top button
Flag Notify
    Connect to us
      Site Registration

Site Registration

Ping command working process (THE PING PROCESS).

0 votes
966 views
THE PING PROCESS

Step 1-

The source host generates an ICMP protocol data unit.

Step 2-

The ICMP PDU is encapsulated in an IPdatagram, with the source and *destination***IP addresses** in the IP header. At this point the datagram is most properly referred to as an ICMPECHOdatagram, but we will call it an IPdatagram from here on since that's what it looks like to the networks it is sent over.

Step 3-

The source host notes the local time on it's clock as it transmits the IPdatagram towards the destination. Each host that receives the IPdatagram checks the destination address to see if it matches their own address or is the all hosts address (all 1's in the host field of the IP address).

 Step 4-

If the destination IP address in the IPdatagram does not match the local host's address, the IPdatagram is forwarded to the network where the IP address resides.

Step 5-

The destination host receives the IPdatagram, finds a match between itself and the destination address in the IPdatagram.

Step 6-

The destination host notes the ICMPECHO information in the IPdatagram, performs any necessary work then destroys the original IP/ICMPECHOdatagram.

Step 7-

The destination host creates an ICMPECHO REPLY, encapsulates it in an IP datagram placing it's own IP address in the source IP address field, and the original sender's IP address in the destination field of the IPdatagram.

Step 8-

The new IPdatagram is routed back to the originator of the PING. The host receives it, notes the time on the clock and finally prints PING output information, including the elapsed time.

The process above is repeated until all requested ICMPECHO packets have been sent and their responses have been received or the default 2-second timeout expired. The default 2-second timeout is local to the host initiating the PING and is NOT the Time-To-Live value in the datagram.

NOTES ON 'FAILED' RESPONSES

Note that an ICMPECHO REPLY might return after the default 2-second timeout. Thus the packet did return, it just did not do so in the 2 seconds alotted. When experiencing so-called packet loss when using ping, it is always a good idea to increase the default 2 second timeout to see if packets are no longer being dropped. If increasing the default timeout value seems to improve performance by reducing packet loss, then your problem is NOT a packet loss issue, it is a congestion issue caused by high load at one of the following locations (in order of frequency):

1.Your own Internet connection to your ISP
2.The remote server
3.The remote host's connection to their ISP
4.A peering point between two ISP's which your traffic transits over

Large companies maintaining websites (eg. Google, Yahoo, Microsoft, CNN, AOL etc.) usually monitor their Internet connections to help them prepare for upgrades to their Internet provider before any serious issues arise. They keep a five minute running average byte-count of the input and output of each Internet pipe and trend the utilization over weeks, months and years. This gives them the ability to predict when they will run out of bandwidth under normal usage.

posted Jul 7, 2014 by Vrije Mani Upadhyay

  Promote This Article
Facebook Share Button Twitter Share Button LinkedIn Share Button


Related Articles

“Who has 192.168.2.25? Please tell 000000000020”
Because PC-B is on the same subnet as E1, PC-B responds

“I have 192.168.2.25. MAC address is 0000000025”
IP at Interface E1, on the router, then passes the packet (created at PC-A) and the Destination MAC address for 192.168.2.25 down to the Data Link Layer. The Data Link Layer then creates a frame containing the Destination MAC address, Source MAC address, FCS and an Ether_Type field (again set to 0x1h to indicate IP), which encapsulates the IP packet.
(The MAC address of PC-B is placed into the ARP cache on Interface E1, and the MAC address of interface E1 is placed into the cache of PC-B)

The frame is then passed down to the Physical Layer to be placed on the wire one bit at a time. Again all hosts on the 192.168.2.0/24 subnet will receive the frame, build it, check it, discard it with the exception of PC-B which will match the Destination MAC address. PC-B will then check the Ether_Type field, pull the packet from the frame, discard the frame and pass the packet to the protocol indicated in the Ether_Type field, in this example IP.

IP then checks the Destination IP address in the packet and finds a match. It will then check the Protocol field (0x1h = ICMP) and pass the data to ICMP. ICMP recognises that the data sent is an echo request, and will then create an echo response message.

The echo response is then passed to IP, which will then build a packet, consisting of the Destination IP address (192.168.1.10), the Source IP address (192.168.2.25) the data from ICMP, and the protocol field. Once the packet is built the MAC address of the IP address 192.168.1.10 is required. ARP checks it’s cache, if there is no match an ARP broadcast is sent.

PING ICMP Header

“Who has 192.168.1.10? Please tell 000000000025”
Because 192.168.1.10 is on a remote subnet, and routers do not pass broadcasts there is no response.

The default gateway is then required for PC-B. The default gateway is configured as 192.168.2.20 and the ARP cache is checked. As PC-B cached the MAC address of interface E1, a match is found and there is no need to send out an ARP broadcast.

Now that the MAC address of the default gateway has been resolved the packet and the Destination MAC address is then passed down to the Data Link Layer.

At the Data Link Layer a frame is built which consists of the Destination MAC address, the Source MAC address, the FCS and the Ether_Type field (again set to 0x8 to indicate IP). The frame encapsulates the packet passed down from IP. The complete frame is then passed down to the Physical Layer to be put onto the wire one bit at a time.

At Interface E1 of the router, the frame is received, the Destination MAC address is then checked and found to be a match. The Ether_Type field is then checked, the packed is pulled from the frame, the frame is discarded and the packed passed to IP, as indicated in the Ether_Type field.

IP on E1 checks the IP destination address and finds it is not a match. It then consults the routing table for the IP Network Address (192.168.1.0/24), if a match is found the packet is switched to the Interface configured for the 192.168.1.0/24 network, in this example E0.

If no match is found then the packet is discarded. PC-A will receive a time-out error in this case, as the time set to receive replies has been exceeded. A destination network unavailable message is NOT sent to PC-A. If the message could be sent to PC-A then the router would obviously have a route to PC-A’s network and then would not need to generate the message!!

On Interface E0, the interface configured for 192.168.1.0/24, IP and ARP will then locate the MAC address for the IP address 192.168.1.10. ARP checks the cache, because the MAC address for PC-A was cached on the outgoing trip, there is a match and the packet and frame are then passed down to the Data Link Layer.

The Data Link Layer will then build a frame, consisting of the Destination MAC address, the Source MAC address, Ether_Type field and the FCS. This frame encapsulates the packet passed down from IP and then passes the frame down to the Physical Layer to be placed onto the wire, one bit at a time.

PC-A receives the frame sent from interface E0 on the router, checks the MAC address, finds a match, reads the Ether_Type field, pulls the packet from the frame, discards the frame and passes the packet to IP as indicated in the Ether_Type field. IP checks the Destination IP address and finds a match. IP will then read the Protocol field (0x1h = ICMP) and passes the data to ICMP.

ICMP recognises the data as an echo response, ICMP acknowledges receipt by sending information to the user interface, (“!” with Cisco routers, “Reply from 192.168.2.25 and additional information in Windows), and then builds another echo request and the whole process begins again.

The above is designed to give an overview of what happens on the network when data is sent from one machine to another. This is by no way to be considered complete as there are additional parameters which can be configured and created both within the IP packet and the Data-Link Frame. The above assumes the use of Ethernet_II frames on the network. No matter how big the network or how many routers the data passes through the process is identical to the above.

Running Ping Continuously:
On some computers (particularly those running Linux), the standard ping program does not stop running after four request attempts but instead runs until the user ends it. That is useful for those wanting to monitor the status of a network connection over longer periods of time. In Microsoft Windows, type "ping -t" instead of "ping" at the command line to launch the program in this continuously running mode (and use the Control-C key sequence to stop it).

READ MORE

Ping

is a standard utility program available on most computers. A ping utility sends test messages from the computer to a remote device over a TCP/IP network. Besides determining whether the remote computer is currently online, ping also provides indicators of the general speed or reliability of network connections.

Everybody knows that the ping utility is used to check network connectivity between two hosts, but what happens when a user issues a ping? This article is designed to explain the basics of what happens on a network when a ping is issued. Imagine the following scenario;

You have PC-A in subnet 192.168.1.0/24, PC-B in subnet 192.168.2.0/24 and a router connected to both subnets. You need to check if PC-A can connect to PC-B.

IP addresses and MAC addresses to state with examples:

PC-A
192.168.1.10 MAC Address 00:00:00:00:00:10 
Default Gateway 192.168.1.15

Router Interface E0 
192.168.1.15 MAC Address 00:00:00:00:00:15

Router Interface E1 
192.168.2.20 MAC Address 00:00:00:00:00:20

PC-B 
192.168.2.25 MAC Address 00:00:00:00:00:25
Default Gateway 192.168.2.20

A user on PC-A types in “ping 192.168.2.25”

The first thing happens ICMP creates data (an alphabet). IP on PC-A creates a packet containing Destination IP Address 192.168.2.25, the Source IP Address 192.168.1.10, the data, and a protocol field. The protocol field informs the receiving host where to pass the data to, in this example the protocol field would be set to 0x1h to indicate ICMP. (0x indicates that the following is an hexadecimal number).

Once the packet been created ARP (Address Resolution Protocol) is then used to identify the MAC address of the destination host. This can happen in a number of ways, the first to happen is that ARP checks it’s cache to see if it has a match to the Destination IP Address. If not then ARP sends out an ARP broadcast to the Ethernet MAC broadcast address (FF:FF:FF:FF:FF:FF).

“Who has 192.168.2.25? Please tell 000000000010”?
You will notice that PC-A is asking for replies to be sent to the MAC address. This is because computers communicate only with MAC addresses on LANs (Local Area Networks)

If no response is received by PC-A, then ARP & IP assume that 192.168.2.25 is on a remote subnet and therefore would require routing. At this point the IP address and the MAC address of the default gateway is required. In a Windows machine the registry is consulted in order to get the IP address of the default gateway (192.168.1.15). ARP then consults it’s cache to see if it has match to the IP address of the default gateway, if not then another ARP broadcast is sent.

IP addresses and ARP

“Who has 192.168.1.15? Please tell 000000000010”?
Because this is a broadcast ALL hosts on the 192.168.1.0/24 sub-net will receive this frame. The router interface E0 will read the frame and identify itself as the interface with the requested IP address. The router will then reply.
“I have 192.168.1.15. MAC address is 000000000015”
As the request asked for a reply direct to PC-A the frame sent from the router will be directed towards PC-A and not sent as a broadcast. The router will also cache the MAC address of PC-A, which it received via the broadcast sent by ARP to locate the MAC address of the router.

Once IP at PC-A as received the message from the router interface it will pass the packet created earlier and the MAC Destination address down to the Data Link Layer.

Ping Command

The Data Link Layer creates a frame containing the Destination MAC address, the Source MAC address, A FCS (Frame Check Sequence, used to verify the data has not been corrupted) and an Ether_Type field, in this example the field will be set to 0x8 to indicate IP. This Frame encapsulates the packet passed down from IP at the Network Layer. The MAC address of the router is also cached into the ARP cache on PC-A

Once the frame has been created it is passed down to the Physical Layer where the frame is placed onto the wire one bit at a time. Every host on subnet 192.168.1.0/24 will receive this frame, build it, and check the Destination MAC address, if it is not a match the frame is discarded. At the router interface, E0, the Destination MAC address is a match. The router then checks the Ether_Type field (0x8 = IP) pulls the packet from the frame, discards the frame and passes the packet up to IP at the Network Layer.

At the Network Layer the Destination IP address is checked to see if it is a match, in this example the Destination IP address is 192.168.2.25, however the IP address of the router interface which received the frame is 192.168.1.15, and is not a match. The router then consults it’s routing table for the destination IP network address (192.168.2.0). If there is no match in the routing table the packet is discarded and a “Destination Network unavailable” message is returned to PC-A

If there is a match in the routing table then the router will switch the packet to the interface configured to send information to the destination IP Network Address, in this example E1.

Interface E1 now needs to know the MAC address of the machine with IP address 192.168.2.25. The first thing it does is check the ARP cache, no match in the cache, E1 then send out an ARP broadcast.

Note: *Because of the characters limit here i have to publish it in two parts please manage to read completely to get the thorough idea.*

READ MORE

Where two bridges are used to interconnect the same two computer network segments, spanning tree is a protocol that allows the bridges to exchange information so that only one of them will handle a given message that is being sent between two computers within the network. The spanning tree protocol prevents the condition known as a bridge loop.

n a local area network (LAN) such as an Ethernet or token ring network, computers compete for the ability to use the shared telecommunications path at any given time. If too many computers try to send at the same time, the overall performance of the network can be affected, even to the point of bringing all traffic to a near halt. To make this possibility less likely, the local area network can be divided into two or more network segments with a device called a bridge connecting any two segments. Each message (called a frame) goes through the bridge before being sent to the intended destination. The bridge determines whether the message is for a destination within the same segment as the sender's or for the other segment, and forwards it accordingly. A bridge does nothing more than look at the destination address and, based on its understanding of the two segments (which computers are on which segments), forwards it on the right path (which means to the correct outgoing port). The benefit of network segmentation (and the bridge) is that the amount of competition for use of the network path is reduced by half (assuming each segment has the same number of computers) and the possibility of the network coming to a halt is significantly reduced.

Each bridge learns which computers are on which segment by sending any first-time message to both segments (this is known as flooding) and then noticing and recording the segment from which a computer replied to the message. Gradually, the bridge builds a picture for itself of which computers are in which segments. When a second and subsequent messages are sent, the bridge can use its table to determine which segment to forward it to. The approach of allowing the bridge to learn the network through experience is known as transparent bridging (meaning that bridging does not require setup by an administrator).

In order to build into a network, it is typical to add a second bridge between two segments as a backup in case the primary bridge fails. Both bridges need to continually understand the topography of the network, even though only one is actually forwarding messages. And both bridges need to have some way to understand which bridge is the primary one. To do this, they have a separate path connection just between the bridges in which they exchange information, using bridge protocol data units (BPDUs).

The program in each bridge that allows it to determine how to use the protocol is known as the spanning tree algorithm. The algorithm is specifically constructed to avoid bridge loops (multiple paths linking one segment to another, resulting in an infinite loop situation). The algorithm is responsible for a bridge using only the most efficient path when faced with multiple paths. If the best path fails, the algorithm recalculates the network and finds the next best route.

The spanning tree algorithm determines the network (which computer hosts are in which segment) and this data is exchanged using Bridge Protocol Data Units (BPDUs). It is broken down into two steps:

Step 1: The algorithm determines the best message a bridge can send by evaluating the configuration messages it has received and choosing the best option.

Step 2: Once it selects the top message for a particular bridge to send, it compares its choice with possible configuration messages from the non-root-connections it has. If the best option from step 1 isn't better than what it receives from the non-root-connections, it will prune that port.

The spanning tree protocol and algorithm were developed by a committe of the IEEE. Currently, the IEEE is attempting to institute enhancements to the spanning tree algorithm that will reduce network recovery time. The goal is to go from 30 to 60 seconds after a failure or change in link status to less than 10 seconds. The enhancement, called Rapid Reconfiguration or Fast Spanning Tree, would cut down on data loss and session timeouts when large, Ethernet networks recover after a topology change or a device failure.

READ MORE
...