OSTU - hrPING QuickStart Part 1 (by Tony Fortunato & Peter Ciuffreda)

© 2009 www.thetechfirm.com

hrPINGv2.39 Trainingwith

Windows QuickStart

Part 1 of 2

Tony Fortunato, Sr Network SpecialistPeter Ciuffreda, Network Technician

The Technology Firm


What is hrPING?

hrPING is;

• Go get it at http://www.cfos.de/ping/ping_e.htm

• Portable, command line utility - no installation

• High-precision ping utility with advanced functionality and improved statistics

• Like other PING tools, hrPING sends ICMP “Echo Request" packets to the remote computer and listens to the matching "Echo response" packets


Why use hrPING?

hrPING can be used for the following tasks;• Provides more detailed statistics then other PING tools

o Sequence Numbero Time reference

• Measures the time (in milliseconds) it takes for a packet to travel from your computer to a specified destination, with the accuracy of three decimal places.

• Change the time interval that hrPING sends out a PING packet, while listening for the reply

• Perform a traceroute to determine the distance and number of hops to a specified address.

• Output can be imported into Excel or other graphing tools


Starting hrPING

• To start the hrPING utility you must open the folder in the command prompt.

• If you have the Windows Powertoy, simply right click on the hrPING folder and then open in command prompt.

• Once the command prompt opens into the hrPING folder, type hrping on the command line to view the options.


-t Ping the specified host until stopped. Loop forever. You can abort hrPING any time with CTRL-C or CTRL-Break. Unlike Windows PING, hrPING will still print the statistics gathered so far when you abort. CTRL-C waits for some time for replies still to come in, while CTRL-Break aborts right away.

-n count Number of echo requests to send. Specify the number of PING packets to send. Default number is 4.

-E size Stop pinging when <file> exists This is nice for batch files or for coordinating with a background job. hrPING will loop as long as usual (i.e. depending on -t or -n options), but will furthermore check for the existance of <file>. If <file> comes into existance, hrPING will exit the loop.

-l size Send buffer size (ICMP payload size). How may bytes payload should be send? Remember that each packet is of the form: IP header (20 bytes) + ICMP header (8 bytes) + payload. You may only specify the payload size. Minimum is 0, maximum is 64k-1-20-8, i.e., 65507 bytes. Default is 64 bytes.

-L size Total IP datagram size (ICMP payload size + 28). Same as the above, only that this size here is the size for the total IP datagram.

-f Set Don't Fragment flag in packet. Set the "Don't fragment" bit in the IP header of the PING packet. Default is not set.

-i TTL Time To Live. Set the "Time To Live" value in the IP header of the PING packet. Default is 255.

-v TOS Type Of Service. Set the "Type Of Service" bits in the IP header of the PING packet. Default is 0.

hrPING Options (Courtesy of http://www.cfos.de/ping/ping_e.htm)



-w timeout Timeout in milliseconds to wait for each reply. Maximum timeout to wait for a reply. This is almost only of use if you switch to non-overlapped (-o) mode. In overlapped mode, this time only applies when hrPING has stopped sending (because the count was exceeded or because you pressed CTRL-C) and is waiting for missing replies. Default is 2000 milliseconds.

-s time Interval in milliseconds between packets. This is the number of milliseconds between sending of two PING packets. hrPING will try to stick to this number very accurately. If sending took a little longer for one packet it will send out the next packet a little earlier. Default is 500 milliseconds. (You can use decimals for a very fine grained interval: -s5.4 will send a packet every 5400 microseconds, on average!)

-r Switch to traceroute mode. hrPING contains a traceroute utility! It works almost the same as Windows TRACERT, except that it only does one test per host, not three. By default, IP addresses are not resolved to names. Use -a to do that. Really does 3 pings per TTL.

-a Resolve addresses to hostnames in traceroute mode. No need to say more.

-tsc Force RDTSC usage. hrPING automatically decides if it uses the CPU's timestamp counter (TSC) or the operating system's performance counter for timings. On some CPU's the TSC is not reliable, since it doesn't tick at the same speed all the time. On multiprocessor systems, not all TSC have to tick exactly in sync. In almost all cases, hrPING will use the performace counter. If you want to force TSC usage, use –tsc.

-W "warm up" with one uncounted echo request at beginning If specified, hrPING will send one uncounted ping before all others. This "warm up" is useful with some firewalls that somehow cause the first block to be much slower than the following ones.



-T Print timestamp in front of each line. Preceeds each line of output with a timestamp of the form"2006-11-22 10:55:27.201: "

-I Set ICMP id field to <id> Set the "Identification" IP header field to the value specified. It is possible that Windows erases or overwrites this field when sending the packet

-q Don't print a line per ping Be quiet.

-A Abort after the first echo reply (-AA => or error) Loop as long as there are no replies (or even error messages if -AA).

-o Don't do overlapped send/receive. Use Windows PING like synchronous sending of one packet, waiting for the reply and so on. Off by default.


hrPING vs Windows PING

Description hrPing Windows

Continuous ping -t -t

Name resolution -a -a

# of requests to send -n count -n count

Send buffer size -l size -l size

Set don’t fragment bit -f -f

Time to live -i TTL -i TTL

Type of service -v TOS -v TOS

Do traceroute -r [count] NA

IP timestamp NA -s count

Timeout to wait for reply -w timeout -w timeout

Don’t overlap send/receive -o NA

Force RDTSC usage -tsc NA

Warm up with request -W NA

Log output to <file> -F file NA

Print timestamp -T NA

Set ICMP id field to <id> -I id NA

Don’t print a line per ping -q NA


hrPING vs Windows PING

• As you can see in the example below, both hrPING and the Windows PING utilities look very similar.

• What you should notice is that hrPING’s shows you a sequence number, a more granular time value, and an ID number..

• hrPING also gives the percentage of errors that occurred along with the sent, received, and lost.

Windows PING

hrPING


• To do a continuous PING without stoping, use the -t option.

• When you have seen enough data, press CTRL-C to stop the capture.

• To send a specific number of ping requests, use the -n command.

Multiple hrPING Requests (-t, -n)


hrPING with Errors and Timeouts

• In the example below a hrPING with 100 requests (-n 100) was sent to www.google.ca.• This example was done to illustrate what a timeout or error might look like

with hrPING.• With hrPING we can see how many errors occurred, which helps determine

issues over the network.

Reply from 172.16.4.1: host unreachable; seq=0000 time=27.737msReply from 64.233.169.104: packet size changed (72 to 64)Reply from 64.233.169.104: seq=000d time=44.450ms TTL=244 ID=acf7 sub=8Reply from 64.233.169.104: packet size changed (72 to 64)Reply from 64.233.169.104: seq=000e time=48.172ms TTL=244 ID=acfb sub=8

Reply from 64.233.169.104: packet size changed (72 to 64)Reply from 64.233.169.104: seq=0061 time=58.579ms TTL=244 ID=adbf sub=8Reply from 64.233.169.104: packet size changed (72 to 64)Reply from 64.233.169.104: seq=0062 time=55.002ms TTL=244 ID=adc3

sub=8Reply from 64.233.169.104: packet size changed (72 to 64)Reply from 64.233.169.104: seq=0063 time=54.791ms TTL=244 ID=adc6

sub=870 Requests timed out.

Statistics for www.google.ca: Packets: sent=100, rcvd=29, error=1, lost=70 (70% loss) in 49.554767 sec RTTs of replies in ms: min/avg/max: 40.511 / 83.016 / 529.915 RTTs of errors in ms: min/avg/max: 27.737 / 27.737 / 27.737


hrPING Interval Option (-s, -o)

• The -s option lets you set the time interval (in milliseconds) between request packets sent. (Without the -o option)

• The default interval is 500ms• With the -o option set, the interval becomes the time between the packet received

and the next packet sent.• Both examples below were done with an interval of 20ms.

hrping -s 20 hrping -s 20 -o


hrPING with large packet size (-l)

• A typical ping sends 64 bytes of data

• With hrPING we have the option to send a larger packet with the -l command.• When sending larger packets you may encounter time-outs. • This occurs since the larger packet has a longer transmit time, and may take longer

then the default timeout of 2000ms.


hrPING TTL (-i)

• With hrPING you can change the TTL value of your PING requests with the -i option.• If you know the number of hops to a host on your network, you can use this option to

test the shortest path, or to test if a device is down.• In the example below a TTL value of 15 was set to reach www.google.ca.

• Don’t confuse the TTL value of the reply with the one you set for the request.• We can see in Wireshark that the TTL value of the request is set to 15.


hrPING Traceroute with Name Resolution (-r, -a)

• hrPING has a traceroute utility which is like the Windows tracert utility.• The -r option allows you to do a trace to a specific destination.• When using the traceroute utility you can also use the -a option to resolve addresses

to hostnames.• Like the other hrPING utilities, the traceroute utility also shows more detailed time

resolution compared to the Windows tracert.

C:\Documents and Settings\Peter\My Documents\Work\OSTU\hrPING>hrping www.fox.com -r -aThis is hrPING v2.39 by cFos Software GmbH -- http://www.cfos.de

Using source IP address 192.168.2.12 to send packetsTracing route to www.fox.com [96.6.121.42]with 64 bytes data (92 bytes IP) over a maximum of 30 hops:

1 1.608 1.479 1.407 [192.168.2.1] 2 11.655 10.375 17.953 [64.230.197.201] 3 10.296 20.666 8.458 [64.230.234.61] dis10-toronto12_Vlan110.net.bell.ca 4 8.602 8.738 8.593 [64.230.221.105] core3-toronto12_GE12-1.net.bell.ca 5 8.484 8.350 8.503 [64.230.157.245] newcore4-toronto12_POS0-4-4-0_core.net.bell.ca 6 8.971 9.465 8.798 [64.230.242.198] core1-toronto12_POS0-1.net.bell.ca 7 9.490 9.196 8.806 [64.230.242.2] dis1-toronto12_POS8-0.net.bell.ca 8 9.020 9.343 9.037 [67.69.246.146] akamai_toronto.net.bell.ca 9 13.660 10.489 8.801 [96.6.121.42] a96-6-121-42.deploy.akamaitechnologies.com


hrPING Warm up (-W)

• With hrPING the -W option allows you to send one uncounted echo request at beginning of your ping.

• This is useful with some networks where the first packet has excessive delay.

• From the command window you can’t see that there was a warm up request packet sent, but Wireshark proves that hrPING actually does send one before the first actually ping request.


hrPING Timestamp and Quiet Mode (-T, -q)

• With the -T option hrPING will print a timestamp preceding each line of output.• The timestamp is in the form of "2009-07-22 10:55:27.201

• With the -q option hrPING acts quietly, and doesn’t print a line per ping request.• This is useful when you only need to see the finished results, especially with a long

set of ping requests.• In the example below www.google.ca was ping 50 times using the -q option to hide

all the replies. Notice the gap between the start of the ping and the final statistics.


hrPINGv2.39 Trainingwith

Windows QuickStart

Part 1 of 2

Tony Fortunato, Sr Network SpecialistPeter Ciuffreda, Network Technician

The Technology Firm

Thank you


For additional educational videos on Open Source Network Tools, please click on the following …

http://www.lovemytool.com/blog/ostu.html

LoveMyTool.com – Community for Network Tools