《TCP/IP 详解 卷一》读书笔记-----Ping&Traceroute
1、ping是用于测试对方主机是否可达的命令,其实本质上就是echo类型的ICMP报文。同时,ping还能用于计算RTT(round-trip time),即两台主机间的往返时延。
2、随着网络安全意识的增加,路由器的访问权限控制和防火墙等网络安全措施的使用,使得主机的可达性不仅仅取决于网络层的状况,而且也与协议的类型和端口号等等其他因素有关,所以现在ping指令的失败并不能代表目的主机就是不可达的。
3、IP record route:许多版本的ping命令在添加了-R的选项后,能够让数据报经过的每个路由器都在IP数据报的头部的可选部分(IP数据报头部最大60个字节,紧跟20个字节的固定首部后面的就是可选部分)填入自己的IP地址。当数据报到达目的主机后,再将这些IP地址填入ICMP echo的回复报文中,并且返回路径上的路由器也进行同样操作。最后,源主机就能从ping命令的返回报文中解析出与目的主机的整个交互过程需要经过那些路由器了。
当然,我们可以发现这样的机制背后是存在问题的,因为IP数据报头部的可选字段最多只有40个字节。在这40个字节里还要减去和record route相关的三个标识字节,最后能用的其实只有37个字节,也就是说只能存放9个IP v4的地址。这在现在的互联网环境下是远远不够的。
4、IP timestamp option:这和IP record route类似,不过是将原来的IP地址改为经过路由器的时间。并且它除了与record route一样的三个标识字节外,还有四个位的overflow字段用于标识记录的timestamp是否溢出,还有另外四个位的flags字段用于标识不同的timestamp类型,其中值得一提的一种类型是,在记录timestamp的同时也记录了该路由器的IP地址。其实我们仔细想想就能发现,单单记录经过路由器时的时间戳是没有多大意义的,但是如果把IP地址也记录下来,那么IP数据报头部的可选字段最多就只能记录四条记录了。
5、既然IP route record 最多只能记录9个IP地址,那么有没有办法克服这个缺陷呢?于是traceroute这个命令就出现了,它能够记录下IP数据报从源主机到目的主机经过的所有路由器的IP地址(与ping不同,它记录的是路由器的入口IP)。它的原理其实十分简单:我们都知道IP数据报头部有一个TTL字段,用来记录该数据报接下来能经过的最多的路由器的数目,也就是所谓的跳数。当路由器收到一个TTL=0的数据报时,则将其丢弃,并返回源主机一个“time exceeded”类型的ICMP报文,其中包含了该路由器的IP地址。由此我们可以想到,只要依次将发送出去的数据报的TTL字段设置为1,2,3...那么我们就能得到前往目的主机上第1,2,3...跳的路由器的地址。
不过这时候还有一个问题,那就是我们并不能确定TTL为何值时目的主机已到达,原因在于目的主机是会接受TTL=0的数据报的。对于这个问题的解决方法是,将该数据报包含的UDP报文的目的端口字段设置为一个大于30000的值,即该端口很少可能被用到,然后期望目的主机返回一个“port unreachable”的ICMP报文,由此得到到达目的主机需要的跳数。这样traceroute就比较好的解决了IP route record的问题。
二、十五个ping的简单示例
1、Increase or Decrease the Time Interval Between Packets
By default ping waits for 1 second before sending the next packet.You can increase or decrease this using option -i as below.
Increase Ping Time Interval
Example: Wait for 5 seconds before sending the next packet.
$ ping -i 5 IP
Decrease Ping Time Interval
Example: Wait 0.1 seconds before sending the next packet.
# ping -i 0.1 IP
Note: Only super user can specify interval less than 0.2 seconds. If not, you’ll get the following error message.
$ ping -i 0.1 127.0.0.1 PING 0 (127.0.0.1) 56(84) bytes of data. ping: cannot flood; minimal interval, allowed for user, is 200ms
2、Check whether the local network interface is up and running
Before checking whether the peer machine is reachable, first check whether the local network is up and running using any one of the following 3 methods.
Ping localhost using zero (0)
This is probably the easiest and simplest way to ping a local host
$ ping 0 PING 0 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.024 ms ^C
Ping localhost using name
$ ping localhost PING localhost (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.051 ms 64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.055 ms ^C --- localhost ping statistics --- 2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.051/0.053/0.055/0.002 ms
Ping localhost using ip
$ ping 127.0.0.1
To quit the ping command, send SIGINT signal by pressing CTRL+C. If you have not specified any option to make the ping to exit automatically, then you will be terminating using CTRL+C ( SIGINT ) which will show the statistics and then terminate the ping process. When everything is working properly, it should say ’0% packet loss’
2 packets transmitted, 2 received, 0% packet loss, time 999ms rtt min/avg/max/mdev = 0.051/0.053/0.055/0.002 ms
3、Send N packets and stop
Send N packets specified with -c option and then stop. This way the ping command can exit automatically instead of pressing CTRL+C to exit.
In the following example, ping command sends 5 packets, and waits for response from the destination host. Ping will exit after receiving the response or error.
$ ping -c 5 google.com PING google.com (74.125.45.100) 56(84) bytes of data. 64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=1 ttl=44 time=731 ms 64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=2 ttl=44 time=777 ms 64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=3 ttl=44 time=838 ms 64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=4 ttl=44 time=976 ms 64 bytes from yx-in-f100.google.com (74.125.45.100): icmp_seq=5 ttl=44 time=1071 ms --- google.com ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 4216ms rtt min/avg/max/mdev = 731.039/879.129/1071.050/126.625 ms
4、Show Version and Exit
Display the current version of ping program using -V option.
$ ping -V ping utility, iputils-sss20071127
5、Flood the network
Root can send hundred or more packets per second using -f option. It prints a `.` when a packet is sent, and a backspace is printed when a packet is received.
# ping -f localhost PING localhost (127.0.0.1) 56(84) bytes of data. .^C --- localhost ping statistics --- 427412 packets transmitted, 427412 received, 0% packet loss, time 10941ms rtt min/avg/max/mdev = 0.003/0.004/1.004/0.002 ms, ipg/ewma 0.025/0.004 ms
6、Audible ping: Give beep when the peer is reachable
This option is useful for sysadmin during troubleshooting.There is no need for you to look at the ping output after each and every change.You can continue working with your changes, and when the remote machine become reachable you'll hear the beep automatically.
This option is useful for sysadmin during troubleshooting. There is no need for you to look at the ping output after each and every change. You can continue working with your changes, and when the remote machine become reachable you’ll hear the beep automatically.
$ ping -a IP
Note: It can give beep only from terminal number 1 through 7 and gnome-terminal ( It will not work in console ).
7、Find out the IP address
You can identify the ip-address using the host name as shown below.
$ ping -c 1 google.com PING google.com (74.125.67.100) 56(84) bytes of data. 64 bytes from gw-in-f100.google.com (74.125.67.100): icmp_seq=1 ttl=43 time=287 ms --- google.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 287.903/287.903/287.903/0.000 ms
8、Print Only Ping Command Summary Statistics
Use option -q to view only the ping statistics summary as shown below.
$ ping -c 5 -q 127.0.0.1 PING 127.0.0.1 (127.0.0.1) 56(84) bytes of data. --- 127.0.0.1 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 3998ms rtt min/avg/max/mdev = 0.047/0.053/0.061/0.009 ms
9、Change Ping Packet Size
You can change the packet size of ping command using -s option.
Example: Change the default packet size from 56 to 100.
$ ping -s 100 localhost PING localhost (127.0.0.1) 100(128) bytes of data. 108 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.022 ms 108 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.021 ms 108 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.020 ms ^C --- localhost ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.020/0.021/0.022/0.000 ms
Ping Packet Size
In the above example, when we set the packet size to 100, it displays `128 bytes` in the output.This is because of the Ping packet header size, which is 28 bytes.So if you specify the packet size as 100, 28 bytes for header will be added to it and 128 bytes will be sent.
Ping Bytes Sent = Ping Packet Size + Ping Header Packet Size (28 bytes)
10、Timeout -w
Ping -w option specifies the deadline to terminate the ping output.This specifies the total number of seconds the ping command should send packets to the remote host.
The following example will ping for 5 seconds. i.e ping command will exit after 5 seconds irrespective of how many packets are sent or received.
$ ping -w 5 localhost
Note: When you specify both -w and -c, whichever comes first will terminate the ping command
11、Online ping
Ping from different locations and check the reachability (availability or time for reaching) of your server from different locations.
12、Option -w or -c Exits Ping
$ ping -c 4 0 -w 2 PING 0 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.064 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.060 ms 64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.058 ms --- 0 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 1998ms rtt min/avg/max/mdev = 0.058/0.060/0.064/0.009 ms $ ping -c 4 0 -w 10 PING 0 (127.0.0.1) 56(84) bytes of data. 64 bytes from 127.0.0.1: icmp_seq=1 ttl=64 time=0.063 ms 64 bytes from 127.0.0.1: icmp_seq=2 ttl=64 time=0.060 ms 64 bytes from 127.0.0.1: icmp_seq=3 ttl=64 time=0.055 ms 64 bytes from 127.0.0.1: icmp_seq=4 ttl=64 time=0.061 ms --- 0 ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 2997ms rtt min/avg/max/mdev = 0.055/0.059/0.063/0.009 ms
13、Shorter statistics with SIGQUIT
While ping is printing the individual packet status, when you want to view the shorter statistics you can use this technique.
Pressing CTRL+|(control key followed by pipe symbol) for the shows the summary in between, and continues with it packet sending and receiving process.
$ ping -w 100 localhost PING localhost (127.0.0.1) 56(84) bytes of data. 64 bytes from localhost (127.0.0.1): icmp_seq=10 ttl=64 time=0.021 ms 64 bytes from localhost (127.0.0.1): icmp_seq=11 ttl=64 time=0.022 ms 11/11 packets, 0% loss, min/avg/ewma/max = 0.020/0.022/0.022/0.024 ms 64 bytes from localhost (127.0.0.1): icmp_seq=12 ttl=64 time=0.021 ms 64 bytes from localhost (127.0.0.1): icmp_seq=13 ttl=64 time=0.022 ms 64 bytes from localhost (127.0.0.1): icmp_seq=14 ttl=64 time=0.021 ms 64 bytes from localhost (127.0.0.1): icmp_seq=15 ttl=64 time=0.021 ms 19/19 packets, 0% loss, min/avg/ewma/max = 0.020/0.022/0.022/0.024 ms 64 bytes from localhost (127.0.0.1): icmp_seq=31 ttl=64 time=0.022 ms 64 bytes from localhost (127.0.0.1): icmp_seq=32 ttl=64 time=0.022 ms 32/32 packets, 0% loss, min/avg/ewma/max = 0.020/0.022/0.022/0.027 ms 64 bytes from localhost (127.0.0.1): icmp_seq=33 ttl=64 time=0.023 ms ..
14、Specify path for ping to send the packet
You can specify through which path the ping should send the packet to destination.
$ ping hop1 hop2 hop3 .. hopN destination
$ ping 192.168.3.33 192.168.7.1 192.168.4.45
Note: If one of the hop in the path is not reachable then you will have failure in pinging.
15、Record and print route of how ECHO_REQUEST sent and ECHO_REPLY received
It records and prints the network route through which the packet is sent and received.This is useful for network engineers who wish to know how the packet is sent and received.
$ ping -R 192.168.1.63
PING 192.168.1.63 (192.168.1.63) 56(84) bytes of data.
64 bytes from 192.168.1.63: icmp_seq=1 ttl=61 time=2.05 ms
RR: 192.168.9.118
192.168.3.25
192.168.10.35
192.168.1.26
192.168.1.63
192.168.1.63
192.168.10.4
192.168.3.10
192.168.4.25
64 bytes from 192.168.1.63: icmp_seq=2 ttl=61 time=2.00 ms (same route)
