how does 'ping' command really work?

networking ping arp network-protocols

94,070

Solution 1

If you really want to understand, there is an excellent (very well written) white paper here.

Here is the summary:

Ping (Program on the application layer.
Opens a 'raw' socket to IP layer.
IP layer (Layer 2 on OSI) packages ICMP packet and sends it.

Since there is no TCP layer in between, the Ping (program) has to monitor all the incoming ICMP packets and filter only the one's from the destination.

Hope that helps.

Solution 2

Assuming the ping involves a packet being sent over an Ethernet or WiFi network, ARP is used to find the Ethernet hardware address of the device that receives the outbound packet. Typically this will be the router for the LAN the machine originating the ping is on.

The typical process is:

You enter a command to ping a destination.
DNS is used to determine the IP address (if needed).
The routing table is consulted to find the next hop towards that destination.
ARP is used to find the hardware address of the next hop.
The IP packet is sent to the next hop, encapsulated in an Ethernet or WiFi frame.

Solution 3

Ping is actually two different ICMP (Internet Control Message Protocol) packets.

To ping a host you first send a ICMP Echo Request Packet, the host will then reply with an ICMP Echo Reply.

For more information see: https://en.wikipedia.org/wiki/Ping_(networking_utility)

Solution 4

ARP provides a MAC address, but sometimes if there is no DMAC address, the broadcast address is used.

This frame using broadcast DMAC is called as ARP broadcast frame, with this we get DMAC address.

Solution 5

Ping and ARP are different things located at different layers in the network protocol stack.

Ping is at network layer (or Internet layer - Have a look to ICMP protocol like pointed out by @ServerMonkey).

Arp protocol is at link level (a lower level). Arp protocol is designed to allow physical connection between network hardware, that is directly connected.

In TCP/IP network stack, every layer uses the layer below to forward its data, encapsulating it inside the low level protocol. Each layer is independent from the other and possibly unaware of the other levels specific details and implementations (this is not always true: see cross-layer function).

View more solutions

94,070

liv2hak

Updated on September 18, 2022

Comments

liv2hak over 1 year

How does the ping command really work? Specifically where does the ARP (Address Resolution Protocol) come into picture?

I was asked this question in an interview and I was not able to come up with a scenario when ARP could be used.
- Admin about 13 years
  
  Look into ICMP.
- Admin about 13 years
  
  ARP is used to get the MAC address of a specific IP address. When you need to send a packet on ethernet you need the MAC address of the destination.
Jess Stone about 13 years

yes.but ping implementation would require some code at L2 (link layer.).does ARP come into play at Layer 2.
Jess Stone about 13 years

@liv2hak. no. ping implementation lay on the below link layer.
barlop over 9 years

@liv arp is often said to be layer 2.5 ICMP is often said to be layer 3.5 Layers are more about fields than code. And if you want to say that ping implementation requires code at layer 2, well, with any implementation of anything, by definition, you can't have a layer without layers below it.
jmiserez almost 9 years

The only answer here that actually answers the question!