Ping is one of the oldest and most basic network diagnostic tools. It’s present in just about every modern, and even not-so-modern, operating system.
In concept, the tool is very, very simple: it sends out an “Are you there?” kind of request, and expects to hear back a “Yes, here I am!” kind of response.
Very basic, very simple, and yet very powerful as a first line of network troubleshooting.
The ping command line
The ping command runs in a Windows Command Shell (or a Linux/Mac/BSD/Solaris/etc. terminal window – it’s a very ubiquitous command), and has a very basic syntax at it’s core:
For example, if you open a command window and type in “ping askleo.com”, you’ll see something like this:
Pinging ask-leo.com [188.8.131.52] with 32 bytes of data:
Reply from 184.108.40.206: bytes=32 time=69ms TTL=47 Reply from 220.127.116.11: bytes=32 time=70ms TTL=47 Reply from 18.104.22.168: bytes=32 time=69ms TTL=47 Reply from 22.214.171.124: bytes=32 time=69ms TTL=47
Ping statistics for 126.96.36.199: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 69ms, Maximum = 70ms, Average = 69ms
There’s a lot of information in the results of a ping, and I’m not going into all the geeky details, but here are some of the basic and important things ping does:
- “Pinging ask-leo.com [188.8.131.52]” Ping only knows how to communicate with IP addresses, so the first thing it did when I asked it to ping “askleo.com” was to look up the corresponding IP address. This is one of the quickest ways I know to determine the IP address associated with a domain. Also, if this look-up fails, you’ll know there’s a typo in the domain name, or the domain name look-up (DNS) is failing for some reason.
- “Reply from 184.108.40.206” This tells you that the remote server at that IP address replied. What that means, though, is that the entire route across the internet, from your machine through routers and switches and networking equipment and whatever else, worked, as did the return path carrying the server’s reply. If this fails, (“timed out”) then something along the connection between you and the server might be broken, the server might be offline, or the server might not even exist. It’s also possible the server is explicitly configured not to respond to ping requests.
- “time=69ms” This is the round trip time: the time between sending “Are you there?” and receiving “Yes I am!”. In this case, it took 69 milliseconds. Since the ping is repeated several times, you can see that this time is fairly consistent, which is good. The time varies depending on many factors, including how close you are to the remote server, how many routers and other networking equipment are between you and that server, and more. In the example above, the ping was from me in the Seattle area to the Ask Leo! server housed in Michigan.
- “Sent = 4, Received = 4” One of the things TCP/IP is designed to deal with is packet loss. Ideally, every packet you send should get to where it’s going, but for various reasons, that doesn’t always happen. As long as the packets can get there after a retry or two, in normal usage you’d never notice. Ping sends multiple packets and reports specifically on the success rate, so you can see if a particular connection is prone to packet loss.
- “Approximate round trip times” While on average the same kind of packet sent to the same destination should take roughly the same amount of time, that’s also not always the case. Some packets take longer than others, for reasons as diverse as the equipment involved and paths followed. Ping reports these statistics so you can see if a particular connection is prone to this type of problem.
Ping also includes several options (type “ping -?” for a list), but the simplest use as above is probably the most common.
What’s your name?
There’s one usage that is not intuitive, but is something I use all the time. As you’ve seen above, ping can be used to translate a domain name quickly into its corresponding IP address (i.e. “askleo.com” into “220.127.116.11”). But it can also do the reverse:
[C:]ping -a 18.104.22.168
Pinging askleo.com [22.214.171.124] with 32 bytes of data:
Reply from 126.96.36.199: bytes=32 time=67ms TTL=47 ...
When I add the “-a” switch to ping and give it an IP address, ping does what’s called a “reverse DNS lookup” and displays the domain name that is assigned to that IP address. This is very handy at times, since many IP addresses are also assigned fairly descriptive domain names.
The results of a reverse DNS lookup can have three types of responses:
- The name of the website hosted at or domain assigned to that IP address. As you can see above, at this writing, askleo.com is at 188.8.131.52, and 184.108.40.206 maps back to askleo.com.
- The name of another website hosted at or domain assigned to the same IP address. Shared hosting companies commonly place many websites on a single server and a single IP address. For example, checking a client’s web site, I found that over 3,000 other websites were at the same IP address.1 Reverse DNS could be set to return any of these, or, more typically, a server name that is meaningful to the hosting company.
- Nothing at all. A reverse DNS entry is actually not required.
Aside from a quick tool for DNS and reverse-DNS look-ups, ping is most commonly used simply to verify basic connectivity between two machines. The ping service is typically one of the first and simplest services to be loaded onto a server, and runs independently of any other. Often, websites may be inaccessible because of a software problem, but the server on which they are hosted still responds to a ping. That helps determine that there isn’t a connectivity problem, but rather a problem on the server itself.
It’s also worth noting that some servers actively disable responding to ping requests, for assorted security-related reasons. For example, even though the server is most definitely up and running, you typically cannot ping “microsoft.com”, which times out; but on the other hand, you can ping “google.com”. In fact, pinging a site like “google.com” or “yahoo.com” is often a quick way to ensure that your own internet connection is, in fact, working.
A note about IPv6
The examples above all use the currently common IPv4 IP addresses: four numbers between 0 and 255 separated by periods. IPv6 is very slowly becoming more common. Pinging an IPv6 address will look different.
[C:]ping google.com Pinging google.com [2607:f8b0:4007:808::200e] with 32 bytes of data: Reply from 2607:f8b0:4007:808::200e: time=118ms Reply from 2607:f8b0:4007:808::200e: time=75ms Reply from 2607:f8b0:4007:808::200e: time=146ms Reply from 2607:f8b0:4007:808::200e: time=150ms
Ping statistics for 2607:f8b0:4007:808::200e: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 75ms, Maximum = 150ms, Average = 122ms
An IPv6 IP address is a series of hexadecimal numbers (digits 0-9, and a-f) separated by colons. Otherwise the functionality and results of a ping are the same.