7 ping program
7.1 Introduction "ping" This name is from the sonar positioning operation. The PING program is written by Mike MUUSS, the purpose is to test whether another host is up to. This program sends a ICMP return request message to the host and waits for returning ICMP to return to answer. (Figure 6.3 lists all ICMP packet types.) Generally, if you can't ping to a host, then you can't Telnet or FTP to host. Conversely, if you can't Telnet to a host, you can usually use the ping program to determine where the problem is. The PING program can also measure the round trip time of this host to indicate that the host has "far". In this chapter, we will use the PING program as a diagnostic tool to in depth analysis of ICMP. Ping also provides us with opportunities for detecting IP record routing and timestamp options. Chapter 11 of Literature [Stevens 1990] provides source code for the PING program.
(Below is the original book P.851 "we can make this unlimited assertion a few years ago, if we can't ping to a host, then you can't Telnet or FTP hosts. With the enhancement of Internet security awareness, routers and firewalls that provide access control lists have emerged, so that there is no defined assertion that is not established. The reaches of a host may not depend on whether the IP layer is up to, depending on what protocols and port numbers. The results of the PING program may show that a host is not reachable, but we can use Telnet to remotely log in to the No. 25 port (mail server) of the host.
7.2 PING program We call the Ping program that sent backup request for the customer, and is called the host for the PING. Most TCP / IP implementations support PING server directly in the kernel - this server is not a user process. (Our two ICMP query services, address masks, and timestamp requests described in Chapter 6 are also processed directly in the kernel.) ICMP returns and echo replies packets are shown in Figure 7.1 .
Figure 7.1 ICMP returns request and echo answer packet format
For other types of ICMP query packets, the server must respond to the identifier and the serial number field. In addition, the option data sent by the customer must be exposed, assuming that the customer is interested in this information. The UNIX system is the ID number of the identifier field in the ICMP packet when implementing the PING program. This allows the returned information even if multiple PING program instances are running simultaneously on the same host. The serial number starts from 0, and each time the new echo request is sent. The PING program prints out the number of each packet returned, allowing us to see if there is a packet loss, sequel, or repetition. IP is a best datagram pass service, so these three conditions may occur. The old version of the PING program has been run in this mode, which is sent to an echo request per second, and prints the returned answer. However, the implementation of the new version needs to be plus -s parameter to run in this mode. By default, the new version of the PING program only sends an echo request. If you receive the returned answer, "Host IS Alive" is output, otherwise no answer is available in 20 seconds (no answer).
LAN Output The result output of the PING program on the local area network LAN is generally as follows:
(See the original book P.86 1)
When returning to ICMP echo answer, you want to print the serial number and TTL and calculate the round trip time. (TTL is located in the IP header in the IP header. The PING program in the current BSD system prints the received TTL each time you receive the answer ---- Some systems don't do it. We will be on the 8th The TTL usage is introduced in the chapter program.) We can see from the above output, returning the answer is returned by the sequence of sequence (0, 1, 2, etc.). The PING program calculates the round trip time by storing the time value of the sending request in the ICMP message data. When the answer is returned, the time value stored in the ICMP packet is subtracted with the current time, ie the round trip time. Note that the calculation results of the round trip time are 0 ms on the transmitted end BSDI. This is because the timer resolution is low in the program. BSD / 386 version 0.9.4 The system can only provide 10 ms grade timer. (We have more detailed introduction in Appendix B.) In the later chapter, when we view the TCPDUMP output on the system with a higher resolution timer (Sun), ICMP returns request and echo answer The time difference is below 4 ms. The first line output includes the IP address of the destination host, although we specify its name (SVR4). This shows that the name has been converted into an IP address through a parser. We will introduce the parser and DNS in Chapter 14. Now, we found that if you type the ping command, you will print an IP address in the first line for a few seconds, and DNS uses this time to determine the IP address corresponding to the host name. The TCPDUMP output in this example is shown in Figure 7.2. Figure 7.2 Results of running the PING program on the LAN
From the sending back visual request, the retraction answer is received, and the time interval is always 3.7 ms. We can also see that the return request is sent once every 1 second. Typically, the first round-trip time value is much larger than other. This is because the hardware address of the destination is not in the ARP cache. As we saw in Chapter 4, we need to send an ARP request and receive the ARP answer before sending the first echo request, which takes a few milliseconds. The following example illustrates this:
(See the original book P.88 1)
Multiple 3 MS in the first RTT is likely to be because the time spent on sending ARP requests and receiving ARP answers. This example is running on the Sun host, which provides a timer with a microsecond resolution, but the PING program can only print the round trip time of milliseconds. In the example in the BSD / 386 version 0.9.4, the printed round trip time value is 0 ms because the timer can only provide an error of 10 ms. The following example is the output of the BSD / 386 version 1.0, which provides the timer that also has a microsecond level resolution, so the output of the PING program also has a higher resolution.
(See the original book P.88 2)
The WAN output is on a wide area network WAN, and the result will have a lot. The following example is the operation result when the Internet has normal traffic at a working day:
(See the original book P.88 3)
Here, the sequence number is 1, 2, 3, 4, 6, 10, 11, 12, and 13 echo request or echo answer to a certain place is lost. In addition, we noticed that the round trip time has changed great changes. (Like 52% of the high group loss rate is not normal. Even in the afternoon of working days, it is not normal for the Internet.) It is possible to see repeated packets (packets of the same serial number through WAN). It is printed twice or more), and the sequence of packets (the group of N 1 is printed before the sequence number N).)
The line SLIP link lets us take a look at the round trip time on the SLIP link because they often run at low speed asynchronous methods, such as 9600 b / s or less. Recall that our serial line throughput calculated in Section 2.10. In response to this example, we set the SLIP link transmission rate between host BSDI and SLIP to 1200 b / s. Below we can estimate round trip times. First, we can notice from the previous PING program output example, and the ICMP packet sent by default has 56 bytes. Plus 20 bytes of IP headers and 8 bytes of ICMP headers, the total length of the IP datagram is 84 bytes. (We can run the Tcpdump -e command to view Ethernet data frames to verify this.) In addition, we can know from Section 2.4, at least two additional bytes: add end characters at the beginning and end of the datagram. In addition, the SLIP frame may also add some bytes, but depending on the value of each byte in the datagram. For 1200 b / s rate, since each byte contains 8 bit data, 1 bit start bit and 1 bit end bit, the transmission rate is 120 bytes per second, or each byte 8.33 ms . So we can estimate 1433 (86 × 8.33 × 2) MS. (Take 2 is because we calculate the round trip time.) The following output confirms our calculation: (see the original book P.89 1)
(For SVR4, if you send a request per second, you must take -s parameter.) The round trip time is approximately 1.5 seconds, but the program remains once every 1 second to send an ICMP echo request. This shows that two echo requests have been sent before the first echo answer returns (1.480 seconds), which has been sent (at 0 seconds and 1 seconds). This is why the summary line points out that a group is lost. In fact, the group is not lost, it is likely to be on the way back. We will look back when discussing the TraceRoute program in Chapter 8 and discusses this low speed SLIP link.
The Coiled SLIP link is some change in the Co-order SLIP link because the modem is added to the two ends of the link. The modem (9600 b / s), V.42 error control mode (also referred to as LAP-M), and V.42BIS data compression mode is provided (also known as LAP-M), and V.42BI data compression mode. This indicates that our simple calculation for line link parameters is no longer accurate. Many factors may affect. The modem brings time delay. As the data is compressed, the length of the packet may be reduced, but the length of the packet length may increase due to the use of the error control protocol. In addition, the modem of the receiving end can only be released after verifying the loop inspection character (inspection, and). Finally, we have to handle the computer asynchronous serial interface of each end, and many operating systems can only read these interfaces within a fixed time interval or after receiving several characters. As an example, we put the host Gemini on the Sun host, the output results are as follows:
(See the original book P.90 1)
Note that the first RTT is not an integer multiple of 10 ms, but other rows are an integer multiple of 10 ms. If we run the program, it is found that each result is like this. (This is not the result of the clock resolution on the Sun host, because the test results according to the Appendix B can know that its clock can provide millisecond levels of resolution. Also note that the first RTT is more than other Big, and then decrement in turn, then hover between 280 and 300 ms. We let it run for a minute to two minutes, and RTT has been in this range and will not be less than 260 ms. If we calculate RTT (exercise 7.2) at a rate of 9600 b / s, then the value we observed should be approximately 1.5 times the estimate. If you run the Ping program for 60 seconds and calculate the average of the observed RTT, we found the average of 277 ms in V.42 and V.42bis mode. (This is better than the average of the previous example, because the run is longer, so that the start longer is flat.) If we close the V.42BIS data compression mode, the average is 330 ms. If we close the V.42 error control mode (it also closes the V.42BIS data compression mode), the average is 300 ms. The parameters of these modems on the RTT have a large impact, and it seems that the error control and data compression mode seems to be the best. 7.3 IP Recording Routing Options PING program provides us with an opportunity to view the IP record route (RR) option. Most different versions of PING programs provide -r parameters to provide the function of recording routing. It allows the PING program to set the IP RR option in the IP datagram file sent (the IP datagon contains ICMP returns request packets). Thus, each router that processes the datagram put its IP address into the option field. When the data is reported to the destination, the IP address list should be copied to the ICMP echo answer, so that the router address through the return on the way is also added in the list. When the PING program receives an echo answer, it prints this IP address list. This process sounds simple, but there are some defects. The source host generates the RR option, the process of the intermediate router pairs the RR option, and copy the RR inventory in the ICMP Request to ICMP Election Answer, all of this is the option function. Fortunately, most systems now support these options, just some systems do not copy the IP list in the ICMP request to the ICMP answer. However, the biggest problem is that there is only a limited space in the IP header to store IP addresses. We can see from Figure 3.1 that the header field in the IP header has only 4 bits, so the entire IP header can only include 15 32 bit long words (ie, 60 bytes). Since the IP header is 20 bytes, the RR option uses to 3 bytes (below we discussed), so there is only 37 bytes (60 - 20 - 3) to store the IP address list, that is, only Can store 9 IP addresses. For early Arpanet, 9 IP addresses seem much, but now it seems very limited. (In Chapter 8, we will use the Traceroute tool to determine the route of the datagram.) In addition to these shortcomings, the record routing option works very well, and provides a chance to detail how to handle IP options. The general format of the RR option in the IP datagram is shown in Figure 7.3.
Figure 7.3 General Format of Recording Routing Options in the IP header
Code is a byte that specifies the type of IP option. For the RR option, its value is 7. LEN is the total byte length of the RR option, in which case is 39. (Although you can set the length of the RR option than the maximum length, the PING program always provides a 39-byte option field, up to 9 IP addresses. Because the space left to the option is limited, it is generally Set to the maximum length.) PTR is called a pointer field. It is a 1-based pointer, pointing to the location of an IP address. Its minimum is 4, pointing to the location where the first IP address is stored. As each IP address is stored in the list, the values of PTR are 8, 12, 16, up to 36. When the 9 IP addresses are recorded, the value of the PTR is 40, indicating that the list is full. Which address should it record when the router records the IP address in the list (according to the definition should be a multi-point)? Is the entrance address or an exit address? To this end, RFC 791 [Postel 1981A] specifies the router record the exit IP address. Let's see later that when the original host (host running the PING program) receives the ICMP returns answer with the RR option, it also puts its entry IP address in the list. Normal example we will raise an example of running a PING program with a RR option. We run the PING program to the host SLIP on the host SVR4. An intermediate router (BSDI) will process this datagram. The following is the output of SVR4:
(See the original book P.92 1)
The four stations passed by the group are shown in Figure 7.4 (two stations in each direction), each station adds his IP address to the RR list.
Figure 7.4 PING program with record routing options
The router BSDI has added different IP addresses in different directions. It always adds the IP address of the exit to the list. We can also see that when ICMP returns an answer to the original system (SVR4), it adds its own entry IP address to the list. We can also view packet exchanges on host Sun by running TCPDump commands with -V parameters (see IP options). The output is shown in Figure 7.5.
Figure 7.5 Recording the TCPDUMP output of the route option
Optlen = 40 in the output indicates that there are 40 bytes in the IP header. (IP header must be an integer multiple of 4 bytes.) RR {39} means that the record routing option has been set, its length field is 39. Then, 9 IP addresses, symbol "#" to mark the IP address pointed to by the PTR field in the RR option. Since we observe these packets (see Figure 7.4) on the host Sun (see Figure 7.4), we can see the IP address list in the ICMP backup request is empty, and the ICMP returns 3 IP addresses. We omitted other rows in TCPDUMP output because they are basically consistent with Figure 7.5. The tag eol at the end of the routing information indicates the value of the IP option "end of list". The value of the EOL option can be 0. At this time, the RR data of 39 bytes is located in the 40-byte space in the IP header. Since the spatial option is set to 0 before the data report transmission, the 0 characters followed by the 39-byte RR data are explained as EOL. This is the result we want. If there are multiple options in the option fields in the IP header, you must fill in the blank character before starting the next option, and you can also use another value of 1 special character NOP ("No Operation").
(Download Here is the original book P.931) In Figure 7.5, SVR4 is set to 32 in the return request, and BSD / 386 is set to 255. (It printed is 254 because the router BSDI has subtracted it 1.) The new system sets the TTL in the ICMP packet to the maximum (255). In the three TCP / IP systems used by the authors, BSD / 386 and SVR4 support record routing options. That is to say, when forwarding the data report, they can update the RR list correctly, and correctly copy the RR list in the received ICMP backup request to the export ICMP echo answer. Although SunOS 4.1.3 can update the RR list correctly when forwarding a datagret, the RR list cannot be copied. Solaris 2.x has made this issue has been modified. The example below is observed by the author, and we discuss it as a starting point for ICMP indirect packets as Chapter 9. We are on the subnet 140.252.1 Subnet Ping Host AIX (accessible on the host Sun can be accessed) and have a record routing option. Running on the SLIP host has the following output:
(See the original book P.94 1)
We have already run this example on the host BSDI. Now let's choose SLIP to run it, observe all 9 IP addresses in the RR list. What is doubtful in the output is why the data reported (ICMP echo request) passed directly from NetB to AIX, while the returned datagram (ICMP rebounded) is starting from AIX to the router Gateway to Netb ? It is a feature of the IP route option we will describe below. The route through the datagram is shown in Figure 7.6.
Figure 7.6 Running the PING program with record routing options to display the features of IP routing selection
The problem is that AIX does not know that IP data to be dedicated to the IP data of the subnet 140.252.13 to the host NetB. Instead, AIX has a default item in its routing table, which indicates that all data specified by the router GATEWAY is issued to the default item when there is no clear way to a destination host. Router Gateway has stronger routing capabilities than any host on the subnet 140.252.1. (There are more than 150 hosts on this Ethernet. There is a default item to the router Gateway, so you don't have to run a routing daemon on each host.) One problem without answering here Why is Gateway not sending ICMP packets to change route to AIX (9.5) to update its routing table? For some reason (probably due to changes in the datagram, the route is not generated by the change of ICMP returns). But if we log in to the Daytime server on AIX with Telnet, ICMP will generate change routes, so it is updated in the routing table on AIX. If we follow the PING program with record routing options, whose routing indicates that the datagram is from Netb to AIX, and then returns Netb, and no longer passes the router Gateway. In Section 9.5 we will discuss the problem of ICMP change route in more detail.
7.4 IP Time Stamp Option IP Time Stamp Options Similar to the Record Routing Options. The format of the IP timestamp option is shown in Figure 7.7 (compared to Figure 7.3).
Figure 7.7 General format of the timestamp option in the IP header
The code for the timestamp option is 0x44. The other two fields LEN and PTR are the same as the recording routing option: the total length of the option (typically 36 or 40) and the pointer (5, 9, 13, etc.) indicating the next available space. The next two fields are 4 bit values: OFF indicates the overflow field, the FL represents the flag field. The operation of the timestamp option is performed according to the flag field, as shown in Figure 7.8. (The following is a translation of Figure 7.8) Sign Description 0 Record timestamp, as we see in Figure 7.7. 1 Each router records its IP address and timestamp. Only the four pairs of addresses and timestamps are stored in the list of options. 3 The sender is initialized to the option list, stores 4 IP addresses and four timestamp values having 0. It is only logged when the next IP address in the list matches the current router address. Figure 7.8 Timestamp Options Significance of Different Sign Field Values
If the router does not increase the timestamp option due to no space, it will increase the value of the overflow field. The value of the timestamp is generally the number of milliseconds starting from midnight, UTC, similar to the ICMP timestamp request and answering. If the router does not use this format, it can insert any time representative it used, but you must turn on the high position in the timestamp to indicate a non-standard value. Compared to the restrictions of the records we have encountered, the timestamp options encountered the situation to be worse. If we want to record the IP address and timestamp (the flag bit 1), then you can store four pairs of values. Only record the timestamp is useless, because we do not indicate the correspondence between the timestamp and the router (unless we have a constant topology). The logo value 3 will be better because we can insert the timestamp of the router. A more basic problem is that you are likely to not control the correctness of any given router on the timestamp. This makes it possible to calculate the number of jump stations between the router with the IP options. We will see (Chapter 8) The Traceroute program can provide a better way to calculate the hop between the router.
7.5 Small knot PING is a basic tool for testing two TCP / IP system connectivity. It only uses ICMP to return request and return to answer packets without having to pass through the transport layer (TCP / UDP). Ping servers typically implement ICMP functionality in the kernel. We analyzed the output results of the PING program on the LAN, WAN, and Lines, and the SLIP link throughput on the serial line was calculated. We also discuss and use the PING IP record routing option. Using this IP option, we can see how it often uses the default route. In Chapter 9 we will return to this discussion topic again. In addition, we also discussed the IP timestamp option, but it is restricted when practical use.
Exercise 7.1 Draw the timeline of the PING output in Section 7.2. 7.2 If the SLIP link between the BSDI and the SLIP host is set to 9600 b / s, calculate the RTT at this time. Assume that the default data is 56 bytes. 7.3 The PING program in the current BSD version allows us to specify a model for the data section of the ICMP packet. (The first 8 bytes of the data section do not have to store the mode because it is stored in the time of sending packets.) If we specify the mode 0xc0, please recall the answer from the previous question. (Tip: Read Section 2.4.) 7.4 Use Compressed SLIP (CSLIP, see Section 2.5) affects the time value in the ping output you see in Section 7.2? 7.5 What does the ping loopback address and PING Ethernet address do?
7-7
