Question

Ping will make you think one of two things. If it makes you think of irons and drivers and 18 holes of beautiful green fairway, then you are definitely CIO/CEO/CISO material. If it makes you think of submarines or bats, then you're probably geekier like me.

Packet InterNet Groper, or what we affectionately call ping, is a networking utility. It is used to test whether a host is “alive” on an Internet Protocol (IP) network. A host is a computer or other device that is connected to a network. It will measure the time it takes for a message sent from one host to reach another and echo back to the original host. Bats are able to use echo‐location, or bio sonar, to locate and identify objects. We do the same in our networked environments.

Ping will send an Internet Control Message Protocol (ICMP) echo request to the target and wait for a reply. This will report problems, trip time, and packet loss if the asset has a heartbeat. If the asset is not alive, you will get back an ICMP error. The command‐line option for ping is easy to use no matter what operating system you are using and comes with multiple options such as the size of the packet, how many requests, and time to live (TTL) in seconds. This field is decremented at each machine where data is processed. The value in this field will be at least as great as the number of gateways it has to hop. Once a connection is made between the two systems, this tool can test the latency or the delay between them.

Figure 1.1 shows a running ping on a Windows operating system sending four echo requests to www.google.com using both IPv4 and IPv6.

Figure 1.1 : Running a ping against a URL and IP address

What this figure translates to is that my computer can reach through the network and touch a Google server. The www.google.com part of this request is called a uniform resource locator (URL). A URL is the address of a page on the World Wide Web (WWW). The numbers you see next to the URL is called an IP address. Every device on a network must have a unique IP network address. If you are attempting to echo‐locate another host, you could substitute the URL www.google.com for an IP address. We will do a deeper dive on IPv4 and IPv6 in Chapter 9 , Log Management.

There are more granular ping commands. If you type ping along with an option or switch, you can troubleshoot issues that might be occurring in your network. Sometimes these issues are naturally occurring problems. Sometimes they could signal some type of attack.

Table 1.1 shows different options you can add to the base command ping .

Table 1.1 : ping command syntax

OPTION	MEANING
/?	Lists command syntax options.
‐t	Pings the specified host until stopped with Ctrl+C. ping‐t is also known as the ping of death. It can be used as a denial‐of‐service (DoS) attack to cause a target machine to crash.
‐a	Resolves address to hostname if possible.
‐n count	How many echo requests to send from 1 to 4.2 billion. (In Windows operating systems, 4 is the default.)
‐r count	Records route for count hops (IPv4 only). The maximum is 9, so if you need more than 9, tracert might work better (covered later in the chapter).
‐s count	Timestamp for count hops (IPv4 only).
‐i TTL	Time to live; maximum is 255.

Did you know that you could ping yourself? Figure 1.2 shows that 127.0.0.1 is a special reserved IP address. It is traditionally called a loopback address. When you ping this IP address, you are testing your own system to make sure it is working properly. If this IP doesn't return an appropriate response, you know the problem is with your system, not the network, the Internet service provider (ISP), or your target URL.

Figure 1.2 : Pinging a lookback address

If you are experiencing network difficulties, this is the first tool to pull out of your toolkit. Go ping yourself and make sure everything is working as it should (see Lab 1.1 ).

---

LAB 1.1 : PING

1. Open a command prompt or a terminal window.
2. Type ping –t www.example.com and then press Enter. (You can use another URL or hostname of your choice.)
3. After a few seconds, hold the Ctrl button and press C (abbreviated as Ctrl+C in subsequent instructions in this book).
4. When the command prompt returns, type ping –a 127.0.0.1 and press Enter.

What is the name of your host? As you can see in Figure 1.2 , mine is DESKTOP‐OU8N7VK. A hostname is comprised of alphanumeric characters and possibly a hyphen. There may be times in the future you know an IP address but not the hostname or you know a hostname but not the IP address. For certain troubleshooting steps, you will need to be able to resolve the two on a single machine.

---