ping 深入剖析和icmp关系

说实在深入理解ping，实际上并不容易，但是又经常用
这里就要了解 ICMP协议，它属于网络层协议。作为一种面向无连接的协议，
ICMP协议用于传输控制信息，包括报告错误、交换受限控制和状态信息等
ping就是基于ICMP网络协议，探测网络之间的连通性.

查看下相关版本等信息

[root@ht8 network-scripts]# ping -V
ping utility, iputils-s20160308 //ping实用程序，是在iputils这个包里面
//注意iputils是个工具包，包括了arping,ping,tracepath,traceroute等一系列工具
下载地址: http://www.skbuff.net/iputils/  //当前版本 iputils-s20160308

查看:https://sourceforge.net/p/iputils/code/ci/HEAD/tree/

下面是linux ping帮助

[root@ht6 ~]# ping -h
Usage: ping [-aAbBdDfhLnOqrRUvV64] [-c count] [-i interval] [-I interface]
            [-m mark] [-M pmtudisc_option] [-l preload] [-p pattern] [-Q tos]
            [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp_option]
            [-w deadline] [-W timeout] [hop1 ...] destination
Usage: ping -6 [-aAbBdDfhLnOqrRUvV] [-c count] [-i interval] [-I interface]
             [-l preload] [-m mark] [-M pmtudisc_option]
             [-N nodeinfo_option] [-p pattern] [-Q tclass] [-s packetsize]
             [-S sndbuf] [-t ttl] [-T timestamp_option] [-w deadline]
             [-W timeout] destination

如果查看linux比较费劲，我们直接可以对照本机的windows机器来对照着看，这样比较方便

C:\Users\qingshuic>ping /?

用法: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] [-R] [-S srcaddr] [-4] [-6] target_name

选项:
-t Ping 指定的主机，直到停止。
若要查看统计信息并继续操作 - 请键入 Control-Break；
若要停止 - 请键入 Control-C。
-a 将地址解析成主机名。
-n count 要发送的回显请求数。 //linux下是-c
-l size 发送缓冲区大小。
-f 在数据包中设置“不分段”标志(仅适用于 IPv4)。
-i TTL 生存时间。
-v TOS 服务类型(仅适用于 IPv4。该设置已不赞成使用，且对IP 标头中的服务字段类型没有任何影响)。
-r count 记录计数跃点的路由(仅适用于 IPv4)。
-s count 计数跃点的时间戳(仅适用于 IPv4)。
-j host-list 与主机列表一起的松散源路由(仅适用于 IPv4)。
-k host-list 与主机列表一起的严格源路由(仅适用于 IPv4)。
-w timeout 等待每次回复的超时时间(毫秒)。
-R 同样使用路由标头测试反向路由(仅适用于 IPv6)。
-S srcaddr 要使用的源地址。
-4 强制使用 IPv4。
-6 强制使用 IPv6。

man ping (ping是iputils包里面的内容)

PING(8)                                                          System Manager's Manual: iputils                                                         PING(8)
NAME
       ping - send ICMP ECHO_REQUEST to network hosts
SYNOPSIS（概要）
       ping  [-aAbBdDfhLnOqrRUvV46]  [-c  count] [-F flowlabel] [-i interval] [-I interface] [-l preload] [-m mark] [-M pmtudisc_option] [-N nodeinfo_option] [-w
       deadline] [-W timeout] [-p pattern] [-Q tos] [-s packetsize] [-S sndbuf] [-t ttl] [-T timestamp option] [hop ...] destination
DESCRIPTION（描述）
       ping uses the ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway.  ECHO_REQUEST datagrams  (``pings'')
       have an IP and ICMP header, followed by a struct timeval and then an arbitrary number of ``pad'' bytes used to fill out the packet.
       ping works with both IPv4 and IPv6. Using only one of them explicitly can be enforced by specifying -4 or -6.
　　　　//PING　工作在ipv4和ipv6模式下，使用时明确指定即可 -4或-6
       ping can also send IPv6 Node Information Queries (RFC4620-ipv6协议).  Intermediate hops may not be allowed,

       because IPv6 source routing was deprecated (RFC5095-ipv6协议).

OPTIONS
-4 Use IPv4 only.
-6 Use IPv6 only.
-a Audible ping.
-A Adaptive ping. Interpacket interval adapts to round-trip time, so that effectively not more than one (or more, if preload is set) unanswered probe
is present in the network. Minimal interval is 200msec for not super-user. On networks with low rtt this mode is essentially equivalent to flood
mode.
-b Allow pinging a broadcast address.
-B Do not allow ping to change source address of probes. The address is bound to one selected when ping starts.
-c count
Stop after sending count ECHO_REQUEST packets. With deadline option, ping waits for count ECHO_REPLY packets, until the timeout expires.
-d Set the SO_DEBUG option on the socket being used. Essentially, this socket option is not used by Linux kernel.
-D Print timestamp (unix time + microseconds as in gettimeofday) before each line.
-f Flood ping. For every ECHO_REQUEST sent a period ``.'' is printed, while for ever ECHO_REPLY received a backspace is printed. This provides a
rapid display of how many packets are being dropped. If interval is not given, it sets interval to zero and outputs packets as fast as they come
back or one hundred times per second, whichever is more. Only the super-user may use this option with zero interval.
-F flow label
IPv6 only. Allocate and set 20 bit flow label (in hex) on echo request packets. If value is zero, kernel allocates random flow label.
-h Show help.
-i interval
Wait interval seconds between sending each packet. The default is to wait for one second between each packet normally, or not to wait in flood
mode. Only super-user may set interval to values less 0.2 seconds.
-I interface
interface is either an address, or an interface name. If interface is an address, it sets source address to specified interface address. If
interface in an interface name, it sets source interface to specified interface. For IPv6, when doing ping to a link-local scope address, link
specification (by the '%'-notation in destination, or by this option) is required.
-l preload
If preload is specified, ping sends that many packets not waiting for reply. Only the super-user may select preload more than 3.
-L Suppress loopback of multicast packets. This flag only applies if the ping destination is a multicast address.
-m mark
use mark to tag the packets going out. This is useful for variety of reasons within the kernel such as using policy routing to select specific out‐
bound processing.
-M pmtudisc_opt
Select Path MTU Discovery strategy. pmtudisc_option may be either do (prohibit fragmentation, even local one), want (do PMTU discovery, fragment
locally when packet size is large), or dont (do not set DF flag).

-N nodeinfo_option
IPv6 only. Send ICMPv6 Node Information Queries (RFC4620), instead of Echo Request. CAP_NET_RAW capability is required.
help Show help for NI support.
name Queries for Node Names.
ipv6 Queries for IPv6 Addresses. There are several IPv6 specific flags.
ipv6-global
Request IPv6 global-scope addresses.
ipv6-sitelocal
Request IPv6 site-local addresses.
ipv6-linklocal
Request IPv6 link-local addresses.
ipv6-all
Request IPv6 addresses on other interfaces.
ipv4 Queries for IPv4 Addresses. There is one IPv4 specific flag.
ipv4-all
Request IPv4 addresses on other interfaces.
subject-ipv6=ipv6addr
IPv6 subject address.
subject-ipv4=ipv4addr
IPv4 subject address.
subject-name=nodename
Subject name. If it contains more than one dot, fully-qualified domain name is assumed.
subject-fqdn=nodename
Subject name. Fully-qualified domain name is always assumed.

-n Numeric output only. No attempt will be made to lookup symbolic names for host addresses.

-O Report outstanding ICMP ECHO reply before sending next packet. This is useful together with the timestamp -D to log output to a diagnostic file
and search for missing answers.
-p pattern
You may specify up to 16 ``pad'' bytes to fill out the packet you send. This is useful for diagnosing data-dependent problems in a network. For
example, -p ff will cause the sent packet to be filled with all ones.
-q Quiet output. Nothing is displayed except the summary lines at startup time and when finished.
-Q tos Set Quality of Service -related bits in ICMP datagrams. tos can be decimal (ping only) or hex number.
In RFC2474, these fields are interpreted as 8-bit Differentiated Services (DS), consisting of: bits 0-1 (2 lowest bits) of separate data, and bits
2-7 (highest 6 bits) of Differentiated Services Codepoint (DSCP). In RFC2481 and RFC3168, bits 0-1 are used for ECN.

Historically (RFC1349, obsoleted by RFC2474), these were interpreted as: bit 0 (lowest bit) for reserved (currently being redefined as congestion
control), 1-4 for Type of Service and bits 5-7 (highest bits) for Precedence.
-r Bypass the normal routing tables and send directly to a host on an attached interface. If the host is not on a directly-attached network, an error
is returned. This option can be used to ping a local host through an interface that has no route through it provided the option -I is also used.
-R ping only. Record route. Includes the RECORD_ROUTE option in the ECHO_REQUEST packet and displays the route buffer on returned packets. Note
that the IP header is only large enough for nine such routes. Many hosts ignore or discard this option.
-s packetsize
Specifies the number of data bytes to be sent. The default is 56, which translates into 64 ICMP data bytes when combined with the 8 bytes of ICMP
header data.
-S sndbuf
Set socket sndbuf. If not specified, it is selected to buffer not more than one packet.
-t ttl ping only. Set the IP Time to Live.
-T timestamp option
Set special IP timestamp options. timestamp option may be either tsonly (only timestamps), tsandaddr (timestamps and addresses) or tsprespec host1
[host2 [host3 [host4]]] (timestamp prespecified hops).
-U Print full user-to-user latency (the old behaviour). Normally ping prints network round trip time, which can be different f.e. due to DNS failures.
-v Verbose output.
-V Show version and exit.
-w deadline
Specify a timeout, in seconds, before ping exits regardless of how many packets have been sent or received. In this case ping does not stop after
count packet are sent, it waits either for deadline expire or until count probes are answered or for some error notification from network.
-W timeout
Time to wait for a response, in seconds. The option affects only timeout in absence of any responses, otherwise ping waits for two RTTs.

When using ping for fault isolation, it should first be run on the local host, to verify that the local network interface is up and running. Then, hosts
and gateways further and further away should be ``pinged''. Round-trip times and packet loss statistics are computed. If duplicate packets are received,
they are not included in the packet loss calculation, although the round trip time of these packets is used in calculating the minimum/average/maximum

round-trip time numbers. When the specified number of packets have been sent (and received) or if the program is terminated with a SIGINT, a brief sum‐
mary is displayed. Shorter current statistics can be obtained without termination of process with signal SIGQUIT.

If ping does not receive any reply packets at all it will exit with code 1. If a packet count and deadline are both specified, and fewer than count pack‐
ets are received by the time the deadline has arrived, it will also exit with code 1. On other error it exits with code 2. Otherwise it exits with code
0. This makes it possible to use the exit code to see if a host is alive or not.

This program is intended for use in network testing, measurement and management. Because of the load it can impose on the network, it is unwise to use
ping during normal operations or from automated scripts.

ICMP PACKET DETAILS
An IP header without options is 20 bytes. An ICMP ECHO_REQUEST packet contains an additional 8 bytes worth of ICMP header followed by an arbitrary amount
of data. When a packetsize is given, this indicated the size of this extra piece of data (the default is 56). Thus the amount of data received inside of
an IP packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space (the ICMP header).

If the data space is at least of size of struct timeval ping uses the beginning bytes of this space to include a timestamp which it uses in the computa‐
tion of round trip times. If the data space is shorter, no round trip times are given.

DUPLICATE AND DAMAGED PACKETS
ping will report duplicate and damaged packets. Duplicate packets should never occur, and seem to be caused by inappropriate link-level retransmissions.
Duplicates may occur in many situations and are rarely (if ever) a good sign, although the presence of low levels of duplicates may not always be cause
for alarm.

Damaged packets are obviously serious cause for alarm and often indicate broken hardware somewhere in the ping packet's path (in the network or in the
hosts).

TRYING DIFFERENT DATA PATTERNS
The (inter)network layer should never treat packets differently depending on the data contained in the data portion. Unfortunately, data-dependent prob‐
lems have been known to sneak into networks and remain undetected for long periods of time. In many cases the particular pattern that will have problems
is something that doesn't have sufficient ``transitions'', such as all ones or all zeros, or a pattern right at the edge, such as almost all zeros. It
isn't necessarily enough to specify a data pattern of all zeros (for example) on the command line because the pattern that is of interest is at the data

link level, and the relationship between what you type and what the controllers transmit can be complicated.

This means that if you have a data-dependent problem you will probably have to do a lot of testing to find it. If you are lucky, you may manage to find a
file that either can't be sent across your network or that takes much longer to transfer than other similar length files. You can then examine this file
for repeated patterns that you can test using the -p option of ping.

TTL DETAILS
The TTL value of an IP packet represents the maximum number of IP routers that the packet can go through before being thrown away. In current practice
you can expect each router in the Internet to decrement the TTL field by exactly one.

The TCP/IP specification states that the TTL field for TCP packets should be set to 60, but many systems use smaller values (4.3 BSD uses 30, 4.2 used
15).

The maximum possible value of this field is 255, and most Unix systems set the TTL field of ICMP ECHO_REQUEST packets to 255. This is why you will find
you can ``ping'' some hosts, but not reach them with telnet(1) or ftp(1).

In normal operation ping prints the TTL value from the packet it receives. When a remote system receives a ping packet, it can do one of three things
with the TTL field in its response:

· Not change it; this is what Berkeley Unix systems did before the 4.3BSD Tahoe release. In this case the TTL value in the received packet will be 255
minus the number of routers in the round-trip path.

· Set it to 255; this is what current Berkeley Unix systems do. In this case the TTL value in the received packet will be 255 minus the number of routers
in the path from the remote system to the pinging host.

· Set it to some other value. Some machines use the same value for ICMP packets that they use for TCP packets, for example either 30 or 60. Others may
use completely wild values.
BUGS
· Many Hosts and Gateways ignore the RECORD_ROUTE option.

· The maximum IP header length is too small for options like RECORD_ROUTE to be completely useful. There's not much that can be done about this, however.
· Flood pinging is not recommended in general, and flood pinging the broadcast address should only be done under very controlled conditions.
SEE ALSO
netstat(1), ifconfig(8).
HISTORY
The ping command appeared in 4.3BSD.
The version described here is its descendant specific to Linux.
As of version s20150815, the ping6 binary doesn't exist anymore. It has been merged into ping. Creating a symlink named ping6 pointing to ping will
result in the same funcionality as before.
SECURITY
ping requires CAP_NET_RAW capability to be executed 1) if the program is used for non-echo queries (See -N option), or 2) if kernel does not support non-
raw ICMP sockets, or 3) if the user is not allowed to create an ICMP echo socket. The program may be used as set-uid root.

AVAILABILITY
ping is part of iputils package and the latest versions are available in source form at http://www.skbuff.net/iputils/iputils-current.tar.bz2.

一、ping基本使用

在网络中ping是一个十分强大的TCP/IP工具(是icmp协议的典型应用)。它的作用主要

1、用来检测网络的连通情况和分析网络速度
2、根据域名得到服务器IP
3、根据ping返回的TTL值来判断对方所使用的操作系统及数据包经过路由器数量。
   我们通常直接ping ip地址，来测试网络的连通情况。

ping 检测网络的通达情况

1、ping www.baidu.com
2、ping 网关
3、使用route -n 查看网关的路由
4、同时检查连通性：

5、使用ifconfig 观察本地网络设置是否正确;
6、Ping 127.0.0.1，127.0.0.1 回送地址 Ping回送地址是为了检查本地的TCP/IP协议有没有设置好;
7、Ping 本机 IP地址，这样是为了检查本机的IP地址是否设置有误;
8、Ping 本网网关或本网IP地址，这样的是为了检查硬件设备是否有问题，也可以检查本机与本地网络连接是否正常;(在非局域网中这一步骤可以忽略)
9、Ping 本地DNS地址，这样做是为了检查DNS是否能够将IP正确解析。
注： /etc/resolv.conf文件，“nameserver 10.0.0.11”指定了dns服务器的地址

Ping远程IP地址，这主要是检查本网或本机与外部的连接是否正常。

ping 发送 ICMP ECHO_REQUEST 到主机

ICMP ICMP是（Internet Control Message Protocol）Internet控制报文协议。它是TCP/IP协议族的一个子协议，
用于在IP主机、路由器之间传递控制消息。控制消息是指网络通不通、主机是否可达、路由是否可用等网络本身的消息。
这些控制消息虽然并不传输用户数据，但是对于用户数据的传递起着重要的作用

分析典型例子

[root@h6 ~]# ping 10.121.51.11
PING 10.121.51.11 (10.129.51.11) 56(84) bytes of data.
64 bytes from 10.121.51.11: icmp_seq=1 ttl=64 time=0.195 ms
64 bytes from 10.121.51.11: icmp_seq=2 ttl=64 time=0.129 ms
64 bytes from 10.121.51.11: icmp_seq=3 ttl=64 time=0.125 ms
64 bytes from 10.121.51.11: icmp_seq=4 ttl=64 time=0.154 ms
--- 10.129.51.11 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 2999ms
rtt min/avg/max/mdev = 0.125/0.150/0.195/0.031 ms

ping通会显示出以上数据，56 bytes ? 即 ping包的默认大小为64字节，56字节再加上8字节的ICMP头,一共是64字节的ICMP包

输出的主机的IP地址，是通过DNS协议解析完成的；
icmp_seq是序列号，它是ICMP Sequence的缩写，指当前ICMP报文的序号，用于表示当前是第几个ICMP报文的. 我们看到它一直在增加
ttl是生存时间，time是往返时间，如果是0是因为系统的计时器分辨率低。TTL值：Time To Live,表示DNS记录在DNS服务器上存在的时间，
它是IP协议包的一个值，告诉路由器该数据包何时需要被丢弃。（代表几跳）

TTL的作用是限制IP数据包在计算机网络中的存在的时间。TTL的最大值是255，TTL的一个推荐值是64。
TTL是IP协议包中的一个值，它告诉网络路由器包在网络中的时间是否太长而应被丢弃。有很多原因使包在一定时间内不能被传递到目的地。
TTL由IP数据包的发送者设置，在IP数据包从源到目的的整个转发路径上，每经过一个路由器，则把该TTL的值减1，然后再将IP包转发出去。如果在IP包到达目的IP之前，TTL减少为0，
路由器将会丢弃收到的TTL=0的IP包，并向IP包的发送者发送 ICMP time exceeded消息，以防止数据包不断在IP互联网络上永不终止地循环。
TTL是 Time To Live的缩写，TTL是生存时间的意思。表示该字段指定IP包被路由器丢弃之前允许通过的最大网段数量。

可以通过Ping返回的TTL值大小，粗略地判断目标系统类型是Windows系列还是UNIX/Linux系列。

默认情况下，Linux系统的TTL值为64或255，WindowsNT/2000/XP系统的TTL值为128，Windows98系统的TTL值为32，UNIX主机的TTL值为255。

因此一般TTL值：
100~130ms之间，Windows系统 ；
240~255ms之间，UNIX/Linux系统。

time=0.195 ms 代表响应时间，这个时间越小，说明你连接这个地址速度越快。

rtt是传输的时间延迟Round-Trip Time

mdev 就是 Mean Deviation 的缩写,它表示这些 ICMP 包的 RTT 偏离平均值的程度，这个值越大说明网速越不稳定。不同的操作系统，可能名称不同，比如MAC下叫做stddev，

而Windows下没这行统计数据。在Linux系统中，看上图，有个参数对比，加数据包大小的时候就没有了这一行统计了。

看一下ip数据报

例子２：ping -c * 和 -R参数

//linux ping 是一直ping的，不像ping -t (windows下)

[root@ht6 ~]#  ping -c 4 -R 10.129.51.11
PING 10.129.55.111 (10.129.51.11) 56(124) bytes of data.
64 bytes from 10.129.55.111: icmp_seq=1 ttl=64 time=0.212 ms
RR:     10.129.51.13
        10.129.51.11
        10.129.51.11
        10.129.51.12
64 bytes from 10.129.51.11: icmp_seq=2 ttl=64 time=0.125 ms    (same route)
64 bytes from 10.129.51.11: icmp_seq=3 ttl=64 time=0.139 ms    (same route)
64 bytes from 10.129.51.11: icmp_seq=4 ttl=64 time=0.142 ms    (same route)

--- 10.129.55.111 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.125/0.154/0.212/0.036 ms

//由于加了-c 4 所以只ping 4次

当开启 -R 选项后，-R显示途经路由，IP 数据报在经过路由器的时候，会将IP地址放置IP首部中的选项字段。
当数据报到达目的端时，将IP地址复制到 ICMP 回显应答中，当 ping 收到回显应答时，控制台打印出所有的IP地址。
过程很容易理解，但是有两个缺点。第一，ping 的 RR 选项不是所有系统都支持的。
保存的 IP 地址数目是有限的（因为 IP 数据包的首部长度有限，最多可以放 9 个 IP 地址）

例子３：ping -c 4 -w 10 ip (-c ping指定次数后停止ping ，-w以毫秒为单位设置ping的超时时间,注意 -w 这个选项仅和 -c 选项一起才能起作用)

windows

C:\Users\qingshuic>ping www.baidu.com

正在 Ping www.baidu.com [110.242.68.3] 具有 32 字节的数据:
来自 110.242.68.3 的回复: 字节=32 时间=13ms TTL=52
来自 110.242.68.3 的回复: 字节=32 时间=38ms TTL=52
来自 110.242.68.3 的回复: 字节=32 时间=10ms TTL=52

110.242.68.3 的 Ping 统计信息:
数据包: 已发送 = 3，已接收 = 3，丢失 = 0 (0% 丢失)，
往返行程的估计时间(以毫秒为单位):
最短 = 10ms，最长 = 38ms，平均 = 20ms

//windows,数据包大小是32字节/次

　linux

[root@ht6 ~]#  ping -c 4 -w 10  10.129.51.11
PING 10.129.55.111 (10.129.51.11) 56(84) bytes of data.
64 bytes from 10.129.51.11: icmp_seq=1 ttl=64 time=0.196 ms
64 bytes from 10.129.51.11: icmp_seq=2 ttl=64 time=0.126 ms
64 bytes from 10.129.51.11: icmp_seq=3 ttl=64 time=0.166 ms
64 bytes from 10.129.51.11: icmp_seq=4 ttl=64 time=0.140 ms
--- 10.129.51.11 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3000ms
rtt min/avg/max/mdev = 0.126/0.157/0.196/0.026 ms
//icmp_seq如果丢失则显示错误
//这里有三个数据 56,84,64这三个数据分别是

1.ping包的linux默认数据包大小为64字节(icmp头部8字节＋56字节的默认数据包)
2.84字节是数据包总大小(实际的)--构成为(20字节ip数据报＋８字节icmp数据报)＋56数据包
3.56字节即数据大小

例子４：有时我们需要尝试ping大数据包，来测试网络的状况，这时，就要指定ping包的大小了。数据包默认总长度84个字节

1. 指定数据包大小为1500Byte：ping -s 1500 ip

2. 指定次数为4次，数据包大小为32767Byte：ping -c 4 -s 32767 ip

1. 指定ping包大小为1500Byte：ping -l 1500 ip

2. 指定次数为6次，ping包大小为1500：ping -n 6 -l 1500 ip

-s 指定每次ping发送的数据字节数(报头+内容不能大于65535，所以最大值为65507（linux:65507, windows:65500）)

-s 指定一个数据包发送给指定ip ,单位字节(Byte)

[root@h6 ~]# ping -s 665000 10.129.51.11  //提示超出包大小
ping: packet size too large: 665000

关于ping的数据包＋数据报头(数据报)

linux的数据包总长度是 默认为 56字节数据包+20字节ip数据报＋８字节icmp数据报，一共是84字节

ip首部共20字节,是所有IP数据报必须具有的.在首部的固定部分的后面是一些可选字段,其长度是可变的.
icmp数据报是８个字节

IP数据报20字节首部的固定部分中的各字段:
1.版本:4位
   指IP协议的版本.通信双方使用的IP协议版本必须一致.日前广泛使用的 IP协议版本号为 4 (即 IPv4).IPv6 目前还处于起步阶段.
2.首部长度:4 位
   可表示的最大十进制数值是15.请注意,这个字段所表示数的单位是32位字 (1个32位字长是4 字节),因此,当 IP 的首部长度为 1111 时 (即十进制的 15),首部长度就达到 60字节.当 IP 分组的首部长度不是4字节的整数倍时,必须利用最后的填充字段加以填充.因此数据部分永远在 4字节的整数倍开始,这样在实现 IP协议时较为方便.首部长度限制为 60字节的缺点是有时可能不够用.这样做的目的是希望用户尽量减少开销.最常用的首部长度就是 20 字节 (即首部长度为 0101),这时不使用任何选项.
3.服务:8位
   用来获得更好的服务.这个字段在旧标准中叫做服务类型,但实际上一直没有被使用过.1998年IETF把这个字段改名为区分服务 DS(Differentiated Services).只有在使用区分服务时,这个字段才起作用.
   总长度:总长度指首都及数据之和的长度,单位为字节.因为总长度字段为 16位,
   所以数据报的最大长度为 216-1=65535字节.在IP层下面的每一种数据链路层都有自己的帧格式,
   其中包括帧格式中的数据字段的最大长度,即最大传送单元 MTU (Maximum Transfer Unit).当一个数据报封装成链路层的帧时,此数据报的总长度 (即首部加上数据部分)一定不能超过下面的数据链路层的MTU值,否则要分片.
 4.标识 (Identification):16位
   IP软件在存储器中维持一个计数器,每产生一个数据报,计数器就加 1,并将此值赋给标识字段.但这个"标识"并不是序号,因为 IP是无连接的服务,数据报不存在按序接收的问题.当数据报由于长度超过网络的 MTU 而必须分片时,这个标识字段的值就被复制到所有的数据报的标识字段中.相同的标识字段的值使分片后的各数据报片最后能正确地重装成为原来的数据报.
 5.标志 (Flag):3位
   但目前只有2位有意义. 标志字段中的最低位记为 MF(More Fragment).MF=1即表示后面"还有分片"的数据报.MF=0表示这已是若干数据报片中的最后一个.标志字段中间的一位记为DF(Don't Fragment),意思是"不能分片",只有当 DF=0时才允许分片.
 6.片偏移:13位
   较长的分组在分片后,某片在原分组中的相对位置.也就是说,相对用户数据字段的起点,该片从何处开始.片偏移以 8个字节为偏移单位,这就是说,每个分片的长度一定是 8字节(64位)的整数倍.
 7.生存时间:8位
    生存时间字段常用的英文缩写是TTL(Time To Live),其表明数据报在网络中的寿命.由发出数据报的源点设置这个字段.其目的是防止无法交付的数据报无限制地在因特网中兜圈子,因而白白消耗网络资源.最初的设计是以秒作为 TTL的单位.每经过一个路由器时,就把TTL减去数据报在路由器消耗掉的一段时间.若数据报在路由器消耗的时间小于 1 秒,就把TTL值减 1.当 TTL值为 0时,就丢弃这个数据报.
 8.协议:8位
   协议字段指出此数据报携带的数据是使用何种协议,以便使目的主机的IP层知道应将数据部分上交给哪个处理过程.详细资料请看文章最后的注释.
   首部检验和:占 16位.这个字段只检验数据报的首部,但不包括数据部分.这是因为数据报每经过一个路由器,都要重新计算一下首都检验和 (一些字段,如生存时间,标志,片偏移等都可能发生变化),不检验数据部分可减少计算的工作量.
 9.源地址:32位
 10.目的地址:占 32位.

ping命令执行后若没有任何回显

这个可能就是ping的消息发出没有得到响应包造成的。可能对方开启防火墙拦截了ping消息，或者其他原因，目的主机没有收到，可能是源主机发错了地方，或发错了目的网关

ICMP信息封装在IP报文中。ICMP消息的格式取决于Type和Code字段，
其中Type字段为消息类型，Code字段包含该消息类型的具体信息。

ICMP协议头包含 4个字节，头部主要用来说明类型和校验 ICMP报文。下图是对应的类型和代码释义列表

ICMP报文类型

ARP协议(ping当中要涉及arp部分)

在一个局域网中，计算机通信实际上是依赖于 MAC地址进行通信的，那么 ARP（ AddressResolutionProtocol）的作用就是根据 IP地址查找出对应的 MAC地址。

ARP-a 看看缓存的arp列表,查看ping过的

[root@ht8 network-scripts]# arp -a
? (10.129.51.17) at 01:52:54:a4:07:aa [ether] on ens192
? (10.129.52.253) at 84:d2:32:f2:6b:d7 [ether] on ens192
etcd3 (10.129.51.113) at 04:5c:62:01:0e:9f [ether] on ens192
? (172.17.31.54) at <incomplete> on docker0
 .........//等等

我们可以结合ping 源码查看机制

http://lxr.linux.no/linux+v5.14/net/ipv4/ping.c
http://lxr.linux.no/linux+v5.14/include/net/ip.h //定义IP首部
http://lxr.linux.no/linux+v5.14/include/net/icmp.h //
//其他的可以在这里搜索
http://lxr.linux.no/linux+v5.14/+search

另外：
http://www.skbuff.net/iputils/　　这里可以看到这个工具包，从man ping 手册里面可以看到
直接下载可以: http://www.skbuff.net/iputils/iputils-s20060425.tar.bz2

icmp协议定义(我在之前讲过osi七层模型正对应着大量的rfc协议，以太网协议对应着硬件设备的通讯)

https://www.rfc-editor.org/rfc/rfc792
http://www.rfc-editor.org/rfc/rfc777.txt
中文
http://www.cnpaf.net/rfc/rfc792.txt
https://www.cnblogs.com/aozhejin/p/16046826.html

posted @ 2022-02-21 05:54 jinzi 阅读(650) 评论(0) 编辑收藏举报

会员力量，点亮园子希望

刷新页面返回顶部