ping command usage and judgment of target host operating system

1. ping command

When sending a packet to an IP address, the other party will return a packet of the same size. According to the returned packet, the existence of the target host can be determined, and the operating system of the target host can also be preliminarily judged. It can be used to check whether the network is unblocked.
Computer "start" - "run", enter cmd in the pop-up dialog box to enter the command interpreter.

1.1 ping command format

• ping 127.0.0.1
  Test the TCP/IP protocol of this machine. If it fails, it indicates that there are some problems in the installation or operation of TCP/IP protocol.

  
  
   

  

  1.1 ping 127.0.0.1.jpg
• Ping 192.168.1.3 (local IP address)
  Test the local network configuration. If there is no response, there is a problem with the local connection IP address information configuration.
• ping 192.168.1.5 (IP address of other hosts in LAN)
  This command passes through the network card and network cable to other computers, and then returns. The reply indicates that the local network is running normally. If 0 echo replies are received, the subnet mask may be incorrect or there may be other problems with the network card configuration.
• ping www.baidu.com
  Execute the ping command on the domain name. If no response is returned, the IP address configuration of the DNS server may be incorrect or the DNS server may be faulty.

1.2 other uses of Ping

The problem can only be seen by increasing the package ping. At this time, we should enter the ping website or IP -t -l 1000 and press enter
ping 192.168.1.1 -t -l 1000   # Indicates continuously ping 1000 bytes
ping 192.168.1.1 -t -n 100   # It means that the system will end after 100 pings
ping 192.168.1.1 -r 9           # - The value of R is 1-9, and the maximum is 9,   Query the number of routes passed

1.3 use the ping command to view the target host operating system

Microsoft Windows [Version 6.1.7601]
copyright (c) 2009 Microsoft Corporation. All rights reserved.

C:UsersAdministrator>ping 192.168.5.1
 Is Ping 192.168.5.1 Data with 32 bytes:
From 192.168.5.1 Reply from: byte=32 time=1ms TTL=64
 From 192.168.5.1 Reply from: byte=32 time=2ms TTL=64
 From 192.168.5.1 Reply from: byte=32 time=1ms TTL=64
 From 192.168.5.1 Reply from: byte=32 time=1ms TTL=64

192.168.5.1 of Ping statistical information :
    data packet: has been sent = 4，Received = 4，lose = 0 (0% lose)，
Estimated round trip time(In Milliseconds ):
    minimum = 1ms，Longest = 2ms，average = 1ms

C:UsersAdministrator>

About TTL in ping command

TTL (Time To Live) when we use the ping command, a TTL value will be carried in the returned result. The meaning of this thing is actually Time To Live, which refers to the restriction that packets can "survive" in the network. In the past, this restriction method was to set a Time (Time in Time To Live comes from this). When the message is transmitted in the network, if the Time exceeds this limit, the "routing point" of the last received message will throw it away and do not continue forwarding. Later, the Time limit was changed to the hop limit, that is, when the message is transmitted in the network, the preset TTL value will be reduced by 1 every Time it passes through a "routing point", until the last TTL=1, the message will be thrown away and will not be forwarded downward.

Routing point: I mean the machine that completes the routing function here, because not only the router can complete the routing forwarding function. For example, the host can configure routing forwarding.

TTL decreases by 1 every time it passes through an ip sublayer. The TTL field value can help us identify the operating system type:

UNIX And class UNIX operating system ICMP Echo response TTL The field value is 255
Compaq Tru64 5.0 ICMP Echo response TTL The field value is 64
 Microsoft Windows NT/2K operating system ICMP Echo response TTL The field value is 128
 Microsoft Windows 95 operating system ICMP Echo response TTL The field value is 32

But there are some special cases:

LINUX Kernel 2.2.x & 2.4.x ICMP Echo response TTL The field value is 64

FreeBSD 4.1, 4.0, 3.4;
Sun Solaris 2.5.1, 2.6, 2.7, 2.8;
OpenBSD 2.6, 2.7,
NetBSD
HP UX 10.20
ICMP Echo response TTL The field value is 255

Windows 95/98/98SE
Windows ME
ICMP Echo response TTL The field value is 32

Windows NT4 WRKS
Windows NT4 Server
Windows 2000
ICMP Echo response TTL The field value is 128

In this way, we can identify the target host operating system through this method:

operating system TTL
LINUX 64
WIN2K/NT 128
WINDOWS Series 32
UNIX Series 255