Monday, October 26, 2009

How Ping works

This article deals with how ping works and how arp works:


How PING command works?

Ping is used to test whether our computer is able to reach any other computer in the network.

Now, let me ping 10.10.1.7. The output is shown here.

how ping works

The step by step procedure of how ping works:

My computer prepares a short message called as "ICMP Echo Request" and sends it out on the line.

One such message I captured using a sniffer software is given here.

 

how ping works

Let us decode this message.

See the item in yellow color background : "abcdefghijklmnopqrstwabcdefghi" This is the echo message. It is 32 bytes or 32 characters. Actually "61" represents "a" in ascii. "62" is "b".and so on.

In green color background "0a 0a 01 07". It is 10.10.1.7 which is the IP address I was pinging.

Here comes the important piece:

In blue color background "00 50 ba d9 80 00" is there. This is the MAC address of the destination computer. But I typed just the IP address of thedestination computer (10.10.1.7). How my computer got the mac address which is available inside the Network Interface card of 10.10.1.7?

My computer sent a broadcast message asking "Whoever be holding 10.10.1.7, Kindly tell me your mac address. I am having a mesage for you.

The screenshot of this broadcast message i have given here.

 

how ping works

==================================

From the above discussion what we learnt is : To send a message to a computer, just the ip address is not enough. The MAC address of that computer is also a must. To get the mac address, the sender, sends a broadcast message. If there are 800 computers in the LAN, then all the 800 computers will receive this broadcast message. But only the concerned computer will send back the reply telling its mac address. The reply is NOT a broadcast.

========================================

Next comes another issue:

The IP address of Yahoo.com is 209.131.36.159. If I ping this IP then what will happen? As per the above discussion, my computer will send a broadcast message asking "Who is 209.131.36.159?". But yahoo.com is in the other end of the world. Will my computer send broadcast to each and every computer in the world.? It is practically not feasible.

So my computer should send the broadcast ONLY IF the destination computer is in my Local Area Network. Believe me! It is using the subnet mask to find out whether the destination computer is in its local area or not.

 

 

 

 

 

 

 

 

1 comment: