The PING command uses the services of the Internet Control Message
Protocol (ICMP), the latter being encapsulated in the IP header. Therefore, the
ping utility operates basically on layer 3 (the Network layer) of the OSI
model. It does not use the services of the Transport layer, and the reason for
that is that traffic reliability issues are not the case here. Ping performs a
simple host lookup.
TRACEROUTE is another very helpful utility that operates similarly
to ping and also uses the services of the ICMP protocol. Traceroute, as the
name implies, is used to trace the path between the sender and the destination
host. It is a one-way trace, meaning that it traces the route from the source
to destination and not the other way around, which by the way, may follow a
different path. Traceroute also uses the services of User Datagram Protocol
(UDP), in specific implementations, as the transport layer for a specific
reason that we'll go into further on.
In order to understand you
need to know about ICMP protocol and the after you will get properly about to
how PING and TRACEROUTE protocol works in network.
Internet
Control Message Protocol (ICMP)
ICMP is a Network
layer protocol that belongs to the group of control protocols similar to ARP
and RARP. ICMP protocol has been designed with the unreliable characteristics
of the IP protocol in mind. Due to this unreliability and connectionless
behavior of IP, there was no way of informing the originator host that
something went wrong during data transmission. ICMP has been designed to
provide this function.
Whenever something
unexpected occurs that time ICMP messages report back to the sender, giving the
person an indication of might be something wrong happens. I wanted to recall
you that ICMP does not resolve the reliability issues related to IP; that is up
to the upper layer (the Transport layer) to perform. ICMP messages are enclose
with an IP in terms of networking we says ICMP encapsulation, Check below image
to get packets details.
ICMP Encapsulation:
ICMP Encapsulation:
Message Format of ICMP:
Message Type (8 Bits)
|
Message Code (8 Bits)
|
Checksum (16 Bits)
|
Parameters (ID, Seq., Number)
|
||
Data
|
||
Types of ICMP
Message:
Message Type
|
Message Type Number
|
Description
|
Echo request
|
8
|
Ask if machine is alive
|
Echo Reply
|
0
|
The reply to above question
|
Destination Unreachable
|
3
|
Packet could not reach its final
destination
|
Time Exceeded
|
11
|
TTL field in IP header has reached
the Values 0
|
Troubleshooting with PING
So basically first we are going
to check the command output and to check how to use PING.
First, Check the output of ping command is the way to simple Just to open a command prompt in your window system and type in PING [ip address of the host to reach], or if DNS service is running type in PING [URL of the destination host]. Sometimes, the extended ping command, which issues continuous echo request messages, is very helpful. The format of this command is PING –t [IP address of the host]. The ping command operates the same way in Windows, Unix, Cisco machines and in every other networking device. The principle is the same, even though variations on the extended functions of the command may exist.
First, Check the output of ping command is the way to simple Just to open a command prompt in your window system and type in PING [ip address of the host to reach], or if DNS service is running type in PING [URL of the destination host]. Sometimes, the extended ping command, which issues continuous echo request messages, is very helpful. The format of this command is PING –t [IP address of the host]. The ping command operates the same way in Windows, Unix, Cisco machines and in every other networking device. The principle is the same, even though variations on the extended functions of the command may exist.
In the next image you can see a
ping command towards the URL of Trainsignal.com. DNS query is performed first
to translate the URL to an IP address, and then four echo request message types
are transmitted. Transmit packets are time stamped. When the remote host
receives these echo requests, inside the echo reply messages it includes the
timestamp enclosed in the echo request. Upon receiving the reply message and
performing simple calculations, the round trip delay time is revealed and
noted:
Image : Executing the Ping Command
Troubleshooting with TRACEROUTE
The traceroute command operates
similarly to ping. On Cisco routers and Unix platforms the layout of the
command is: TRACEROUTE [destination IP address] or TRACEROUTE
[URL of the destination host]. On Windows machines the function
of traceroute comes with the command TRACERT (short for trace route), which operates
in a slightly different manner than in Cisco and Unix platforms (details on
this are below). Traceroute uses a clever way to capture the footprint of a
packet's journey. We will use an imaginary example to help us investigate how
traceroute achieves its purpose:
·
RouterA prepares an ICMP echo request
message, encapsulates it in an IP packet having Source address=172.16.10.1,
Destination address=192.168.7.2 with Time-To-Live (TTL) value=1, Destination
UDP port= anything not used (usually greater than 30000) and forwards it.
·
RouterB, upon receiving this packet, decrements
one unit from TTL value, hence TTL becomes 0, which means that it has to drop
this packet. It replies back to the sender with an ICMP Time exceeded message,
including its source address in the SA field of the IP header (SA=172.16.1.2).
·
RouterA receives the response and prints out
on the screen the first hop (IP address=172.16.1.2).
·
Afterwars, RouterA sends
the same echo request message with TTL value=2.
·
RouterB decrements it by one and forwards it
to RouterC which decrements by one again (TTL=0), forcing it to return an ICMP
time exceeded message with SA=192.168.1.2.
·
RouterA now prints out the second hop on
screen (IP address=192.168.1.2).
·
Finally RouterA sends
an ICMP echo request with TTL value=3 which is terminated on RouterD. The latter passes
the packet to the transport layer where the wrong UDP port number causes RouterD to issue an
ICMP Port Unreachable message.
·
RouterA upon receiving this message from RouterD knows that it
has reached the final hop which prints out on screen and stops sending any more
messages.
Real Example of Traceroute
Now let’s understand that how
traceroute works and how it behaves in a real situation. Using command prompt at
windows host, TRACERT to www.netwyman.blogspot.com.
The result is shown in below image:
Image: TRACERT Command
By looking the above image,
you can see that each ICMP echo request message is repeated three times before
the sender increments the TTL value and resend the request message. The three
round trip delay times for all three messages are included at the beginning of
each hop. A couple of request timed out messages come from routers that are
configured not to respond to ICMP echo request messages.
The Windows platforms, upon
receiving an echo reply message from the final destination, issue three more echo
request messages to that host.
What Can Ping and Traceroute Do?
Ping and traceroute commands
can be very helpful. Use of the PING command when the existence of a host is
what to interests you. Use TRACEROUTE in Cisco and Unix or TRACERT in Windows
to get an idea of what route your packets take to reach their destination.
Never rely on
traceroute to give you the exact route path of your packets. Keep this in mind
that ICMP operates on top of IP. Also, the IP is unreliable, meaning that not
every packet towards the same destination always takes the same path. Moreover,
received messages may follow different paths each time, so make sure to treat
traceroute results cautiously.
Both ping and traceroute are highly
important in disclosing the hidden network malfunctions besides basic
troubleshooting. Sharing from personal experience, extended ping utility has
once exposed a hardware problem which had the symptom of dropping packets randomly
during peak hour traffic.