The art of Ping
For the normal user like me before, ping is just a matter of tool that I use to know whether a node is up or down. But as time goes on, ping can be a death ping to a node, ping also can detect the OS of remote hosts. Previously I tried to solve a misterious shut down of a server (which I bet is an act of misconduct of some people). Looking at the log, and I got the host. After looking at the Nmap output, I got the Cisco router's MAC address. Confused. Ping helps. Also using traceroute, we can know how many hops the host need to connect to the router.
Afterall, ping Time To Live,TTL also helps:
@zalzalah ~ $ ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.061 ms
TTL=64 is for Linux
$ ping sun
PING sun (sun) 56(84) bytes of data.
64 bytes from sun: icmp_seq=1 ttl=254 time=0.278 ms
TTL=254 is for Sun (each hop will minus 1 from the default,which is 255)
For windows it has different TTL(you can google it afterwards). We can know how many hops by using traceroute and also ping TTL. Cool eh?
For the normal user like me before, ping is just a matter of tool that I use to know whether a node is up or down. But as time goes on, ping can be a death ping to a node, ping also can detect the OS of remote hosts. Previously I tried to solve a misterious shut down of a server (which I bet is an act of misconduct of some people). Looking at the log, and I got the host. After looking at the Nmap output, I got the Cisco router's MAC address. Confused. Ping helps. Also using traceroute, we can know how many hops the host need to connect to the router.
Afterall, ping Time To Live,TTL also helps:
@zalzalah ~ $ ping localhost
PING localhost (127.0.0.1) 56(84) bytes of data.
64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.061 ms
TTL=64 is for Linux
$ ping sun
PING sun (sun) 56(84) bytes of data.
64 bytes from sun: icmp_seq=1 ttl=254 time=0.278 ms
TTL=254 is for Sun (each hop will minus 1 from the default,which is 255)
For windows it has different TTL(you can google it afterwards). We can know how many hops by using traceroute and also ping TTL. Cool eh?
Comments
1. Window 2000 Server
linuxlah@algorhythm ~ $ ping 192.168.x.x
PING 192.168.x.x (192.168.x.x) 56(84) bytes of data.
64 bytes from 192.168.x.x: icmp_seq=1 ttl=128 time=1.01 ms
2. HP/UX
linuxlah@algorhythm ~ $ ping 192.168.x.x
PING 192.168.x.x (192.168.x.x) 56(84) bytes of data.
64 bytes from 192.168.x.x: icmp_seq=1 ttl=254 time=0.485 ms
3. Gentoo Linux
linuxlah@algorhythm ~ $ ping localhost
PING algorhythm.xxxxxxx.com (127.0.0.1) 56(84) bytes of data.
64 bytes from algorhythm.xxxxxx.com (127.0.0.1): icmp_seq=1 ttl=64 time=0.126 ms
4. FreeBSD 5.4-stable
linuxlah@algorhythm ~ $ ping 192.168.x.x
PING 192.168.x.x (192.168.x.x) 56(84) bytes of data.
64 bytes from 192.168.x.x: icmp_seq=1 ttl=64 time=1.17 ms