最後更新: 2019-04-16


Factors Influencing RTT

  • Distance
  • Network hops (Routers/Switchs 's process time)
  • Bandwidth  & Traffic (congestion)
  • Server response time (process time)

Packet Format

IPv4 Header (in blue):

  • protocol set to 1 (ICMP)
  • Type of Service set to 0

ICMP Header (field)

  • Type of ICMP message (8 bits)
  • Code (8 bits)
  • Checksum (16 bits)
  • Header Data (32 bits)  (Identifier, Sequence Number )

ICMP Payload

 * may include a timestamp indicating the time of transmission

    (compute the round trip time in a stateless manner )

    (without needing to record the time of transmission of each packet)

 * returned reply should include the same payload.



# Centos

yum install -y iputils


有用的 ping options



Numeric output only

-i interval

Wait interval seconds between sending each packet. (Default 1 seconds)

-c count

Stop  after  sending  count  ECHO_REQUEST packets.

-w deadline

 Specify  a  timeout, in seconds


          Audible ping.


Flood ping.

For every ECHO_REQUEST sent printed "."

For  ever  ECHO_REPLY  received a backspace is printed.

outputs packets as fast as they come back


root@home:~# ping -f

PING ( 56(84) bytes of data.
--- ping statistics ---
1290 packets transmitted, 1289 received, 0% packet loss, time 4171ms
rtt min/avg/max/mdev = 2.995/3.139/4.093/0.098 ms, ipg/ewma 3.236/3.152 ms

root@home:~# ping -f

PING ( 56(84) bytes of data.
--- ping statistics ---
67 packets transmitted, 0 received, 100% packet loss, time 791ms


-I interface address

Set  source address to specified interface address.


Quiet output. Nothing is displayed except the summary lines

-s packetsize

Default: 56 byte  (which translates into 64 ICMP data bytes when combined with the 8 bytes of ICMP header data.)


Disable Linux the ping response


方法1: system

echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

方法2: firewall

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT




server:~# ping

PING ( 56(84) bytes of data.
64 bytes from icmp_req=1 ttl=111 time=16.4 ms
64 bytes from icmp_req=1 ttl=111 time=16.4 ms (DUP!)
64 bytes from icmp_req=1 ttl=111 time=16.4 ms (DUP!)

(DUP!) => Duplicate  packets

Duplicate  packets should  never  occur, and seem to be caused by inappropriate(不當) link-level retransmissions. 

Duplicates may  occur  in  many  situations  and  are rarely  (if  ever)  a good sign,

although the presence of low levels of duplicates may not always be cause for alarm.




ICMP = Internet Control Message Protocol

Ping tool sends ICMP (type 8) message to the host and waits for the ICMP echo-reply (type 0).

Protocol: ICMP

icmp-options (integer:integer; Default: )    # Matches ICMP "type:code" fields

ICMP type: Type 8 - Echo

Code fields: Many of these ICMP types have a "code" field.


  • Type 8 — Echo => 0 (No Code)
  • Type 3 — Destination Unreachable => 0    (Net Unreachable), ... 15 (Precedence cutoff in effect)


ICMP 的 state

ICMP packets are far from a stateful stream,

since they are only used for controlling and should never establish any connections.


There are four ICMP types that will generate return packets however, and these have 2 different states.


  • NEW

ICMP types

  • Echo request and reply
  • Timestamp request and reply
  • Information request and reply
  • finally Address mask request and reply

The reply packet is considered as being ESTABLISHED, as we have already explained.

However, we can know for sure that after the ICMP reply, there will be absolutely no more legal traffic in the same connection.

For this reason, the connection tracking entry is destroyed once the reply has traveled all the way through the Netfilter structure.

ICMP requests has a default timeout of 30 seconds, which you can change in the /proc/sys/net/ipv4/netfilter/ip_ct_icmp_timeout entry.


ICMP Host unreachable or ICMP Network unreachable 就會有 RELATED 狀態


Client -> SYN -> NEW -> ROUTER -> X



All ICMP messages sent in reply to UDP connections are considered as RELATED

iptables ping setting


 * 重要在於考慮了 OUTPUT

allow incoming ping

iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT

disable ping

iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP

allow outgoing ping

iptables -A OUTPUT -p icmp --icmp-type 8  -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0  -j ACCEPT



Ping 的 Conntrack


grep 'type=8 code=0' /proc/net/nf_conntrack

ipv4 2 icmp 1 29 src= dst= type=8 code=0 id=16961
    src= dst= type=0 code=0 id=16961 mark=0 secmark=0 use=2

 * icmp 的 TTL default 是 30 秒 !!


iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

以下 Rule 不再有效

iptables -A INPUT -p icmp -m limit --limit  2/s --limit-burst 2 -j ACCEPT
iptables -A INPUT -p icmp -j DROP

RTT: round-trip


Linux systems

use a unique identifier for every ping process, and sequence number is an increasing number within that process

Windows systems

uses a fixed identifier, which varies between Windows versions, and a sequence number that is only reset at boot time.

Payload: (32 bytes) 61 ... 7761 ... 69 (a~wa~i)