ping

最後更新: 2019-04-16

介紹

Factors Influencing RTT

  • Distance
  • Network hops (Routers/Switchs 's process time)
  • Bandwidth  & Traffic (congestion)
  • Server response time (process time)

Packet Format

IPv4 Header (in blue):

  • protocol set to 1 (ICMP)
  • Type of Service set to 0

ICMP Header (field)

  • Type of ICMP message (8 bits)
  • Code (8 bits)
  • Checksum (16 bits)
  • Header Data (32 bits)  (Identifier, Sequence Number )

ICMP Payload

 * may include a timestamp indicating the time of transmission

    (compute the round trip time in a stateless manner )

    (without needing to record the time of transmission of each packet)

 * returned reply should include the same payload.


Install

 

# Centos

yum install -y iputils

 


有用的 ping options

 

-n

Numeric output only

-i interval

Wait interval seconds between sending each packet. (Default 1 seconds)

-c count

Stop  after  sending  count  ECHO_REQUEST packets.

-w deadline

 Specify  a  timeout, in seconds

-a

          Audible ping.

-f

Flood ping.

For every ECHO_REQUEST sent printed "."

For  ever  ECHO_REPLY  received a backspace is printed.

outputs packets as fast as they come back

Example

root@home:~# ping -f 8.8.8.8

PING 8.8.8.8 (8.8.8.8) 56(84) bytes of data.
.^C
--- 8.8.8.8 ping statistics ---
1290 packets transmitted, 1289 received, 0% packet loss, time 4171ms
rtt min/avg/max/mdev = 2.995/3.139/4.093/0.098 ms, ipg/ewma 3.236/3.152 ms

root@home:~# ping -f 192.168.123.15

PING 192.168.123.15 (192.168.123.15) 56(84) bytes of data.
...................................................................^C
--- 192.168.123.15 ping statistics ---
67 packets transmitted, 0 received, 100% packet loss, time 791ms

 

-I interface address

Set  source address to specified interface address.

-q

Quiet output. Nothing is displayed except the summary lines

-s packetsize

Default: 56 byte  (which translates into 64 ICMP data bytes when combined with the 8 bytes of ICMP header data.)

 


Disable Linux the ping response

 

方法1: system

echo 1 >/proc/sys/net/ipv4/icmp_echo_ignore_all

方法2: firewall

iptables -A INPUT -p icmp --icmp-type echo-request -j ACCEPT

 


(DUP!)

 

server:~# ping 120.237.118.54

PING 120.237.118.54 (120.237.118.54) 56(84) bytes of data.
64 bytes from 120.237.118.54: icmp_req=1 ttl=111 time=16.4 ms
64 bytes from 120.237.118.54: icmp_req=1 ttl=111 time=16.4 ms (DUP!)
64 bytes from 120.237.118.54: icmp_req=1 ttl=111 time=16.4 ms (DUP!)

(DUP!) => Duplicate  packets

Duplicate  packets should  never  occur, and seem to be caused by inappropriate(不當) link-level retransmissions. 

Duplicates may  occur  in  many  situations  and  are rarely  (if  ever)  a good sign,

although the presence of low levels of duplicates may not always be cause for alarm.

 


ICMP

 

ICMP = Internet Control Message Protocol

Ping tool sends ICMP (type 8) message to the host and waits for the ICMP echo-reply (type 0).

Protocol: ICMP

icmp-options (integer:integer; Default: )    # Matches ICMP "type:code" fields

ICMP type: Type 8 - Echo

Code fields: Many of these ICMP types have a "code" field.

i.e.

  • Type 8 — Echo => 0 (No Code)
  • Type 3 — Destination Unreachable => 0    (Net Unreachable), ... 15 (Precedence cutoff in effect)

 

ICMP 的 state

ICMP packets are far from a stateful stream,

since they are only used for controlling and should never establish any connections.

NEW, ESTABLISHED

There are four ICMP types that will generate return packets however, and these have 2 different states.

States:

  • NEW
  • ESTABLISHED

ICMP types

  • Echo request and reply
  • Timestamp request and reply
  • Information request and reply
  • finally Address mask request and reply

The reply packet is considered as being ESTABLISHED, as we have already explained.

However, we can know for sure that after the ICMP reply, there will be absolutely no more legal traffic in the same connection.

For this reason, the connection tracking entry is destroyed once the reply has traveled all the way through the Netfilter structure.

ICMP requests has a default timeout of 30 seconds, which you can change in the /proc/sys/net/ipv4/netfilter/ip_ct_icmp_timeout entry.

RELATED

ICMP Host unreachable or ICMP Network unreachable 就會有 RELATED 狀態

TCP

Client -> SYN -> NEW -> ROUTER -> X

Client <- ICMP <- RELATED <- ROUTER

UDP

All ICMP messages sent in reply to UDP connections are considered as RELATED
 


iptables ping setting

 

 * 重要在於考慮了 OUTPUT

allow incoming ping

iptables -A INPUT -p icmp --icmp-type 8 -j ACCEPT
iptables -A OUTPUT -p icmp --icmp-type 0 -j ACCEPT

disable ping

iptables -A OUTPUT -p icmp --icmp-type 8 -j DROP

allow outgoing ping

iptables -A OUTPUT -p icmp --icmp-type 8  -j ACCEPT
iptables -A INPUT -p icmp --icmp-type 0  -j ACCEPT

 

 


Ping 的 Conntrack

 

grep 'type=8 code=0' /proc/net/nf_conntrack

ipv4 2 icmp 1 29 src=192.168.123.10 dst=192.168.123.251 type=8 code=0 id=16961
    src=192.168.123.251 dst=192.168.123.10 type=0 code=0 id=16961 mark=0 secmark=0 use=2

 * icmp 的 TTL default 是 30 秒 !!

所以當有

iptables -I INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT

以下 Rule 不再有效

iptables -A INPUT -p icmp -m limit --limit  2/s --limit-burst 2 -j ACCEPT
iptables -A INPUT -p icmp -j DROP

RTT: round-trip

 

Linux systems

use a unique identifier for every ping process, and sequence number is an increasing number within that process

Windows systems

uses a fixed identifier, which varies between Windows versions, and a sequence number that is only reset at boot time.

Payload: (32 bytes) 61 ... 7761 ... 69 (a~wa~i)

 


DOC

 

https://datahunter.org/mtr