The following is a detailed explanation.
What is Ping?
Ping is a typical network tool. Ping can identify some states of network functions. The status of these network functions is the basis of daily network fault diagnosis. In particular, Ping can identify the binary state of a connection (that is, whether it is connected or not). However, this is only the simplest example of behavior analysis, which can tell you the running state of your network.
Suppose the network is a black box, and you know nothing about it beforehand. By properly stimulating the network, analyzing the network reaction and using the network behavior analysis model, the internal state of this black box is correctly determined. This enables network engineers and users to understand network channels without accessing network components (i.e. interfaces, switches and routers).
Send packets to the network. The normal state of the network and the network standard are used as the analysis model. Next, we can identify the internal state of the network, such as connectivity, by associating possible network responses with known states.
In the case of using Ping, this can only make simple things more complicated. By sending an ICMP Echo packet to an IP address, you can get an ICMP (Internet Telegraph Control Protocol) response, so you can confirm that there is a connection on the network path. This is simple, but powerful, because it can point out more interesting possibilities.
Of course, the network is never ideal. The response of the network to stimuli changes with time. Generally speaking, Ping should repeat this process more than once, and then make statistical evaluation. According to this method, Ping can generally determine the statistical changes of round trip time (RTT) and packet loss rate (round trip time is infinite). Based on this extra information, we can learn a little more about network channels, but not much.
Traceroute is another tool for this method. Traceroute can determine the arrangement order of Layer 3 devices between the host and some target hosts by using the known behaviors related to Layer 3 devices in the intermediate path and the Time to Live (TTL) field of the IP header. In order to accomplish this task, Traceroute does not send a single packet, but sends a series of packets with special TTL settings, gradually increasing from 1 to 255, until it reaches the predetermined goal. Traceroute can then identify the IP address of each Layer 3 interface that responds with ICMP TTL information.
Therefore, Traceroute can provide the function of knowing the IP routing status between two hosts. Obviously, there are many such states, which are more complicated than simple binary connection states.
Traceroute needs a large number of network path samples to complete this task.
Of course, there are more tools to show different aspects of the network path, and even Ping and Traceroute have added other functions. Some tools rely on very advanced mathematical network models. These mathematical models include queuing theory, non-random loss analysis and error correlation.
So, what's the point? It's kind of like an old fable that a blind man touches an elephant. Every blind person's explanation of an elephant has different characteristics (some people say it is like a snake, some people say it is like a wall, and some people say it is like a trunk), because each road has a different way of visiting. None of them know what they are dealing with.
So the network is such a thing, constantly changing, affecting the performance of applications and hindering diagnosis. However, the network analysis model can be widely used instead of analyzing the simple network state bit by bit. Advanced sampling and analysis process can reveal the structure of all end-to-end paths in detail.
Many of the latest network technologies introduced in the column "New Network Science" make full use of this method. In fact, these systems provide a more accurate view. For example, it is like using modern sonar to accurately generate a sound wave formed by all subtle changes in temperature, surface and salinity to accurately describe the current state of the seabed, ocean currents and marine life. It is not simply to detect submarines in World War II.
Even better, these systems can selectively analyze the response of the network to specific applications. These applications include backup and recovery, VoIP, video, collaborative environment and other processing systems and other application software. Changes in packet size, load, protocol and transmission rate may cause the network to change its characteristics.
If you find Ping and raceroute useless, consider that you only use a small part of the tools you may have. Just as a pixel map can't show you the whole picture, Ping can't tell you the whole picture.
Ping command
Verify the connection to a remote computer or local computer. This command can only be used after the TCP/IP protocol is installed.
Ping [-t] [-a] [-n count] [-l length] [-f] [-i ttl] [-v tos] [-r count] [-s count] [[-j computer list] | [-k computer list ]] [-w timeout] destination list.
parameter
Equivalent to -ED
Verify the connection to the specified computer until the user disconnects.
[Ancient names or Latin modern names of animals and plants]
Resolve the address to a computer name.
-n count
Send the number of echo messages specified by count. The default value is 4.
-l length
Sends an ECHO message containing the data length specified by length. The default value is 64 bytes and the maximum value is 8 192 bytes.
-f
Send the "Do not segment" flag in the packet. The packet will not be segmented by the gateway on the route.
-I see
Set the time-to-live field to the value specified by ttl.
-v tos
Set the service type field to the value specified by tos.
-r count
Record the route of outgoing and return messages in the Record Route field. The minimum value of the specified count can be 1 and the maximum value can be 9.
-s count
A timestamp that specifies the number of forwards specified by count.
-j computer-list
Routes messages through the computer list specified by computer-list. Intermediate gateways can separate consecutive computers (loose source routing). A maximum of 9 IP addresses are allowed.
-k computers-list
Routes messages through the computer list specified by computer-list. Intermediate gateways can separate successive computers (strict source routing). A maximum of 9 IP addresses are allowed.
-w timeout
Specifies the timeout interval in milliseconds.
Destination list
Specify a remote computer to verify the connection.
Note: The Ping command verifies the connection with the remote computer or local computer by sending an ICMP echo message to the computer and listening for the return of the echo message. For each message sent, Ping waits at most 1 second, and prints the number of messages sent and received. Compare each message received with the message sent to verify its validity. By default, four response messages are sent, each containing 64 bytes of data (periodic capital letter sequence).
You can use the Ping utility to test the computer name and IP address. If the IP address can be successfully verified, but the computer name cannot be successfully verified, there is a problem with name resolution. In this case, make sure it is in the local host file or DNS.
The computer name to be queried exists in the database.
The following shows an example of Ping output: (available to Windows users: Go-& gt;; Run, enter "command" to bring up the command window.
c:\ & gt; Ping ds.internic.net
Ping ds.interactive.net with 32 bytes of data [192.20.239.132]:
192.20.239. 132 reply: byte =32 time = 10 1ms TTL=243.
192.20.239. 132 reply: byte =32 time = 100ms TTL=243.
192.20.239. 132 reply: byte =32 time = 120ms TTL=243.
192.20.239. 132 reply: byte =32 time = 120ms TTL=243.
Using PING to judge TCP/IP fault
1、Ping 127.0.0. 1:
127.0.0. 1 is a local circular address. If this address can't be Ping, it means that the TCP/IP protocol of the local machine can't work normally.
2.Ping the IP address of this machine:
Use IPConfig to check the local IP, and then Ping it. The general rule is that the network card (network card or modem) works normally, and if it doesn't work, the network card fails.
3.Ping the IP of the computer on the same network segment:
Ping the IP of the computer in the same network segment. If it doesn't work, the network cable is out of order. If there is a router in the network, first Ping the router IP of this network segment port. If not, there is something wrong with this line. The general rule is to PING the port IP of the router on the network segment where the target computer is located. If not, there is something wrong with the route. General rules Ping the target IP address again.
4.Ping URL:
If you want to detect a network with DNS service, but you still can't connect to the target computer after ping its IP address in the previous step, you can ping its network name, such as ping www.sina.com.cn. Under normal circumstances, there will be an IP pointed by a URL, indicating that the DNS settings of this computer are correct and the DNS server is working normally, otherwise there may be something wrong with one of them. You can also detect the failure of WINS resolution by pinging the computer name (WINS is a service that resolves computer names into IP addresses).
After implementing these four steps, the fault point in the network has been made clear, and we can solve the problem correctly.
Using Ping command to judge network fault
Ping is an executable command that comes with the Windows series. Using it can check whether the network can be connected, and using it well can help us analyze and judge network faults. Application format: Ping IP address. This command can also be used with many parameters. Specifically, you can view the detailed instructions by tyPing ping and pressing Enter.
# 1? 1.Ping local IP
? For example, the local IP address is 172. 168.200.2. Execute the command ping172.168.200.2. If there is nothing wrong with the network card installation configuration, it should be displayed as follows:
? Replay from 172. 168.200.2? Byte =32 times & lt 10 millisecond
? Ping statistics of 172. 168.200.2?
? Xiao Bao? Sent=4? Copy that =4? Lost =0? 0% loss?
? Approximate round-trip time in milliseconds?
? Minimum value = 0 ms? Maxiumu= 1ms? Average = 0 ms
? If the command is executed in MS-DOS mode, the display content is: The request has timed out, indicating that there is something wrong with the installation or configuration of the network card. Disconnect the network cable and execute the command again. If the display is normal, it means that the IP address used by this machine may be duplicate with the IP address of another machine in use. If it is still abnormal, it means that there is something wrong with the installation or configuration of the local network card, and it is necessary to continue to check the relevant network configuration.
# 1? 2.Ping gateway IP
? Suppose the gateway IP is:172.168.6.1,and execute the command ping172.168.6.1. When executing this command in MS-DOS mode, if the following information is displayed:
? 172.168.6.1reply? Bytes =32 Time = 9 milliseconds TTL=255
? Ping statistics are172.168.6.1?
? Xiao Bao? Sent=4? Copy that =4? Lost =0? 0% loss?
? Approximate round-trip time in milliseconds?
? Minimum value = 1ms? Max = 9 ms? Average = 5 milliseconds
? Indicates that the gateway router in the LAN is operating normally. On the contrary, there is a problem with the gateway.
# 1? 3.Ping remote IP
? This command can detect whether the computer can access the Internet normally. For example, the IP address of a local telecom operator is: 202.438+002.48.6438+0. Execute the command in MS-DOS mode: ping 202.102.48.141. If the screen shows:
? 202.102.48.141reply? Bytes =32 Time = 33 milliseconds TTL=252
? 202.102.48.141reply? Byte =32 Time = 2 1 millisecond TTL=252
? 202.102.48.141reply? Bytes =32 Time = 5 milliseconds TTL=252
? 202.102.48.141reply? Bytes =32 Time = 6 milliseconds TTL=252
? 202.102.48.141Ping statistics?
? Xiao Bao? Sent=4? Copy that =4? Lost =0? 0% loss?
? Approximate round-trip time in milliseconds?
? Minimum value = 5 milliseconds? Max = 33 ms? Average value =16ms
? It means that the operation is normal and you can surf the Internet normally. Otherwise, there is a problem with the host file (windows/host).
Use Ping to solve network faults.
One day, I have been using a normal company computer, and suddenly ie browser can't open any web pages. You are anxious, but you don't know where to start. MM, who has already made an appointment in the chat room, also called to urge you to contact her online as soon as possible. Don't worry at this time, please come with me to check what's wrong.
Please list our housekeeping tools on the homepage: Ping.exe and Ping.exe are the tools that come with the system. Computers with the latest version of Server from 98 to 2003 have this command-line tool.
Command description
Ping is a very useful tool, which can be used to test network connection and send and receive data packets. It is the most commonly used command in network testing. Ping sends a loopback request packet to the target host (address), asking the target host to reply after receiving the request, so as to judge the response time of the network and whether the machine is connected with the target host (address).
Command format
Code: ping IP address or host name [-t] [-a] [-n count] [-l size]
Parameter meaning:
-t continuously send data to the target host;
-a displays the network address of the target host in IP address format;
-n count specifies how many times to Ping, and the specific number is specified by count;
-l size specifies the size of the packet sent to the target host.
The results show that
The Ping command has two return results:
1 and "request timeout" indicate that the response packet returned by the target host has not been received, that is, the network is blocked or the network state is not good.
2. "Reply from x.x.x.x: bytes = 32 time <; 1ms TTL=255 "means that you have received a response packet from the target host X.X.X.X The packet size is 32 bytes, and the response time is less than 1ms TTL is 255. This result indicates that the connection between your computer and the target host is normal.
3. "Unable to access the target host" means that the target host cannot be accessed.
4. "ping: transmission failed, error code XXXXX" means transmission failed, error code xxxxx.
Knowing its command format and usage, we can start to check what is wrong.
First, check whether the network card driver and TCP/IP protocol of this machine are installed correctly.
Click start > run, enter the command with win98/me, and enter cmd with win2000 or above to open the command prompt window. Enter the command: PING 127.0.0. 1, 127.0.0. 1. This IP address is defined as a local IP address. What we have to do now is to ping ourselves first and determine what to do next according to the returned results. If the second result is returned, it means that your network card driver and TCP/IP are normal, and you can proceed to the next step. If the fourth result is returned, there is something wrong with your network card driver or TCP/IP. At this time, you should check whether the network card driver is installed correctly and intact, and whether the TCP/IP protocol is installed. After setting the network card driver and TCP/IP protocol, check whether you can access the Internet now. If you still can't get online, then go to the second step.
Second, check the line between the computer and the gateway.
Entering the ipconfig command at the command prompt window will return your computer's IP address, subnet mask and default gateway on the network. If your computer uses automatic IP acquisition, and the IP address is followed by 169.xxx.xxx, your computer has not obtained the available computer IP address from the DHCP server. At this time, you can use the ipconfig /renew command to regain the IP(win 98/me uses ipconfig/renew_all). In general, as long as the DHCP server is normal, the correct IP address can be obtained. If you can't get the correct IP address all the time, check whether the firewall software blocks the communication of the network card, such as the firewall of Windows XP.
After obtaining the correct IP address, subnet mask and gateway address, you can use the Ping tool to detect whether there is a connection between the local computer and the gateway. After running the command to Ping the gateway address, if the returned result is normal, IE still can't open the webpage, so the third step is needed. If the returned result is abnormal, your computer and gateway host network are abnormal. At this time, if you are an Adsl user, you need to call the operator for help and ask them to check whether there is something wrong with their server. If you are a local area network user, you need to ask the network administrator for help and ask him to check whether the switching equipment and gateway server of the network are working properly.
Third, check the Internet network.
In the command prompt window, ping a famous website, such as www. 163.com. If it is normal, the IP address of www. 163.com will be returned. If the prompt "PING request cannot find the host www. 163.com, please check the name and try again" means that www.163.com has not been obtained. At this time, the address of www. 163.com entered in IE will not open the website (because the domain name must be resolved into an IP address to open it. At this time, you can ping 202.106.168.104 (an IP address of www. 163.com) to see if you can return the correct result. If the correct result is returned, there is a problem with your DNS server settings. You can consult the local DNS server address of the operator and fill it in the TCP/IP properties. If ping 202.106.168.104 doesn't work, we can only wait for the help of the operator. :(
After the above three steps, I believe you can surf the Internet freely again! There are many reasons for network failure, but as long as we are careful and step by step, it is easy to find the reasons and solve the problems. Finally, I wish you a happy surfing!
Saw the true face of the table tennis headquarters
To understand the mystery, it is necessary to see how the Ping command works.
Suppose the IP address of host A is 192. 168. 1, and the IP address of host B is192.168.1.2, both of which are in the same subnet, then when you are in host A,
First, the Ping command will build an ICMP request packet with a fixed format, and then the ICMP protocol will hand this packet to the IP layer protocol together with the address "192.168.1.2" (like ICMP, it is actually a group of processes running in the background). The IP layer protocol will take the address "192.168.1.2" as the destination address, take the local IP address as the source address, and add some other control information to construct an IP packet, and find out the corresponding IP address192.1in a mapping table. The latter constructs a data frame, the destination address is the physical address transmitted by the IP layer, and the source address is the physical address of the machine, plus some control information, and transmits them according to the media access rules of Ethernet.
After receiving this data frame, Host B first checks its destination address and compares it with the physical address. If it is consistent, it receives it. Otherwise it will be discarded. Check after receiving the data frame, extract the IP packet from the frame and hand it over to the IP layer protocol of the machine. Similarly, after IP layer inspection, it extracts useful information and provides it to ICMP protocol. After the latter process, it immediately constructs an ICMP response packet and sends it to host A, which is exactly the same as the process of host A sending an ICMP request packet to host B. ..
From the Ping process, we can know that host A received the reply packet from host B, indicating that the outgoing and return paths between the two hosts are normal. That is to say, whether it is from host A to host B or from host B to host A, it is normal. So, what caused one-way Ping?
A personal firewall is installed.
In * * * machines that enjoy surfing the Internet, for security reasons, most hosts as servers have installed personal firewall software, while other machines as clients generally do not. By default, almost all personal firewall software does not allow other machines to Ping this machine. The general practice is to filter out ICMP request messages from outside, but there is no restriction on ICMP request messages and ICMP reply messages from outside. Ping in this way, when ping other machines from this machine, if the network is normal, there is no problem. But if you Ping this machine from another machine, even if the network is all right, there will be an error of "timeout no answer".
Most of the one-way Ping phenomenon comes from this. The solution is also very simple, just adjust the corresponding settings according to the different types of firewalls you use.
Secondly, the IP address is set incorrectly.
Under normal circumstances, a host should have a network card, an IP address, or multiple network cards and multiple IP addresses (these addresses must be in different IP subnets). But for computers used in public places, especially Internet cafes, there are many people and many hands, and there are no "explorers" among them. At one time, two computers also had this one-way Ping. After careful inspection, it was found that the TCP/IP settings of the "dial-up network card" (equivalent to the soft network card) of one of the computers set an IP address in the same subnet as the IP address of the network card. Thus, according to the IP layer protocol, this host has two different interfaces on the same network segment. When Ping other machines from this host, the following problem will occur:
(1) The host does not know which network interface to send the packet to, because there are two network interfaces connected to the same network segment;
(2) The host does not know which address to use as the source address of the packet. Therefore, if you Ping other machines from this host, the IP layer protocol will not be able to handle it. After timeout, Ping will give an error message of "Timeout No Answer". However, when Pinging the host from another host, the request packet comes from a specific network card. ICMP only needs to exchange destination addresses and source addresses and change some flags. ICMP reply packets can be sent smoothly, and other hosts can successfully ping this machine.
Ping's little secret
Ping command, which is familiar to everyone, is often used to test the connectivity of LAN. "Ping+IP address" is the most commonly used command format, but have you noticed the IP address in the Ping command? There is a lot of learning and attention in it. Here, the author will introduce these secrets hidden in the Ping command.
".0" can be conditionally omitted.
People often use the command "ping 127.0.0. 1" to do loop tests on this machine to verify whether the TCP/IP protocol suite of this machine is installed correctly. But did you find out? Use the command "ping 127. 1" to get the same test result (as shown in the figure). Actually, the two commands "ping 127. 1" and "ping 127.0. 1" are the same.
Why is this happening? This is the skill of using IP address in the application of Ping command. As we all know, an IP address consists of 32-bit binary digits. For your convenience, every 8-bit binary number is converted into a decimal number, thus forming an easy-to-remember IP address consisting of four decimal numbers (for example, 127.0.0. 1). Since the Windows operating system has the function of automatically filling ".0", I can change "127.0.0. 1" to "127. 1".
However, the omission of this ".0" is conditional and cannot be omitted at will. In the application of Ping command, only one or more ".0" appearing before the last decimal digit of IP address can be omitted. For example, the command "ping 127.0.0. 1" can be rewritten as "ping 127.5438+0".
If one or more ".0" have no decimal beside the last part, but are in other places, then this ".0" cannot be omitted. For example, "Ping 202.0.96. 1" cannot be written as "Ping 202.96. 1". This is because the response information returned by "ping 202.96. 1" is "202.96.0. 1" instead of "202.0.96. 1".
Numeric strings instead of IP addresses
You can also use a numeric string instead of an IP address in the Ping command. Can you believe it? Run the "ping 3658906394" command, and you will see the return information of the IP address "2 18.22. 123.26".
Why is this happening? In fact, "3658906394" is another representation of the IP address "2 18.22. 123.26". Of course, you can also Ping other IP addresses in the same way.
How are strings converted? It's not complicated. Taking the IP address "2 18.22. 123.26" as an example, the method of converting the IP address into a number string is as follows: First, convert "2 18.22. 123.26" into "da.65438+" in hexadecimal.
Tip: In some LAN environments, the command "Ping+ number string" may fail, and the prompt message "Unknown host number string" appears, because the numeric string is resolved to a host name instead of an ip address.
Therefore, after mastering the above skills, network administrators can skillfully use the "ellipsis" method to reduce the character input of Ping commands and improve work efficiency. At the same time, replacing IP addresses with digital strings can also confuse curious ordinary users and prevent them from setting them at will.