Technology in terms you understand. Sign up for my weekly newsletter, "Confident Computing", for more solutions you can use to make your life easier. Click here.

What is “ping”, and what does its output tell me?

//
Sometimes when I search for solutions for my home networking problem, I frequently see some people suggesting that I ping my PC by IP and/or by computer name. What does PING command actually do? What’s the point of using this command? How do I read and understand the results?

Ping is one of the oldest and most basic network diagnostic tools. It’s present in just about every modern, and even not-so-modern, operating system.

In concept, the tool is very, very simple: it sends out an “Are you there?” kind of request, and expects to hear back a “Yes, here I am!” kind of response.

Very basic, very simple, and yet very powerful as a first line of network troubleshooting.

Become a Patron of Ask Leo! and go ad-free!

The ping command line

The ping command runs in a Windows Command Shell (or a Linux/Mac/BSD/Solaris/etc. terminal window – it’s a very ubiquitous command), and has a very basic syntax at it’s core:

ping domain_name

For example, if you open a command window and type in “ping askleo.com”, you’ll see something like this:

[C:]ping askleo.com
Pinging ask-leo.com [50.28.23.175] with 32 bytes of data:
Reply from 50.28.23.175: bytes=32 time=69ms TTL=47
 Reply from 50.28.23.175: bytes=32 time=70ms TTL=47
 Reply from 50.28.23.175: bytes=32 time=69ms TTL=47
 Reply from 50.28.23.175: bytes=32 time=69ms TTL=47
Ping statistics for 50.28.23.175:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
 Approximate round trip times in milli-seconds:
 Minimum = 69ms, Maximum = 70ms, Average = 69msPing Concept

Ping results

There’s a lot of information in the results of a ping, and I’m not going into all the geeky details, but here are some of the basic and important things ping does:

  • Pinging ask-leo.com [50.28.23.175]” Ping only knows how to communicate with IP addresses, so the first thing it did when I asked it to ping “askleo.com” was to look up the corresponding IP address. This is one of the quickest ways I know to determine the IP address associated with a domain. Also, if this look-up fails, you’ll know there’s a typo in the domain name, or the domain name look-up (DNS) is failing for some reason.
  • Reply from 50.28.23.175” This tells you that the remote server at that IP address replied. What that means, though, is that the entire route across the internet, from your machine through routers and switches and networking equipment and whatever else, worked, as did the return path carrying the server’s reply. If this fails, (“timed out”) then something along the connection between you and the server might be broken, the server might be offline, or the server might not even exist. It’s also possible the server is explicitly configured not to respond to ping requests.
  • time=69ms” This is the round trip time: the time between sending “Are you there?” and receiving “Yes I am!”. In this case, it took 69 milliseconds. Since the ping is repeated several times, you can see that this time is fairly consistent, which is good. The time varies depending on many factors, including how close you are to the remote server, how many routers and other networking equipment are between you and that server, and more. In the example above, the ping was from me in the Seattle area to the Ask Leo! server housed in Michigan.
  • Sent = 4, Received = 4” One of the things TCP/IP is designed to deal with is packet loss. Ideally, every packet you send should get to where it’s going, but for various reasons, that doesn’t always happen. As long as the packets can get there after a retry or two, in normal usage you’d never notice. Ping sends multiple packets and reports specifically on the success rate, so you can see if a particular connection is prone to packet loss.
  • Approximate round trip times” While on average the same kind of packet sent to the same destination should take roughly the same amount of time, that’s also not always the case. Some packets take longer than others, for reasons as diverse as the equipment involved and paths followed. Ping reports these statistics so you can see if a particular connection is prone to this type of problem.

Ping also includes several options (type “ping -?” for a list), but the simplest use as above is probably the most common.

What’s your name?

There’s one usage that is not intuitive, but is something I use all the time. As you’ve seen above, ping can be used to translate a domain name quickly into its corresponding IP address (i.e. “askleo.com” into “50.28.23.175”). But it can also do the reverse:

[C:]ping -a 50.28.23.175
Pinging askleo.com [50.28.23.175] with 32 bytes of data:
Reply from 72.3.133.152: bytes=32 time=67ms TTL=47
 ...

When I add the “-a” switch to ping and give it an IP address, ping does what’s called a “reverse DNS lookup” and displays the domain name that is assigned to that IP address. This is very handy at times, since many IP addresses are also assigned fairly descriptive domain names.

The results of a reverse DNS lookup can have three types of responses:

  • The name of the website hosted at or domain assigned to that IP address. As you can see above, at this writing, askleo.com is at 50.28.23.175, and 50.28.23.175 maps back to askleo.com.
  • The name of another website hosted at or domain assigned to the same IP address. Shared hosting companies commonly place many websites on a single server and a single IP address. For example, checking a client’s web site, I found that over 3,000 other websites were at the same IP address.1  Reverse DNS could be set to return any of these, or, more typically, a server name that is meaningful to the hosting company.
  • Nothing at all. A reverse DNS entry is actually not required.

Connectivity test

Aside from a quick tool for DNS and reverse-DNS look-ups, ping is most commonly used simply to verify basic connectivity between two machines. The ping service is typically one of the first and simplest services to be loaded onto a server, and runs independently of any other. Often, websites may be inaccessible because of a software problem, but the server on which they are hosted still responds to a ping. That helps determine that there isn’t a connectivity problem, but rather a problem on the server itself.

It’s also worth noting that some servers actively disable responding to ping requests, for assorted security-related reasons. For example, even though the server is most definitely up and running, you typically cannot ping “microsoft.com”, which times out; but on the other hand, you can ping “google.com”. In fact, pinging a site like “google.com” or “yahoo.com” is often a quick way to ensure that your own internet connection is, in fact, working.

A note about IPv6

The examples above all use the currently common IPv4 IP addresses: four numbers between 0 and 255 separated by periods. IPv6 is very slowly becoming more common. Pinging an IPv6 address will look different.

[C:]ping google.com
Pinging google.com [2607:f8b0:4007:808::200e] with 32 bytes of data:
Reply from 2607:f8b0:4007:808::200e: time=118ms
Reply from 2607:f8b0:4007:808::200e: time=75ms
Reply from 2607:f8b0:4007:808::200e: time=146ms
Reply from 2607:f8b0:4007:808::200e: time=150ms
Ping statistics for 2607:f8b0:4007:808::200e:
 Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
 Minimum = 75ms, Maximum = 150ms, Average = 122ms

An IPv6 IP address is a series of hexadecimal numbers (digits 0-9, and a-f) separated by colons. Otherwise the functionality and results of a ping are the same.

Podcast audio

Play

9 comments on “What is “ping”, and what does its output tell me?”

  1. I have watched many war-movies about submarines. The submarine-hunters “ping” the submarines with SONAR. I believe that this might be the origin of the term in computer usage.

  2. Close enough! Sonar works by measuring the time delay in sending a pulse of sound into the water and the return echo and – knowing the speed of sound in water – calculating the range from that info. Similar to Ping in a network – only it stays dry!

  3. Actually tried that reverse pinging for the domain name. No luck Leo, not even on your site.
    Just returned the ip address. 🙁

  4. Ping is actually an acronym! And it stands for….wait for it……Promiscuous InterNet Groper
    -another useless fact remembered from my Unix training days!

  5. hi my name is john i have a question for you guys..
    i have a friend and his using an static IP and some website tells that his IP was blocked??can you please tell me whats the cause and best solution on that kind of case… thanks..

    There’s no way to know. You’d have to contact the administrator of the web site.

    Leo
    15-Oct-2010

  6. Hello,

    i have Airtel broadband and a Tata broadband connection. i have around 50 pcs connecting

    through a airtel broadband connection. both are dsl connections with my phone line going

    into dsl modems and a ethernet cable going from dsl modem directly into switch. currently

    only airtel connection is connected with static ip on my private lan and usings the airtel

    isp DNS servers as dns ip address and the default gate way as 192.168.1.1 (ip add of the

    dsl modem). All Pcs are connected in a workgroup.
    when in full use my users complain of certain web pages not opening. when i ping internet

    addresses like yahoo or google i get 2 reply packets and 2 lost packets. i suspect that a

    single broadband connection is not able to sustain 50 simultaneous downloads/browsing. is

    there any device which connect to both DSL and make one line so that its give me high

    (can i used DUAL WAN ROUTER.suggest me how it work or configure on my Lan…….)
    speed simultaneous browsing .help needed urgently.

  7. hi,
    Can anyone tell me, where to look in my system if my friend has send me ping request, for his IP ?

Comments are closed.