Number 227 - April 2002
All You Ever Wanted to Know About PING!
from The Ping Page
The following is from The Ping Page! <www.ping127001.com> Researched and Produced by PING 127.0.0.1 Computer Services, New York City, NY, USA - Updated July, 2001
What the Heck is PING?
    First of all, what exactly is Ping? In the course of doing research, it has been found that it has taken on several distinct meanings.

    One is that Ping is actually an acronym for the words 'Packet INternet Groper'.

    Another is that it is, in fact, not an acronym at all, but a noun that was adopted from a verb that the US Navy that uses to describe what its submarines do when looking for objects under the sea. Their subs send out sonar waves and then wait for a return wave when it bounces off something, such as another sub, whale, ocean floor etc.

    This, in turn, was adopted from bats and dolphins, who navigate in roughly the same way. This is what a system administrator does when Ping is used. As such, Ping has also evolved into a verb in the computer industry, and it is used in somewhat the same manner of the Navy. (We've all heard the movie maker's version of the ping sound and its "echo" in such submarine movies as "The Search for Red October" - TOGGLE ed)

Application to Computers
    The Ping utility is essentially a system administrator's tool that is used to see if a computer is operating and also to see if network connections are intact. Ping uses the Internet Control Message Protocol (ICMP) Echo function which is detailed in RFC 792 (www.FreeSoft.org/ CIE/ RFC/ 792/). A small packet is sent through the network to a particular IP address. This packet contains 64 bytes - 56 data bytes and 8 bytes of protocol reader information. The computer that sent the packet then waits (or 'listens') for a return packet. If the connections are good and the target computer is up, a good return packet will be received. PING can also tell the user the number of hops that lie between two computers and the amount of time it takes for a packet to make the complete trip. Additionaly, an administrator can use Ping to test out name resolution. If the packet bounces back when sent to the IP address but not when sent to the name, then the system is having a problem matching the name to the IP address.

    As mentioned previously, Ping has also evolved from a noun/acronym into a verb, for example: "Ping server X to see if it is up" The time it takes for the packet to get to the target computer and back again is known as the round trip time. If this takes an extended period of time, it is indicative that something may be wrong. (Sources: Netlingo site (www.netlingo.com), Windows NT Help Menu, Connected: An Internet Encyclopedia site (www.freesoft.org/ CIE/ index.htm), Brown Computer Solutions site) (www.browncs.com), Guide to Practical Linux by Mark G. Sobell

    If you are looking for an even more detailed explanation of Ping and also how to use it in detecting network problems, goto Heavy Ping Detail (www.FreeSoft.org/ CIE/ Topics/ 53.htm). Here is a sample ping packet decode (http://pcausa.com/ resources/ ndispacket_decode.htm)

    Ping was created by Mike Muuss (pronounced "moose") of the Army Research Laboratory in about a day, in December of 1983, in response to network difficulties he encountered. To read the full story of the Ping program, click The History of Ping (http://ftp.arl.mil:80/~mike/ping.html). To learn more about the brilliant inventor of Ping, click the Inventor of Ping (http://ftp.arl.mil:80/~mike). It is worthy to note that Ping is a part of the Linux, Unixand Windows 95/NT operating systems - making the program pretty much distributed all over the planet. This is fantastic accomplishment on Mike's part by any standard.

    Looking for the source code for the first Ping program? Click the Ping Source Code (ping.shar). For complete details on the options available with ping, please go to the FreeBSD Ping manual page (www.freebsd.org/ cgi/ man.cgi?query= ping& sektion= 8&apropos= 0&manpath= FreeBSD+4.3 -RELEASE). FreeBSD also has a Ping command that uses the ICMP6 ECHO_REQUEST datagram (as opposed to standard ICMP ECHO_REQUEST packets) that is called Ping6 (www.freebsd.org/ cgi/ man.cgi?query= ping6& sektion= 8&apropos= 0&manpath= FreeBSD+4.3-RELEASE). Also, here is the Ping manpage (http://linux.com.hk/ man/ showman.cgi?manpath=/ man/ man8/ ping.8.inc). In both FreeBSD and Linux, Ping is in Section 8 of the manpages.

    Since the first Ping program, there have been several additions and enhancements on the basic utility. One of the more fun ones is a utility where an administrator can Ping up to four Internet sites at once. Goto Multiple Ping Gateway (www.tracert.com/ cgi-bin/ ping.pl).

    If you want to set up your site to be a Ping Gateway, feel free to copy the source code from Ping Gateway Source Code (tracert.com/ download/ ping.txt) so that you can install it.

    Two very cool utilities are at the sites PingMe Please.com (www.pingmeplease.com) and Ping 2Me.com (www.ping2me.com/ cgi-bin/ ping.pl) where one can have their computer pinged from a remote site via a web browser.

    Of course, there are those who use something good and turn it into something bad:

The Ping Of Death - ouch
    The Ping Of Death essentially crashes a system by sending a Ping packet that is larger than 65,536 bytes; the default is 64 bytes. An IP datagram of 65,536 bytes usually cannot be sent. But apparently when the packet is chopped up into small pieces as it is sent down the line and then rebuilt at it destination, the sheer size of the packet causes the buffer to overflow. The result can be a reboot, hang, etc. A site in the UK has a detailed explanation of the Ping Of Death (www.pp.asu.edu/ support/ ping-o-death.html)
(Source: Mike Bremford's Homepage).

To Smurf, Have Been Smurfed, Smurfing - no little blue creatures here
    A new threat has emerged on the Internet that once again takes the Ping Utility and twists it around for evil ends. This new practice is called smurfing. Smurfing takes a Ping packet and sends it to a network's broadcast address. This is a specially designated address under which under usual circumstances sends a message to all computers attached to it (up to 255). So, a single Ping packet is increased by a factor of 255 and sent out. Only in this case, the return address is doctored so that the packets are sent to the address that the attacker chooses. To give one an idea of how this can cripple a system, a 28.8 modem can send out 42 64-byte Ping packets per second. When sent to a broadcast network address, this becomes 10,626 packets or 5.2 Mbits of data per second - enough to bring down a T1. (Remember that a T1 is 1.5 Mbits/sec).

    Smurf attackers have now devised ways to have more than one broadcast address send out packets at
once during an attack. Thus, using the previous example, we must increase by a factor of 50 (say if the attacker choses 50 broadcast addresses) the 10,626 packets, which increases the number of packets per second to 531,300. Boom. For more information and an excellent article from Wired magazine, click Smurf Article (www.wired.com/ news/ news/ technology/ story/ 9506.html) (Sources: PC Webopaedia site, Wired site)

    Looking for a funny PING story? (Goto the bottom of the page) PING Story (www.ba.cnr.it/ Embnetut/ Universl/ ping.html# comments)

    What is PING 127.0.0.1 and why was it chosen as the name of the company? Goto Why PING 127.0.0.1(whyping.htm)

    FreeBSD <www.freebsd.org, SourceForge source forge.net> and Additional Ping Utilities

    On a lighter note, please find below a list of Ping utilities from the FreeBSD Unix operating system Ports Collection, the SourceForge compilation of projects and freeware/shareware. Please note that Ping 127.0.0.1 Computer Services makes no claim that the files on the list are virus free; users must download them at their own risk. Ping 127.0.0.1 Computer Services cannot take any responsibility for direct or indirect losses arising from the use of these utilities, viruses included in them (if any) or any related losses thereof; nor do we support the claims that the programmers make for what their programs do. This list is provided for informational purposes only. If there are additional utilities that are not on this list, please feel free to email them to us. Note that there may be some duplicated programs; they are left on for price comparison and download redundancy.

    Ping Utilities from the FreeBSD Net Ports Collection (www.freebsd.org/ ports/ net.html)

    Click on the link to reach the long description; to get the package, go to the long description page, click on the link "Category net" and then go down the alphabetical list to find the Package, Sources, Main Web Site, Maintainer and Requirements for each utility.

    ARPing (www.freebsd.org/ cgi/ url.cgi?ports/ net/ arping/ pkg-descr)

    DHCPing (www.freebsd.org/ cgi/ url.cgi?ports/ net/ dhcping/ pkg-descr)

    Echoping (www.freebsd.org/ cgi/ url.cgi?ports/ net/echoping/ pkg-descr)

    fping (www.freebsd.org/ cgi/ url.cgi?ports/ net/ fping/ pkg-descr)

    hping (www.freebsd.org/ cgi/ url.cgi?ports/ security/ hping/ pkg-descr)

    mtr-gtk (www.freebsd.org/ cgi/ url.cgi?ports/ net/ mtr/ pkg-descr)

    Nsping (www.freebsd.org/ cgi/ url.cgi?ports/ net/ nsping/ pkg-descr)

    Sntop (www.freebsd.org/ cgi/ url.cgi?ports/ net/ sntop/ pkg-descr)

    SourceForge Ping Projects (source forge.net)

    Autostatus (http://sourceforge.net/ projects/ autostatus/)

    Nmap (http://sourceforge.net/ projects/ nmap/)

    PhonePing (http://sourceforge.net/ projects/ phoneping/)

    IPing (http://sourceforge.net/ projects/ iping/)

    Echoping (http://sourceforge.net/ projects/ echoping")

    Sing (http://sourceforge.net/ projects/ sing)

    BTEGPing (http://sourceforge.net/ projects/ btegping/)

    Hping2 (http://sourceforge.net/ projects/ hping2/)

    Timetrial (http://sourceforge.net/ projects/ timetrial/)

    Penemo (http://sourceforge.net/ projects/ penemo/)

    Kpinger (http://sourceforge.net/ projects/ kpinger/)

    Swatcher (http://sourceforge.net/ projects/ swatcher//)

    Additional Freeware/Shareware Ping utilities (in no particular order):

    Wsping32, PingPlus, TJPingPro and Stealth Ping (www.zdnet.com/ anchordesk/ story/ story_1495.html)

    PingIt, Ping Thingy, Pinger, SchizoPing!, Stealth Ping, TJPing, WinPing32, WS_Ping 32 (www.abest.com/ mirrors/ xiaomu/ WWW/ winsock/ win95/ ping.htm)

    WS_Ping ProPack (www.ipswitch.com/ products/ ws_ping)

    IP Ultra Scan (http://members.home.com/ ultra/)

    CyberPing! (http://www.cybertropix.com/ cyberping.shtml# features)

    TJPing and TJPingPro (www.topjimmy.net/ tjs/)

    DDS Ping (www.softwarenow.com/ Network_and_Internet/ Misc_Networking_Tools/ 5039.html)

    Time In (www.monmouth.com/ ~mlin/files/ timein.zip) (this link brings you right to the ftp download)

    PingPong (www.monmouth.com/ ~mlin/files/ timein.zip)

    Pinger (www.abest.com/ mirrors/ xiaomu/ WWW/ winsock/ win95/ ping.htm)

    WS_Ping ProPack (www.ipswitch.com /products/ ws_ping)

    Internet Anywhere Toolkit (www.tnsoft.com/ toolkit.htm)

    Whole lotta Ping: Big Brother, Enhance Ping, Pinger, Ping Plotter, PingPlus, PingPong, Ping Thingy, Servers Alive, Super Ping Machine, TJ Ping, TJ PingPro, URL Pinger, WS-Ping ProPack, XperTrak/Net (www.eunet.fi/tucows/ping95.html)

    If there is any information that you feel might have a place on this page, please feel free to email us at (matt at ping127001.com). Thank you.
  Number 227 - April 2002