Summary # 4
How Does Ping Really Work?
In the IT field, there are commands that we use every day. Of these, we use the command ping all of the time. Ping is a command that was generated to test the connectivity of a computer to a network. What happens is the host’s computer sends out a series of packets to the designated ip address or host name and the receiving computer/interface sends back a reply of how fast the packets were received and at what rate. If the computer is not connected, no response will be received and the command will fail out. Looking at TCP/IP model we see it is split into 4 layers; the Network Access layer, Internetworking Layer, Host-to-Host Layer, and the Application Layer. ICMP which is an integral part of the TCP/IP model lies at layer 3 with IP and addressing. ICMP allows for network administration and operation functionality. This is the layer that allows us to use the ping command. Upon initiating the ping command the first step it takes is to open a raw socket sensitivity only to ICMP. This creates two functions or input and output. When the output occurs, an ICMP echo request is sent out containing the IP header and the Ethernet header. The input breaks down the incoming ICMP messages and retrieves the information it needs. Taking a closer look at the outbound message it is always coded in value eight and the code field contains a zero, always. When dealing with incoming ICMP messages the process for ping is more involved. This is because of the raw ICMP socket that ping uses. This cause is to receive a copy of all incoming messages with a few minor exceptions. This naturally means that ping sees everything. This includes, naturally the echo reply, destination unreachable, source quench, and time exceeded messages. PID, an identification tool is used to identify the messages. When the requests are received by the ping command, the IP header is still intact. So, now ping has access to...