ping -f shows problems but regular ping doesn't
Solution 1
Some machines (hosts, firewalls or routers) will, if they allow ICMP transit at all, throttle ICMP ping requests/responses to avoid performance (CPU or network) being impaired by excessive ping activity. Using -f without setting a reasonable interval (see -i parameter to ping) is discouraged in most environments as it can be disruptive (in effect -f -c 100 sends 100 ping requests back to back with no gap between them). Whilst you might use -f as a parameter (always with conservative -c and/or -i parameters) on your own network most other network administrators won't want you doing it on theirs.
Solution 2
I would perhaps suggest using Nmap to do a packet trace might give you an idea of where the packets are getting lost.
http://nmap.org/book/output-formats-commandline-flags.html#output-formats-ex-packettrace
Another idea have you tried doing it while specifying an interval to slow it down a bit
ping -f -i 0.5 google.co.uk
if you don't get such a massive amount of packet loss with that could indicate a firewall or something blocking it.
Related videos on Youtube
09 : 21
04 : 37
07 : 37
16 : 38
03 : 03
sajal
Updated on September 17, 2022Comments
-
sajal over 1 year
I have a strange issue, hosting at Softlayer Washington data center.
Test from an EC2 instance to my server at Softlayer :-
[root@EC2-box ~]# ping -f -c 100 MY-SL-BOX PING MY-SL-BOX (MY-SL-BOX) 56(84) bytes of data. .................................................. --- MY-SL-BOX ping statistics --- 100 packets transmitted, 50 received, 50% packet loss, time 743ms rtt min/avg/max/mdev = 2.464/2.906/3.606/0.220 ms, ipg/ewma 7.505/2.927 ms [root@EC2-box ~]#Test from an EC2 instance to www.softlayer.com (or any other website):-
[root@EC2-box ~]# ping -f -c 100 www.softlayer.com PING www.softlayer.com (66.228.118.51) 56(84) bytes of data. --- www.softlayer.com ping statistics --- 100 packets transmitted, 100 received, 0% packet loss, time 1168ms rtt min/avg/max/mdev = 35.143/35.485/36.216/0.211 ms, pipe 4, ipg/ewma 11.804/35.518 ms [root@EC2-box ~]#Test from my server at softlayer to EC2 instance :-
[root@MY-SL-BOX ~]# ping -f -c 100 7EC2-box PING 7EC2-box (7EC2-box) 56(84) bytes of data. ................................................. --- 7EC2-box ping statistics --- 100 packets transmitted, 51 received, 49% packet loss, time 866ms rtt min/avg/max/mdev = 2.067/2.378/2.679/0.131 ms, ipg/ewma 8.756/2.414 msTest from my server at softlayer to www.softlayer.com instance :-
[root@MY-SL-BOX ~]# ping -f -c 100 www.softlayer.com PING www.softlayer.com (66.228.118.51) 56(84) bytes of data. .................................................... --- www.softlayer.com ping statistics --- 100 packets transmitted, 48 received, 52% packet loss, time 1424ms rtt min/avg/max/mdev = 33.677/34.041/34.693/0.240 ms, pipe 4, ipg/ewma 14.386/34.083 msNote.. in all the above cases, when I don't use the "-f" option, there is no packet loss at all. 7EC2-box and MY-SL-BOX are real IPs. I masked them to post here.
If I do a traceroute to any other IP from my server, and even ping -f the first node shown there, it shows a 50% packet loss, and no loss without "-f".
I spoke to the support, and they said that since there is no problem without the "-f" there is no issue here.
Are they right?
It's odd that the "ping -f" from any external network to any site shows no loss but only to mine.
I've been searching for an hour now, would be very grateful if someone can point me to some detailed instructions for testing packet loss.
-
Admin almost 15 yearswhat is -f supposed to do, because on my server (debian) it just does 'gui' type stuff? -
Admin almost 15 years-f Flood ping. For every ECHO_REQUEST sent a period
.is printed, while for ever ECHO_REPLY received a backspace is printed. This provides a rapid display of how many packets are being dropped. If interval is not given, it sets interval to zero and outputs packets as fast as they come back or one hundred times per second, whichever is more. Only the super-user may use this option with zero interval. -
Admin almost 15 years@Mark that was my point how would that effect in any way packet-loss>
-
Admin almost 13 yearsFrom the man page: Outputs packets as fast as they come back or one hundred times per second, whichever is more.
-
-
sajal almost 15 yearsyour explanation makes sense. The support ticket has been escalated. If the ISP tells me that they are throttling ICMP at the firewal, my worries will do away and ill get on with my work.
-
sajal almost 15 yearsslowing down shows no packet loss. speeding up to -i 0.1 also shows no loss. probably mas's answer (serverfault.com/questions/39568/… ) explains whats going on.
-
duffbeer703 almost 15 yearsIf we observed that sort of behavior on our network, the IPS would generate an event and the on-call network staff would likely disable the port that your server was connected to. :)
-
sajal almost 15 yearsconfirmed. Tech support told me the firewal throttles ICMP requests to 50/sec ... that explains 50 packets received ... using option -c 50 -f shows no packet loss...
-
mas almost 15 yearsThanks for the confirmation. I'm pleased you don't have a packet loss problem that needs fixing.
