Ping is named after the sound of active sonar ("Ping... Ping..."). It is used to measure Latency (time to response) and Availability. It uses a specific protocol called ICMP (Internet Control Message Protocol). Crucially, ICMP does not use Ports (unlike TCP/UDP). It works at Layer 3 (Network Layer), just like IP.
The Exchange
1. You type `ping 8.8.8.8`.
2. Your PC sends an ICMP Echo Request (Type 8).
3. The server receives it and sends back an ICMP Echo Reply (Type 0).
4. Your PC calculates the time difference (Round Trip Time - RTT) and displays "time=14ms".
1. Why do some servers not reply?
Often, you try to ping a website and getting "Request Timed Out", but the website works fine in browser.
This is because Firewalls often block ICMP Request packets to prevent "Ping Floods" or network mapping scanning.
Blocking Ping does not mean the server is down. It just means it's ignoring you.
2. Understanding TTL (Time To Live)
In the ping output, you see `TTL=54`. This is not a time in seconds. It is a Hop Count.
Every time a packet passes through a router, the TTL is decreased by 1.
If TTL reaches 0, the router kills the packet (to prevent infinite loops) and sends back "Time Exceeded".
Hackers use TTL to guess the OS:
- Linux/Unix usually starts at 64.
- Windows usually starts at 128.
If you see TTL=54, it likely started at 64 and passed through 10 routers (64 - 10 = 54). So it's a Linux box.
3. The Ping of Death
In the 90s, sending a "malformed" ping packet larger than the maximum IP packet size (65,535 bytes) would crash Windows 95 instantly.
Modern OSes are patched against this, but the concept of overwhelming a network stack remains relevant in DDoS attacks.