Description of the Ping and Tracert Tools (217014)



The information in this article applies to:

  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows NT Server 4.0
  • Microsoft Windows 98

This article was previously published under Q217014

SUMMARY

This article describes the Ping and Tracert tools.

MORE INFORMATION

Ping

Ping verifies connections to remote computers. It sends Internet Control Message Protocol (ICMP) echo packets to a computer and listens for echo reply packets. Ping waits for up to 1 second for each packet sent, and prints the number of packets transmitted and received to the console. This tool is available only if you install TCP/IP.

Ping Example

The following example was obtained using Network Monitor. In an ICMP packet, the Ping tool pads the data field with 32 bytes of data (the alphabet).

ICMP: Echo, From x.x.x.x To x.x.x.x
ICMP: Packet Type = Echo
ICMP: Checksum = 0x965B
ICMP: Identifier = 2048 (0x800)
ICMP: Sequence Number = 44800 (0xAF00)
ICMP: Data: Number of data bytes remaining = 32 (0x0020)

00000: 60 9F 17 00 01 01 00 01 D052 58 80 08 00 45 00
00010: 00 3C E1 0C 00 00 20 01 7B B4 0C 4A 65 BE D0 88
00020: FB 6F 08 00 96 5B 08 00 AF 00 61 62 63 64 65 66 abcdef
00030: 67 68 69 6A 6B 6C 6D 6E 6F 70 71 72 73 74 75 76 ghijklmnopqrstuv
00040: 77 61 62 63 64 65 66 67 68 69 wabcdefghi

Tracert

Tracert determines the route taken to a destination by sending ICMP echo packets with varying time-to-live (TTL) values to the destination. Before forwarding a packet, each router along the path is required to decrement the TTL value on a packet by at least 1, so the TTL value is effectively a hop count. When the TTL value on a packet reaches 0, the router sends back an ICMP "Time Exceeded" message to the source computer. Tracert determines the route by sending the first echo packet with a TTL value of 1 and incrementing the TTL value by 1 on each subsequent transmission until the target responds, or the maximum TTL value is reached. The route is determined by examining the ICMP "Time Exceeded" messages sent back by intermediate routers. Some routers silently drop packets with expired TTL values and are invisible to Tracert.

Tracert Example

The following example was obtained using Network Monitor. In an ICMP packet, the Tracert tool pads the data field with 64 bytes of all zeros.

ICMP: Echo, From 12.74.101.190 To 208.136.251.111
ICMP: Packet Type = Echo
ICMP: Checksum = 0x5DFF
ICMP: Identifier = 2048 (0x800)
ICMP: Sequence Number = 37376 (0x9200)
ICMP: Data: Number of data bytes remaining = 64 (0x0040)

00000: 60 9F 17 00 01 01 00 01 D0 52 58 80 08 00 45 00
00010: 00 5C 68 09 00 00 01 01 13 98 0C 4A 65 BE D0 88
00020: FB 6F 08 00 5D FF 08 00 92 00 0000 00 00 00 00 ...........
00030: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000 ................
00040: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................

REFERENCES

For additional information about ICMP packets, please see the following article in the Microsoft Knowledge Base:

170292 Internet Control Message Protocol (ICMP) Basics

You can also find additional information in the following Request for Comments (RFC) documents: RFC 950, RFC 792, and RFC 1122. For information about obtaining RFC documents from the Internet, please see the following article in the Microsoft Knowledge Base:

185262 How to Obtain Request for Comments Documents from the Internet


Modification Type:MinorLast Reviewed:12/20/2004
Keywords:kbinfo KB217014