Ping and Privileged Extended Ping Commands

These commands are available for Cisco, Microsoft, and UNIX platforms.

The ping utility can determine basic connectivity. It is based on the specifications for RFC 1256 and RFC 791. Ping is assigned a low priority. It is not an indicator of performance, and it is not used for other more sophisticated tests. During a ping test, the host sends an ICMP echo packet and receives a reply ICMP message if basic connectivity exists.

NOTE An ICMPv6 is available for the IPv6 protocol (see RFC 1885).

The IOS-based ping can be used in two modes: user mode and ping EXEC mode (or Privileged Ping). The user mode ping command is for users who do not have privileged mode access to the device. The command syntax is as follows:

Router>ping [protocol] [host | address]

The protocol option allows you to define several options such as IP, source-route bridging (SRB), and tag. Only the non-verbose form is available, and if the host address can be resolved by the Domain Name System (DNS) server, the ping command returns !!!!!. If it

cannot be resolved by DNS, the host returns If it fails, it is always a good idea to try to ping by IP address and bypass possible DNS issues. The command returns success rate in percent and RTT in minimum, average, and maximum. For example, if you see a RTT value equal to 50 ms, 500 ms, and 5 seconds, your next questions is: Is this what I should expect, or is this far from the baseline? These questions can be answered by using ping and knowing the topology of the network, the baseline, the expected performance characteristics, and the way that the traffic is carried (local exchange carriers [LECs], inter-exchange carriers [IXCs], local loop, and if it is dial, ISDN, Frame Relay, or any other technology). As an example, for satellite-based VPN connections, 0.7 seconds RTT is what you should expect; however, this RTT is unacceptable for Frame Relay.

The extended ping is much more useful and interesting for troubleshooting. The command provides a variety of options for protocols such as IP, Internetwork Packet Exchange (IPX), AppleTalk, Connectionless Network Service (CLNS), Digital Equipment Corporation net (DECnet), Virtual Integrated Network Service (VINES), and Xerox Network Systems (XNS). The results can be interpreted differently (see Example 4-3).

Example 4-3 Example of Extended Ping to

Router#ping Protocol [ip]:

Target IP address: Repeat count [5]: 100 Datagram size [100]: 3000 Timeout in seconds [2]: 3 Extended commands [n]: y Source address or interface: Type of service [0]: Set DF bit in IP header? [no]: Validate reply data? [no]: Data pattern [0xABCD]: 0x0000

Loose, Strict, Record, Timestamp, Verbose[none]: Sweep range of sizes [n]: Type escape sequence to abort.

Sending 100, 3000-byte ICMP Echoes to, timeout is 3 seconds: Packet has data pattern 0x0000

The first important consideration is the ability to modify the repeat count (the default is 5), datagram size, and the timeout period (the default is 2). A higher number of ICMP echoes creates traffic for a longer period of time, and combined with the increased size of the packet (3000 bytes), allows you to test Point-to-Point Protocol (PPP), Multilink PPP (MPPP), and Multichassis Multilink PPP (MMP) (see Part II, "Dial," and Part III, "ISDN," for more detail on PPP, MPPP, and MMP) for dialup or ISDN connections, and for thresholds, reliability, txload, and rxload in some interfaces. It is rare to receive a timeout greater than two seconds in wired networks; however, the option is available and can be used accordingly in a wireless environment. One indicator for successfully running compression over a WAN connection is a non-proportional increase in RTT, when you

112 Chapter 4: Troubleshooting Approaches, Models, and Tools increase the packet size following every test. This is based on the fact that the compression ratio is not a linear function of the packet size.

RFC 791 defines different types of reports that can be used to analyze connectivity issues. The reports are Loose, Strict, Record, Timestamp, and Verbose, and are based on the content of the IP packet. The same is true for TOS parameters and for setting the fragmentation bit. The latter plays a significant role in some connectivity issues and MTU issues in VPN solutions. This, combined with the sweep range of sizes, automatically modifies the packet size and determines the minimum MTU in the path.

NOTE More about MTU is discussed in Chapter 21, "Remote Access VPN Troubleshooting."

Regarding data patterns, in some instances, it is not appropriate to use the Cisco standard 0xABCD sequence because some connectivity tests are much more productive based on certain specifics of the technology. In T1 and Primary Rate Interface (PRI) connectivity issues, the ones density requirement requires a certain number of 1s to be available. Their absence is referred to as a loss of signal (LOS) (see Chapter 3, "The Cloud"). Running 0x0000 or 0xffff provides more information than a standard Cisco sample. Another example for the same purpose is 0xAAAA, 0xA5A5, and 0x4040. Because of the specifics of T1 lines, it is recommended that you use the 0x0000 pattern for testing. Long series of 0s are indistinguishable from LOS (see Chapter 3 and Chapter 7, "Dial Troubleshooting"), so if the T1 is functional, a zero-insertion procedure is in effect (see Part IV, "Frame Relay"). 0xFFFF helps to localize repeater power problems, and 0x4040 is recommended for timing problems. It is also recommended to use different patterns when testing the compression ratio in a lab environment because of the deficiencies in the standard 0xABCD pattern.

In general, ping returns the following replies:

• U—Destination unreachable

• N—Network unreachable

• P—Protocol unreachable

ICMP type messages are listed in Table 4-3.

When the ICMP type is 3 (destination unreachable), the ICMP codes identify the failure. The failures are defined in Table 4-4.

Table 4-3 ICMP Type Messages and Descriptions

Table 4-4

Table 4-3 ICMP Type Messages and Descriptions

ICMP Type Message

Description of ICMP Types


Echo Reply


Destination Unreachable


Source Quench


Redirect Message


Echo Request


Time Exceeded


Parameter Problem


Timestamp Request


Timestamp Reply


Information Request (No Longer Used)


Information Reply (No Longer Used)


Address Mask Request


Address Mask Reply

ICMP Codes When the ICMP TYPE Is 3—Destination Unreachable

ICMP Codes for the ICMP Message

Type = 3—Destination Unreachable Description


Network unreachable


Host unreachable


Protocol unreachable


Port unreachable


Fragment needed and Don't Fragment (DF) bit set


Source route failed


Network unknown


Host unknown


Source Host isolated


Communication with destination network is

administratively prohibited


Communication with destination is administratively



Bad type of service for destination network


Bad type of service for destination host


Administratively blocked by filter

114 Chapter 4: Troubleshooting Approaches, Models, and Tools

Ping tests the end-to-end connectivity, but if the ping fails, it does not provide you with information on where the possible problem exists. The hop-by-hop information is available in the traceroute command, which in a sense extends ping's functionality.

Was this article helpful?

+1 0

Post a comment