Ping and Tracert explained for dummies
I recently looked into how ping and tracert worked only know that they use something called ICMP. Its fairly straight forward (well the basics) so thought I would provide a dummies explanation so don't use this a a foundation of a PHD on ICMP.
Ping is the transfer of a packet of data to a destination. It gets passed from router to router until it gets to the destination.
For the ping to work each router needs to be configured to pass on the packet of data and the destination needs to be configured to respond to the ping.
Many people disable the passing of ping and responding to ping requests for security reasons.
Tracert is simply multiple pings.
The packet of data used in a ping includes a number called the TTL.
The router only passes the packet on to the next ip address if the TTL is greater than 1, if it isn't it returns a TTL expired status and the ip address of the router on which it expire.
When the packet is passed on by a router it decreases the TTL by 1.
This means that if you do a ping with increasing TTL values starting at 1 you should find each router that is used to get to the destination ip address.
So this is what tracert does. It actually does each step 3 times so you can get an average
Try it your self "ping www.site.com -i1" will return the ip address corresponding to the first line in the "tracert www.site.com". (include -a to get the name of the router) In this case my firewall (which isn't named)
The final point to note is that
- a router may not decrease the TTL and so you may not get all the routers.
- a router may be configured to pass on the ping request but not respond,
this will result in a timeout in the tracert but subsequent rows returning
an ip address
- the route each ping takes may be different which can result in the same
router appearing twice. (the internet is just a spider web of networks)
You may wonder why a SQL bod is posting about this well keep posted and you will find out.
-