I have mentioned to a few people, on occasions, that ping doesn't really tell you much about the availability of services you may be interested in troubleshooting.
When I have explained this in the past, I don't think everyone understood what I was saying (some detailed networking knowledge is required to understand the issues) so here is an attempt to clarify why "ping" doesn't work very well, and offer a better solution.
Ping may (or may not) tell you if there is some level of network connectivity between source and destination, and can be very useful in a LAN environment where there are no firewalls.
However, it is not service-focused and can be very misleading, especially for internet service troubleshooting where firewalls are involved.
1) Just because a host does not respond to ping, does not mean that there is a problem
- ICMP packets (used in by the traditional ping command) are often blocked on firewalls as a recommended security feature. This is used to block malicious network reconnaissance and potential denial-of-service attacks, from ping-flooding and "ping-of-death" for example
2) Just because a host does respond to ping, does not mean that it is working perfectly fine
- Most services run on specific UDP or TCP ports, ICMP is a different protocol, and proves nothing about whether the service you are troubleshooting is available and responding
- Even if the server is up, and the service is running, this does not mean that you have the appropriate network access to connect to the service (a firewall could be blocking the relevant ports/protocols) so how can you test that?
How to use hping
hping3 is far more advanced than the ping command, is available for various platforms http://wiki.hping.org/download and offers many options.
There is quite an extensive set of options in the help
usage: hping3 host [options]
-h --help show this help
-v --version show version
-c --count packet count
-i --interval wait (uX for X microseconds, for example -i u1000)
--fast alias for -i u10000 (10 packets for second)
--faster alias for -i u1000 (100 packets for second)
--flood sent packets as fast as possible. Don't show replies.
-n --numeric numeric output
-q --quiet quiet
-I --interface interface name (otherwise default routing interface)
-V --verbose verbose mode
-D --debug debugging info
-z --bind bind ctrl+z to ttl (default to dst port)
-Z --unbind unbind ctrl+z
--beep beep for every matching packet received
default mode TCP
-0 --rawip RAW IP mode
-1 --icmp ICMP mode
-2 --udp UDP mode
-8 --scan SCAN mode.
Example: hping --scan 1-30,70-90 -S www.target.host
-9 --listen listen mode
-a --spoof spoof source address
--rand-dest random destionation address mode. see the man.
--rand-source random source address mode. see the man.
-t --ttl ttl (default 64)
-N --id id (default random)
-W --winid use win* id byte ordering
-r --rel relativize id field (to estimate host traffic)
-f --frag split packets in more frag. (may pass weak acl)
-x --morefrag set more fragments flag
-y --dontfrag set dont fragment flag
-g --fragoff set the fragment offset
-m --mtu set virtual mtu, implies --frag if packet size > mtu
-o --tos type of service (default 0x00), try --tos help
-G --rroute includes RECORD_ROUTE option and display the route buffer
--lsrr loose source routing and record route
--ssrr strict source routing and record route
-H --ipproto set the IP protocol field, only in RAW IP mode
-C --icmptype icmp type (default echo request)
-K --icmpcode icmp code (default 0)
--force-icmp send all icmp types (default send only supported types)
--icmp-gw set gateway address for ICMP redirect (default 0.0.0.0)
--icmp-ts Alias for --icmp --icmptype 13 (ICMP timestamp)
--icmp-addr Alias for --icmp --icmptype 17 (ICMP address subnet mask)
--icmp-help display help for others icmp options
-s --baseport base source port (default random)
-p --destport [+][+]
-k --keep keep still source port
-w --win winsize (default 64)
-O --tcpoff set fake tcp data offset (instead of tcphdrlen / 4)
-Q --seqnum shows only tcp sequence number
-b --badcksum (try to) send packets with a bad IP checksum
many systems will fix the IP checksum sending the packet
so you'll get bad UDP/TCP checksum instead.
-M --setseq set TCP sequence number
-L --setack set TCP ack
-F --fin set FIN flag
-S --syn set SYN flag
-R --rst set RST flag
-P --push set PUSH flag
-A --ack set ACK flag
-U --urg set URG flag
-X --xmas set X unused flag (0x40)
-Y --ymas set Y unused flag (0x80)
--tcpexitcode use last tcp->th_flags as exit code
--tcp-timestamp enable the TCP timestamp option to guess the HZ/uptime
-d --data data size (default is 0)
-E --file data from file
-e --sign add 'signature'
-j --dump dump packets in hex
-J --print dump printable characters
-B --safe enable 'safe' protocol
-u --end tell you when --file reached EOF and prevent rewind
-T --traceroute traceroute mode (implies --bind and --ttl 1)
--tr-stop Exit when receive the first not ICMP in traceroute mode
--tr-keep-ttl Keep the source TTL fixed, useful to monitor just one hop
--tr-no-rtt Don't calculate/show RTT information in traceroute mode
ARS packet description (new, unstable)
--apd-send Send the packet described with APD (see docs/APD.txt)
To show how it works, let's have a look at some simple examples.
1) Suppose you want to check that a webserver is listening on TCP port 80, you can use hping to send a TCP SYN on port 80
hping3 -p 80 -S hostname
2) Similarly with an SMTP server
hping3 -p 25 -S hostname
Let's look at what happens with wireshark:
Basically hping is sending a series of TCP SYN packets, receiving the SYN/ACK (but not fully establishing the threeway handshake with an ACK). So we can see that the server is listening on that port, and willing to accept a TCP connection.
Other uses for hping
hping3 has extensive uses for IT Security testing here is one example; using hping as a port scanner
hping3 -p ++1 -S 192.168.1.254
HPING 192.168.1.254 (wlan0 192.168.1.254): S set, 40 headers + 0 data bytes
len=44 ip=192.168.1.254 ttl=64 id=26293 sport=21 flags=SA seq=20 win=4096 rtt=2.1 ms
len=44 ip=192.168.1.254 ttl=64 id=26308 sport=23 flags=SA seq=22 win=4096 rtt=2.0 ms
len=44 ip=192.168.1.254 ttl=64 id=26654 sport=80 flags=SA seq=79 win=4096 rtt=1.9 ms
Here we can see the ++1 port option, and can see from the result that this system is responding on ports 21, 23, and 80 (FTP, Telnet and HTTP)
More reading is available here http://wiki.hping.org/33