ping command usage and judgment of target host operating system
1. ping command
When sending a packet to an IP address, the other party will return a packet of the same size. According to the returned packet, the existence of the target host can be determined, and the operating system of the target host can also be preliminarily judged. It can be used to check whether the network is unblocked.
Computer "start" - "run", enter cmd in the pop-up dialog box to enter the command interpreter.
1.1 ping command format
Test the TCP/IP protocol of this machine. If it fails, it indicates that there are some problems in the installation or operation of TCP/IP protocol.
1.1 ping 127.0.0.1.jpg
- Ping 192.168.1.3 (local IP address)
Test the local network configuration. If there is no response, there is a problem with the local connection IP address information configuration.
- ping 192.168.1.5 (IP address of other hosts in LAN)
This command passes through the network card and network cable to other computers, and then returns. The reply indicates that the local network is running normally. If 0 echo replies are received, the subnet mask may be incorrect or there may be other problems with the network card configuration.
- ping www.baidu.com
Execute the ping command on the domain name. If no response is returned, the IP address configuration of the DNS server may be incorrect or the DNS server may be faulty.
1.2 other uses of Ping
ping 192.168.1.1 -t
ping 192.168.1.1 -t -l 1000 # Indicates continuously ping 1000 bytes
ping 192.168.1.1 -t -n 100 # It means that the system will end after 100 pings
ping 192.168.1.1 -r 9 # - The value of R is 1-9, and the maximum is 9, Query the number of routes passed
1.3 use the ping command to view the target host operating system
Microsoft Windows [Version 6.1.7601] copyright (c) 2009 Microsoft Corporation. All rights reserved. C:UsersAdministrator>ping 192.168.5.1 Is Ping 192.168.5.1 Data with 32 bytes: From 192.168.5.1 Reply from: byte=32 time=1ms TTL=64 From 192.168.5.1 Reply from: byte=32 time=2ms TTL=64 From 192.168.5.1 Reply from: byte=32 time=1ms TTL=64 From 192.168.5.1 Reply from: byte=32 time=1ms TTL=64 192.168.5.1 of Ping statistical information : data packet: has been sent = 4，Received = 4，lose = 0 (0% lose)， Estimated round trip time(In Milliseconds ): minimum = 1ms，Longest = 2ms，average = 1ms C:UsersAdministrator>
About TTL in ping command
TTL (Time To Live) when we use the ping command, a TTL value will be carried in the returned result. The meaning of this thing is actually Time To Live, which refers to the restriction that packets can "survive" in the network. In the past, this restriction method was to set a Time (Time in Time To Live comes from this). When the message is transmitted in the network, if the Time exceeds this limit, the "routing point" of the last received message will throw it away and do not continue forwarding. Later, the Time limit was changed to the hop limit, that is, when the message is transmitted in the network, the preset TTL value will be reduced by 1 every Time it passes through a "routing point", until the last TTL=1, the message will be thrown away and will not be forwarded downward.
Routing point: I mean the machine that completes the routing function here, because not only the router can complete the routing forwarding function. For example, the host can configure routing forwarding.
TTL decreases by 1 every time it passes through an ip sublayer. The TTL field value can help us identify the operating system type:
UNIX And class UNIX operating system ICMP Echo response TTL The field value is 255 Compaq Tru64 5.0 ICMP Echo response TTL The field value is 64 Microsoft Windows NT/2K operating system ICMP Echo response TTL The field value is 128 Microsoft Windows 95 operating system ICMP Echo response TTL The field value is 32
But there are some special cases:
LINUX Kernel 2.2.x & 2.4.x ICMP Echo response TTL The field value is 64 FreeBSD 4.1, 4.0, 3.4; Sun Solaris 2.5.1, 2.6, 2.7, 2.8; OpenBSD 2.6, 2.7, NetBSD HP UX 10.20 ICMP Echo response TTL The field value is 255 Windows 95/98/98SE Windows ME ICMP Echo response TTL The field value is 32 Windows NT4 WRKS Windows NT4 Server Windows 2000 ICMP Echo response TTL The field value is 128
In this way, we can identify the target host operating system through this method:
operating system TTL LINUX 64 WIN2K/NT 128 WINDOWS Series 32 UNIX Series 255