ping

From Noah.org
Jump to: navigation, search


ping patterns

Some network problems can be caused at a very low level where errors are triggered by signal noise and problems with data representation in signaling. Some data patterns can help reveal these problems. PIng can be used to send specific patterns useful for testing. ping -g 00 # all zeroes FF # all ones 55 # alternating ones and zeros and ones (assuming big-endian bit order same as big-endian network byte order, otherwise you would see alternating zeros and ones (starting with zero) 80 - one with seven zeros (1 n 7) 1000 - one with 15 zeros

Network Byte Order

The first bit sent is a 0 (byte 0, bit 0). The last bit sent is a 1 (byte 3, bit 7).

To send a 32-bit integer 0xA0B0C0D (decimal 168496141) in big-endian/network byte order
the following table shows how the bits are transmitted, reading from left to right.
We name the most significant byte byte zero (representing 0x0A).
Network byte order is big-endian for both byte order and for bit order.
The most significant bit of most significant byte first).
The first bit sent is a 0 (byte 0, bit 0). The last bit sent is a 1 (byte 3, bit 7).

 byte  offset   0        1        2        3

   bit offset   01234567 01234567 01234567 01234567

-----------------------------------------------------

       binary   00001010 00001011 00001100 00001101

     hex byte         0A       0B       0C       0D

00 # zeroes FF # ones 55 # alternating zeros and ones 80 # one with seven zeros (1 n 7) 1000 # one with 15 zeros

nmap "ping"

I usually use nmap instead of ping to check the state of a given host and port. See also Traceroute#tcptraceroute for checking host:port. Nmap is essential for diagnosing network problems, but using the default port-scan mode can be problematic because a lot of servers have automated Intrusion Detection System tools. These will trigger if they see that you are scanning a range of ports. Typically this will cause the system to block your IP address thus adding to your network diagnosis problems. The trick is to tell nmap to use a stealth scan and to just check a single remote port. This is usually good enough to not trigger an IDS. The following will stealthily check the state of port 22 (SSH) without sending a PING:

nmap -P0 -sS -p22 www.example.com

This is a similar check for port 80 (http):

nmap -P0 -sS -p80 www.example.com