping -f 172.16.2.20 PING 172.16.2.20 172.16.2.20: 56 data bytes .C --- 172.16.2.20 ping statistics --- 5228 packets transmitted, 5227 packets received, 0 packet loss round-trip minavgmaxstddev = 1.5351.7366.4630.363 ms In the first case, the destination was a 200-MHz Pentium with a PCI adapter. In the second, the destination was a 50-MHz 486 with an ISA adapter. It is not surprising that the first computer was more than five times faster. But remember, it may not be clear whether the limiting factor is the source or the receiver unless you do multiple tests. Clearly, use of this option could cripple a host. Consequently, the option requires root privileges to run and may not be included in some implementations. The -l option takes a count and sends out that many packets as fast as possible. It then falls back to normal mode. This could be used to see how the router handles a flood of packets. Use of this command is also restricted to root. The -i option allows the user to specify the amount of time in seconds to wait between sending consecutive packets. This could be a useful way to space out packets for extended runs or for use with scripts. In general, the effect of an occasional ping packet is negligible when compared to the traffic already on all but the slowest of links. Repeated packets or packet flooding can, however, add considerably to traffic and congestion. For that reason, you should be very circumspect in using any of these options and perhaps ping in general. The amount and form of the data can be controlled to a limited extent. The -n option restricts output to numeric form. This is useful if you are having DNS problems. Implementations also typically include options for more detailed output, typically -v for verbose output, and for fewer details, typically -q and -Q for quiet output. The amount and nature of the data in the frame can be controlled using the -s and -p options. The packet size option, -s, allows you to specify how much data to send. If set too small, less than 8, there wont be space in the packet for a timestamp. Setting the packet size can help in diagnosing a problem caused by path Maximum Transmission Unit MTU settings the largest frame size that can be sent on the path or fragmentation problems. Fragmentation is dividing data among multiple frames when a single packet is too large to cross a link. It is handled by the IP portion of the protocol stack. The general approach is to increase packet sizes up to the maximum allowed to see if at some point you have problems. When this option isnt used, ping defaults to 64 bytes, which may be too small a 47 packet to reveal some problems. Also remember that ping does not count the IP or ICMP header in the specified length so your packets will be 28 bytes larger than you specify. You could conceivably see MTU problems with protocols, such as PPP, that use escaped characters as well. [3] With escaped characters, a single character may be replaced by two characters. The expansion of escaped characters increases the size of the data frame and can cause problems with MTU restrictions or fragmentation. [3] Generally there are better ways to deal with problems with PPP. For more information, see Chapter 15 in Using and Managing PPP, by Andrew Sun. The -p option allows you to specify a pattern for the data included within the packet after the timestamp. You might use this if you think you have data-dependent problems. The FreeBSD manpage for ping notes that this sort of problem might show up if you lack sufficient transitions in your data, i.e., your data is all or almost all ones or all or almost all zeros. Some serial links are particularly vulnerable to this sort of problem. There are a number of other options not discussed here. These provide control over what interfaces are used, the use of multicast packets, and so forth. The flags presented here are from FreeBSD and are fairly standard. Be aware, however, that different implementations may use different flags for these options. Be sure to consult your documentation if things dont work as expected.

3.3.2.4 Using ping