Difference between revisions of "ping"

From Noah.org
Jump to navigationJump to search
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
[[Category:Engineering]]
 
[[Category:Engineering]]
 
[[Category:Networking]]
 
[[Category:Networking]]
 +
 +
== ping patterns ==
 +
 +
Some network problems can be caused at a very low level where errors are triggered by signal noise and problems with data representation in signaling. Some data patterns can help reveal these problems. PIng can be used to send specific patterns useful for testing.
 +
ping -g 00 # all zeroes
 +
FF # all ones
 +
55 # alternating ones and zeros and ones (assuming big-endian '''bit''' order same as big-endian network byte order, otherwise you would see alternating zeros and ones (starting with zero)
 +
80 - one with seven zeros (1 n 7)
 +
1000 - one with 15 zeros
 +
 +
== Network Byte Order ==
 +
 +
The first bit sent is a 0 (byte 0, bit 0). The last bit sent is a 1 (byte 3, bit 7).
 +
<pre>
 +
To send a 32-bit integer 0xA0B0C0D (decimal 168496141) in big-endian/network byte order
 +
the following table shows how the bits are transmitted, reading from left to right.
 +
We name the most significant byte byte zero (representing 0x0A).
 +
Network byte order is big-endian for both byte order and for bit order.
 +
The most significant bit of most significant byte first).
 +
The first bit sent is a 0 (byte 0, bit 0). The last bit sent is a 1 (byte 3, bit 7).
 +
 +
byte  offset  0        1        2        3
 +
 +
  bit offset  01234567 01234567 01234567 01234567
 +
 +
-----------------------------------------------------
 +
 +
      binary  00001010 00001011 00001100 00001101
 +
 +
    hex byte        0A      0B      0C      0D
 +
</pre>
 +
 +
00 # zeroes
 +
FF  # ones
 +
55  # alternating zeros and ones
 +
80  # one with seven zeros (1 n 7)
 +
1000  # one with 15 zeros
  
 
== nmap "ping" ==
 
== nmap "ping" ==
  
 
I usually use nmap instead of ping to check the state of a given host and port.
 
I usually use nmap instead of ping to check the state of a given host and port.
See also [http://www.noah.org/wiki/index.php/Traceroute#tcptraceroute tcptraceroute] for checking host:port.
+
See also [[Traceroute#tcptraceroute]] for checking host:port.
 
Nmap is essential for diagnosing network problems, but using the default port-scan mode  
 
Nmap is essential for diagnosing network problems, but using the default port-scan mode  
 
can be problematic because a lot of servers have automated [http://en.wikipedia.org/wiki/Intrusion-detection_system Intrusion Detection System] tools. These will trigger if they see that you are scanning a range of ports. Typically this will cause the system to block your IP address thus adding to your network diagnosis problems. The trick is to tell nmap to use a stealth scan and to just check a single remote port. This is usually good enough to not trigger an [http://en.wikipedia.org/wiki/Intrusion-detection_system IDS]. The following will stealthily check the state of port 22 (SSH) without sending a PING:
 
can be problematic because a lot of servers have automated [http://en.wikipedia.org/wiki/Intrusion-detection_system Intrusion Detection System] tools. These will trigger if they see that you are scanning a range of ports. Typically this will cause the system to block your IP address thus adding to your network diagnosis problems. The trick is to tell nmap to use a stealth scan and to just check a single remote port. This is usually good enough to not trigger an [http://en.wikipedia.org/wiki/Intrusion-detection_system IDS]. The following will stealthily check the state of port 22 (SSH) without sending a PING:

Revision as of 18:14, 22 September 2015


ping patterns

Some network problems can be caused at a very low level where errors are triggered by signal noise and problems with data representation in signaling. Some data patterns can help reveal these problems. PIng can be used to send specific patterns useful for testing. ping -g 00 # all zeroes FF # all ones 55 # alternating ones and zeros and ones (assuming big-endian bit order same as big-endian network byte order, otherwise you would see alternating zeros and ones (starting with zero) 80 - one with seven zeros (1 n 7) 1000 - one with 15 zeros

Network Byte Order

The first bit sent is a 0 (byte 0, bit 0). The last bit sent is a 1 (byte 3, bit 7).

To send a 32-bit integer 0xA0B0C0D (decimal 168496141) in big-endian/network byte order
the following table shows how the bits are transmitted, reading from left to right.
We name the most significant byte byte zero (representing 0x0A).
Network byte order is big-endian for both byte order and for bit order.
The most significant bit of most significant byte first).
The first bit sent is a 0 (byte 0, bit 0). The last bit sent is a 1 (byte 3, bit 7).

 byte  offset   0        1        2        3

   bit offset   01234567 01234567 01234567 01234567

-----------------------------------------------------

       binary   00001010 00001011 00001100 00001101

     hex byte         0A       0B       0C       0D

00 # zeroes FF # ones 55 # alternating zeros and ones 80 # one with seven zeros (1 n 7) 1000 # one with 15 zeros

nmap "ping"

I usually use nmap instead of ping to check the state of a given host and port. See also Traceroute#tcptraceroute for checking host:port. Nmap is essential for diagnosing network problems, but using the default port-scan mode can be problematic because a lot of servers have automated Intrusion Detection System tools. These will trigger if they see that you are scanning a range of ports. Typically this will cause the system to block your IP address thus adding to your network diagnosis problems. The trick is to tell nmap to use a stealth scan and to just check a single remote port. This is usually good enough to not trigger an IDS. The following will stealthily check the state of port 22 (SSH) without sending a PING:

nmap -P0 -sS -p22 www.example.com

This is a similar check for port 80 (http):

nmap -P0 -sS -p80 www.example.com