Ping is one of the oldest and most basic network diagnostic tools. It’s present in just about every modern, and even not-so-modern, operating system.
In concept, the tool is very, very simple: it sends out an “Are you there?” kind of request, and expects to hear back a “Yes, here I am!” kind of response.
Very basic, very simple, and yet very powerful as a first line of network troubleshooting.
Become a Patron of Ask Leo! and go ad-free!
The ping command line
The ping command runs in a Windows Command Shell (or a Linux/Mac/BSD/Solaris/etc. terminal window – it’s a very ubiquitous command), and has a very basic syntax at it’s core:
For example, if you open a command window and type in “ping askleo.com”, you’ll see something like this:
Pinging ask-leo.com [126.96.36.199] with 32 bytes of data:
Reply from 188.8.131.52: bytes=32 time=69ms TTL=47 Reply from 184.108.40.206: bytes=32 time=70ms TTL=47 Reply from 220.127.116.11: bytes=32 time=69ms TTL=47 Reply from 18.104.22.168: bytes=32 time=69ms TTL=47
Ping statistics for 22.214.171.124: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 69ms, Maximum = 70ms, Average = 69ms
There’s a lot of information in the results of a ping, and I’m not going into all the geeky details, but here are some of the basic and important things ping does:
- “Pinging ask-leo.com [126.96.36.199]” Ping only knows how to communicate with IP addresses, so the first thing it did when I asked it to ping “askleo.com” was to look up the corresponding IP address. This is one of the quickest ways I know to determine the IP address associated with a domain. Also, if this look-up fails, you’ll know there’s a typo in the domain name, or the domain name look-up (DNS) is failing for some reason.
- “Reply from 188.8.131.52” This tells you that the remote server at that IP address replied. What that means, though, is that the entire route across the internet, from your machine through routers and switches and networking equipment and whatever else, worked, as did the return path carrying the server’s reply. If this fails, (“timed out”) then something along the connection between you and the server might be broken, the server might be offline, or the server might not even exist. It’s also possible the server is explicitly configured not to respond to ping requests.
- “time=69ms” This is the round trip time: the time between sending “Are you there?” and receiving “Yes I am!”. In this case, it took 69 milliseconds. Since the ping is repeated several times, you can see that this time is fairly consistent, which is good. The time varies depending on many factors, including how close you are to the remote server, how many routers and other networking equipment are between you and that server, and more. In the example above, the ping was from me in the Seattle area to the Ask Leo! server housed in Michigan.
- “Sent = 4, Received = 4” One of the things TCP/IP is designed to deal with is packet loss. Ideally, every packet you send should get to where it’s going, but for various reasons, that doesn’t always happen. As long as the packets can get there after a retry or two, in normal usage you’d never notice. Ping sends multiple packets and reports specifically on the success rate, so you can see if a particular connection is prone to packet loss.
- “Approximate round trip times” While on average the same kind of packet sent to the same destination should take roughly the same amount of time, that’s also not always the case. Some packets take longer than others, for reasons as diverse as the equipment involved and paths followed. Ping reports these statistics so you can see if a particular connection is prone to this type of problem.
Ping also includes several options (type “ping -?” for a list), but the simplest use as above is probably the most common.
What’s your name?
There’s one usage that is not intuitive, but is something I use all the time. As you’ve seen above, ping can be used to translate a domain name quickly into its corresponding IP address (i.e. “askleo.com” into “184.108.40.206”). But it can also do the reverse:
[C:]ping -a 220.127.116.11
Pinging askleo.com [18.104.22.168] with 32 bytes of data:
Reply from 22.214.171.124: bytes=32 time=67ms TTL=47 ...
When I add the “-a” switch to ping and give it an IP address, ping does what’s called a “reverse DNS lookup” and displays the domain name that is assigned to that IP address. This is very handy at times, since many IP addresses are also assigned fairly descriptive domain names.
The results of a reverse DNS lookup can have three types of responses:
- The name of the website hosted at or domain assigned to that IP address. As you can see above, at this writing, askleo.com is at 126.96.36.199, and 188.8.131.52 maps back to askleo.com.
- The name of another website hosted at or domain assigned to the same IP address. Shared hosting companies commonly place many websites on a single server and a single IP address. For example, checking a client’s web site, I found that over 3,000 other websites were at the same IP address.1 Reverse DNS could be set to return any of these, or, more typically, a server name that is meaningful to the hosting company.
- Nothing at all. A reverse DNS entry is actually not required.
Aside from a quick tool for DNS and reverse-DNS look-ups, ping is most commonly used simply to verify basic connectivity between two machines. The ping service is typically one of the first and simplest services to be loaded onto a server, and runs independently of any other. Often, websites may be inaccessible because of a software problem, but the server on which they are hosted still responds to a ping. That helps determine that there isn’t a connectivity problem, but rather a problem on the server itself.
It’s also worth noting that some servers actively disable responding to ping requests, for assorted security-related reasons. For example, even though the server is most definitely up and running, you typically cannot ping “microsoft.com”, which times out; but on the other hand, you can ping “google.com”. In fact, pinging a site like “google.com” or “yahoo.com” is often a quick way to ensure that your own internet connection is, in fact, working.
A note about IPv6
The examples above all use the currently common IPv4 IP addresses: four numbers between 0 and 255 separated by periods. IPv6 is very slowly becoming more common. Pinging an IPv6 address will look different.
[C:]ping google.com Pinging google.com [2607:f8b0:4007:808::200e] with 32 bytes of data: Reply from 2607:f8b0:4007:808::200e: time=118ms Reply from 2607:f8b0:4007:808::200e: time=75ms Reply from 2607:f8b0:4007:808::200e: time=146ms Reply from 2607:f8b0:4007:808::200e: time=150ms
Ping statistics for 2607:f8b0:4007:808::200e: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 75ms, Maximum = 150ms, Average = 122ms
An IPv6 IP address is a series of hexadecimal numbers (digits 0-9, and a-f) separated by colons. Otherwise the functionality and results of a ping are the same.
Subscribe to Confident Computing! Less frustration and more confidence, solutions, answers, and tips in your inbox every week.
I'll see you there!
Download (right-click, Save-As) (Duration: 8:00 — 7.4MB)
9 comments on “What Is “Ping”, and What Does Its Output Tell Me?”
I have watched many war-movies about submarines. The submarine-hunters “ping” the submarines with SONAR. I believe that this might be the origin of the term in computer usage.
Close enough! Sonar works by measuring the time delay in sending a pulse of sound into the water and the return echo and – knowing the speed of sound in water – calculating the range from that info. Similar to Ping in a network – only it stays dry!
Actually tried that reverse pinging for the domain name. No luck Leo, not even on your site.
Just returned the ip address. :-(
Ping is actually an acronym! And it stands for….wait for it……Promiscuous InterNet Groper
-another useless fact remembered from my Unix training days!
hi my name is john i have a question for you guys..
i have a friend and his using an static IP and some website tells that his IP was blocked??can you please tell me whats the cause and best solution on that kind of case… thanks..
i have Airtel broadband and a Tata broadband connection. i have around 50 pcs connecting
through a airtel broadband connection. both are dsl connections with my phone line going
into dsl modems and a ethernet cable going from dsl modem directly into switch. currently
only airtel connection is connected with static ip on my private lan and usings the airtel
isp DNS servers as dns ip address and the default gate way as 192.168.1.1 (ip add of the
dsl modem). All Pcs are connected in a workgroup.
when in full use my users complain of certain web pages not opening. when i ping internet
addresses like yahoo or google i get 2 reply packets and 2 lost packets. i suspect that a
single broadband connection is not able to sustain 50 simultaneous downloads/browsing. is
there any device which connect to both DSL and make one line so that its give me high
(can i used DUAL WAN ROUTER.suggest me how it work or configure on my Lan…….)
speed simultaneous browsing .help needed urgently.
nice..Thank you.I am also found one ping test tool here http://www.whoisxy.com/ping.aspx at free of cost.
How will I know that someone had send me “ping” request ?
Can anyone tell me, where to look in my system if my friend has send me ping request, for his IP ?
Comments are closed.