What is ping and how does it work?
Ping (Packet InterNet Groper) is a basic internet program that enables a user to test and verify if a particular destination Internet Protocol (IP) address is reachable and can respond to network requests. Ping is based on Internet Control Message Protocol (ICMP) and is one of the most widely used tools for diagnosing internet and network problems.
The ping utility was created in 1983 by computer scientist Mike Muuss. He was inspired by the principle of echolocation, and ping is named after the sonar echoes that submarines use to detect objects and measure their distance underwater. In computer network administration, ping can be used as both a noun and a verb. As a noun, ping refers to the utility program Muuss developed. As a verb, ping refers to the act of using the program to troubleshoot network connectivity issues.
The term ping has also entered everyday speech to mean sending a quick message. This usage evolved from the way ping works -- it sends a message and waits for a reply, much like people do when communicating online. Over time, tech professionals began using ping informally to mean "I'll get back to you." The phrase caught on outside the IT world, and today, "I'll ping you" is widely understood across different industries and age groups to mean "I'll message you."
How does ping work?
Ping works by sending an ICMP echo request to a specified device on the network and waiting for a reply. If the targeted device is available, it responds by immediately sending an echo reply packet.
The ping command usually sends multiple ICMP echo requests to a remote host to assess its availability and responsiveness. If the host is reachable, each reply includes information about the number of bytes received and the round-trip time (RTT) for the response. Ping also provides a time to live (TTL) value. This indicates how many network hops a packet can traverse before it is discarded.
After the requests are sent, ping displays a summary that includes the total number of packets sent and received, the percentage of packets lost and the average RTT values. This information helps users troubleshoot connectivity and performance issues.
If the target device is unavailable, is unresponsive or is blocking ICMP traffic, the sender may receive a "Request timed out" message, a "Destination host unreachable" message or a "General failure" message. In some cases, the sender may receive no response at all.
How to run ping
Ping can be run from a command-line interface (CLI) or terminal prompt. To begin, the user enters the word ping followed by the destination domain name or IP address.
Most operating systems (OSes) support options to modify how ping behaves. For example, users can specify the number of echo requests to send, or they can have ping run continuously until it is manually stopped.
What is ping used for?
Ping is used for basic tasks related to network connectivity and network performance:
- Ping can verify whether a remote server, router, website or other network device is reachable over a network.
- The program can also be used to measure a packet's RTT and evaluate network latency. Latency describes how long it takes for a data packet to travel back and forth across a network.
- Because ping typically sends multiple packets, it can be used to report on packet loss. Packet loss occurs when data packets traveling across a network fail to reach their destination. Packet loss may be the result of an unreliable network connection, network congestion, firewall restriction or hardware failure.
- Ping can also be used to test the IPv4 loopback address (127.0.0.1) and verify that the local TCP/IP stack is functioning properly on the host machine.
Since ping is a simple, straightforward program, it is easy to incorporate into scripts for automated testing and diagnostics. If the pings are successful but the response time is slow, a speed test can provide more information.
Ping and speed tests
A speed test is a diagnostic tool that can be used to check how fast an internet connection is. It measures three things: how quickly data can be downloaded, how quickly data can be uploaded and the RTT for a device to talk to a server and get a response. The time between sending the request and receiving the reply is measured in milliseconds (ms).
Speed test services often have a network of servers around the world. Before performing the download and upload speed tests, they typically ping several nearby servers to identify the one with the lowest latency. This ensures that the subsequent speed measurements are as accurate as possible for the user's location.
It's important to understand, however, that, while a speed test can reveal that latency is a problem, it doesn't show where in the network the delay is occurring. For that level of detail, traceroute is the preferred tool.
Ping and traceroute
Traceroute is a diagnostic tool that maps the path a packet takes through the network. It shows each hop along the route and measures how long it takes for a packet to reach each one.
Traceroute can be used with ping to pinpoint where latency or packet loss is occurring. This information can be especially valuable when latency is high or when ping results are inconsistent. Essentially, traceroute helps identify the segment of the network where the slowdown begins.
How to use ping in troubleshooting
When used together, speed tests, ping and traceroute create a three-pronged approach to troubleshooting. The speed test can confirm that a problem exists, ping can measure device responsiveness and traceroute can identify where the issue lies in the network path.
For example, if a user can't access a website, ping can determine whether the destination server is reachable. If it is reachable, a speed test can be used to evaluate network connection speeds, and traceroute can show if a connection is failing at a specific hop between the user's device and the website's server.
Today, virtually every OS with network support includes ping for troubleshooting purposes. However, the exact implementation varies slightly among manufacturers. Windows includes ping.exe in the command prompt by default. MacOS comes with the ping utility in the terminal, and Linux/Unix distributions typically have ping in /bin or /usr/bin.
While ping is not included in the standard user interface for most mobile OSes, ping functionality can be acquired through a dedicated mobile app or terminal emulator. For added convenience, many network appliances and routers include a built-in ping feature that's accessible through either a CLI or a web-based management interface. This enables administrators to test connectivity directly from the device.
What is ping spoofing?
Ping spoofing, also known as IP spoofing, is a type of network attack in which threat actors falsify the source IP address in ICMP echo request packets to disguise the sender's identity and/or redirect responses to another device.
In a legitimate ping interaction, the source IP address in the ICMP echo request packet is that of the sender, and the destination device replies directly to the sender's address with an echo reply. In a spoofed ping, the attacker modifies the packet header to make it appear as though the request came from a different IP address. This way, the target's replies are misdirected to the spoofed (fake) IP address.
Effects of ping spoofing
Ping spoofing is often used as part of larger attack strategy, where the main goal is to overwhelm the victim's server by sending it an extremely large number of echo request packets within a short period of time. The resulting responses tie up the server's resources and can make the server inaccessible to legitimate users.
Historically, ping spoofing was used in amplification-based attacks, like ping of death. Ping of death is a type of distributed denial-of-service (DDoS) attack in which an attacker sends oversized ping packets to crash a targeted system.
How to detect ping spoofing
Ping spoofing can be difficult to detect because fraudulent echo request packets are designed to appear as if they come from a legitimate source.
To identify suspicious or spoofed ping traffic, one of the first things to look for is an unusually high number of ICMP echo requests that target the same host and are sent from the same IP address.
To investigate further, network administrators can analyze network logs and packet headers and look for anomalies such as malformed ICMP packets, inconsistent TTL values or improbable source IP locations. These signs, especially when seen in large volumes, may also indicate spoofing attempts.
How to defend against ping spoofing
In the past, one of the most common ways for admins to defend against ping spoofing was to use a firewall. Firewalls, along with access control lists on routers or switches, can filter incoming ICMP packets and apply rules that block traffic appearing to originate from forged or invalid source IP addresses.
Today, detecting ping spoofing is easier than it was in the past. Modern network monitoring tools and intrusion detection systems -- especially those enhanced with AI and machine learning capabilities -- can be configured to programmatically identify abnormal ICMP traffic patterns and alert administrators to potential spoofing activity. These advanced systems are also capable of recognizing subtle anomalies that probably would have gone unnoticed by traditional rule-based security tools.
What is ping in gaming?
Ping is a useful tool for online gaming because it measures latency, and latency can directly affect how an online game behaves during real-time play. Low latency has less delay between a player's action, like moving or shooting, and the server's response. High latency can result in noticeable lag, delayed actions or desynchronization between the player and the game server.
Many factors can affect the ping rate in gaming, including the following:
- Physical distance between the user's gaming system and the gaming server.
- The amount of network traffic at a specific point in time.
- The available bandwidth and how it is distributed over a shared network connection.
Most multiplayer games display ping values in their interface to help players monitor connection quality, and many matchmaking systems use ping to pair players with game servers that are geographically close or have low latency for all participants. This helps to minimize lag and ensure a more synchronized and responsive gameplay experience for everyone involved.
A ping rate over 150 ms typically results in noticeable lag that can negatively affect gameplay, especially in real-time games. Professional gamers and serious players generally consider a ping rate under 50 ms to be optimal. Some competitive players even aim for RTT values in the 15-20 ms range.
It should be noted that the easiest way for gamers to improve latency is to sign up for a dedicated internet access (DIA) line. Unlike a shared connection, DIA allows a gamer to connect directly to the internet service provider's network. This eliminates the need to share network bandwidth with other users, which, in turn, reduces latency.
Ping in Discord
Discord is a chat and video app that's popular with gamers. In the context of this app, the term ping is used to describe a notification that's generated by Discord when someone tags another user. When one user sends a ping to another user, the sender uses the @ symbol before the receiver's nickname (e.g., @TechTargetWhiz) or role (e.g., @Admin). The ping then pops up on the receiver's screen and notifies them of the message.
Pings can be directed to individual users or groups of people assigned to specific roles. Discord also supports mass pings using @here, which notifies all online users in a channel, and @everyone, which notifies all members of the server, regardless of their online status. Because excessive pinging can be distracting, it's considered good etiquette to use pings sparingly and post in the appropriate channel.
Now that you're familiar with the definition of ping and know what this utility program is used for, it's time to learn more about other network issues and how to troubleshoot them.
