Difference between revisions of "ping"

From Noah.org
Jump to navigationJump to search
m (moved Nmap ping to ping)
m
Line 1: Line 1:
 
[[Category:Engineering]]
 
[[Category:Engineering]]
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
 +
== ping patterns ==
 +
 +
Some network problems can be caused at a very low level where errors are triggered by signal noise and problems with data representation in signaling. Some data patterns can help reveal these problems. PIng can be used to send specific patterns useful for testing.
 +
ping -g 00 # all zeroes
 +
FF # all ones
 +
55 # alternating ones and zeros and ones (assuming big-endian '''bit''' order same as big-endian network byte order, otherwise you would see alternating zeros and ones (starting with zero)
 +
80 - one with seven zeros (1 n 7)
 +
1000 - one with 15 zeros
 +
 +
== Network Byte Order ==
 +
 +
The first bit sent is a 0 (byte 0, bit 0). The last bit sent is a 1 (byte 3, bit 7).
 +
<pre>
 +
byte  offset  0              1              2              3
 +
  bit  offset  01234567 01234567 01234567 01234567
 +
---------------------------------------------------------------
 +
        binary  00001010 00001011 00001100 00001101
 +
hex nybble  0      a      0      b      0      c      0    d
 +
</pre>
  
 
== nmap "ping" ==
 
== nmap "ping" ==

Revision as of 16:13, 22 September 2015


ping patterns

Some network problems can be caused at a very low level where errors are triggered by signal noise and problems with data representation in signaling. Some data patterns can help reveal these problems. PIng can be used to send specific patterns useful for testing. ping -g 00 # all zeroes FF # all ones 55 # alternating ones and zeros and ones (assuming big-endian bit order same as big-endian network byte order, otherwise you would see alternating zeros and ones (starting with zero) 80 - one with seven zeros (1 n 7) 1000 - one with 15 zeros

Network Byte Order

The first bit sent is a 0 (byte 0, bit 0). The last bit sent is a 1 (byte 3, bit 7).

byte  offset   0              1               2              3
   bit  offset   01234567 01234567 01234567 01234567
---------------------------------------------------------------
        binary   00001010 00001011 00001100 00001101
 hex nybble   0      a       0      b      0      c       0     d

nmap "ping"

I usually use nmap instead of ping to check the state of a given host and port. See also Traceroute#tcptraceroute for checking host:port. Nmap is essential for diagnosing network problems, but using the default port-scan mode can be problematic because a lot of servers have automated Intrusion Detection System tools. These will trigger if they see that you are scanning a range of ports. Typically this will cause the system to block your IP address thus adding to your network diagnosis problems. The trick is to tell nmap to use a stealth scan and to just check a single remote port. This is usually good enough to not trigger an IDS. The following will stealthily check the state of port 22 (SSH) without sending a PING:

nmap -P0 -sS -p22 www.example.com

This is a similar check for port 80 (http):

nmap -P0 -sS -p80 www.example.com