What is ping

The title ping is one of the most popular and the most useful tools used for making a diagnosis of network connections based on the TCP/IP protocol. Its implementation can be encountered practically in every operating system supporting the above-mentioned protocol. The ping’s functionality is based on a very easy principle – sending the ICMPECHO_REQUEST packet from the local computer to the remote machine, and then waiting for a reply in the form of the ICMP ECHO_REPLY packet.

An example of putting ping into practice (it is created from the command line. The IP address or a symbolic name of a target device must be given. This device can be a computer, a router or even a network printer):


-bash-3.2$ ping

PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=128 time=0.347 ms
64 bytes from icmp_seq=1 ttl=128 time=0.170 ms
64 bytes from icmp_seq=2 ttl=128 time=0.167 ms
64 bytes from icmp_seq=3 ttl=128 time=0.169 ms
64 bytes from icmp_seq=4 ttl=128 time=0.166 ms
--- ping statistics ---
5 packets transmitted, 5 packets received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.166/0.203/0.347/0.073 ms



Test with 32 data bytes:

Reply from bytes =32 time<1 ms TTL=128

Reply from bytes =32 time<1 ms TTL=128

Reply from bytes =32 time<1 ms TTL=128

Reply from bytes =32 time<1 ms TTL=128

Statistics of the ping test for

Packets: Transmitted=4, Received=4, Lost=0 (0% loss)

Estimated round trip time in milliseconds:

The minimum: 0 ms, the maximum value: 0 ms, the average time: 0 ms

With the help of ping it is possible to gain basic information concerning the state of network connection between a local computer and a remote device:

  • Whether a device is connected to the Internet and replies to the ECHO_REQUEST demand with the use of the correctly formulated ECHO_REPLY packet.
  • What is the average delay of getting a reply (colloquially named “lag”), expressed in milliseconds.
  • Which part of a general number of packets gets to the receiver and which is lost. This parameter is expressed as a percentage. When its value is greater than zero, it indicates some technical problems of communications line.

However, it is necessary to clearly mention here that the results obtained with the use of ping do not always present a credible image of network connections’ state – in the vast majority of popular operating systems it is possible to turn off a response for the incoming ECHO_REQUEST packets (e.g. with the use of such software as firewall). It causes lack of the ECHO_REPLY packets in response, and thus might be the cause of the suspected connection failure in spite of its correct functioning. For this reason ping is usually used for the initial diagnostic testing of the local computer networks, familiar to a user/administrator. However, in professional use ping is only one of a large number of used tools. The second important aspect of ping is the fact that it provides only information on the subject of network connection’s state. Getting the reply from the remote machine means only that it is connected to network and replies for the ping request. It is impossible, however, to draw conclusions about a type and a condition of services actuated on a tested device. Moreover, it cannot be assumed that the device’s operating system works properly (cases when a computer replies for pings in spite of crashing of an operating system, are relatively common).

The ping tool, depending on the implementation in a particular operating system, can contain in itself a variety of additional options (in the Unix systems they can be recognized with the help of a command main ping, and in the systems of Windows this command is ping-?):

  • Continuous ping, until interruption from the user’s side (default behavior in the Unix systems, parameter -t in Windows, e.g.: „ping –t”).
  • Definable size of a packet in bytes, from 1 to about 65500 bytes (parameter  –s in the Unix systems, -l in Windows, e.g. ping –s 128 will cause transmission of a packet of the size of 128 bytes instead of the default 32). This option is useful especially in case of cordless networks in which the phenomenon of losing large packets, with utterly easy and trouble-free transmission of the small ones, may sporadically occur.
  • A dozen or so other, less often used parameters, such as, e.g. a specific number of packets to transmit (-c in the Unix systems,  -n in Windows), so-called ping flood, in other words the maximum possible number of packets for simultaneous transmission, defining the TTL parameter, namely the maximum number of nodes to go on the way to a target device, etc.

As an interesting side note, at the end of this article, some fact can be added. Blocking the replies at the ping’s request is caused not only by willingness to limit network traffic and to diminish a potential threat connected with additional service working on the server, but also due to the fact that each of the operating systems creates the ECHO_REPLY packet of replies in a slightly different way. These systems put characteristic sequences of signs in it – so the packet can be used for an attempt to identify the operating system working on the server. Moreover, what is strictly involved, it may also facilitate tasks of a potential burglar or a person with other undesirable intentions.

Go to top