Using Ping Feature More Effectively

Ping is one of the network troubleshooting technique that I can't go without these days.  In this post, I'll show you how to take advantage of all the extras that you don't have in the Command Window.  

• Ping Multiple Hosts: Press F1 to bring up the Add Host Address dialog.  Enter hosts/IP addresses which can be separated by space, comma, semi-colon, tab or a line feed.
• Reduce/Increase # of Rows Displayed For Ping Result: By default, Pinkie will show you 4 lines of ping results.  This can fill up the window pretty quick if you ping multiple hosts at the same time.  To reduce the # of rows, press F3 or increase it by F4.
• Check Ping Statistics For a Host: Select a host by clicking on it, the status bar at the bottom will change to show the ping statistics for the selected host which includes packets sent/received, lost count & percentage, last ping RTT along with Min, Max & Avg RTTs.
• Start/Stop a Ping: Right click on the host you want to start/stop pinging, select Ping first menu item in the context menu will change to Start/Stop as appropriate.  Clicking on it will stop a ping in progress or start it if it's not started yet.
• Reset Ping Statistics: Right click on a host you want to reset statistics, select Ping then click on Reset Statistics.
• Copy Ping Results: When troubleshooting network or server issues, you might have the need to send the ping result to someone.  This can be done by simply right click on the host and select Copy Result to Clipboard. then paste it to an email or wherever you wish.
• Logging Ping Results to Disk: If you wish to log ping results to a file to analyze later or send it to someone else, right click on the host, select Ping then in the context menu, click on Start Logging or Stop Logging as appropriate.  By default, the ping results will be saved in C:\Users\[username]\Documents\ipUptime.net\Pinkie_Logs.  You can change this path in the Settings menu.

That's not all all the extras that comes with the Ping functionality in Pinkie but it will definitely make you like and use Pinkie more (or shy away from the Command Prompt more).

If you can come up with a better way to use Ping or wish to have enhancements added to it, please let me know.  And last but not least, if you haven't used Pinkie yet, give it a try, you might like it.

ICMP - Pinging Server 2008

One of the most common ways for an administrator to see if a particular server is up or not is to send an ICMP package to the server or to Ping it. This is also called an Echo Request.

Windows Server 2008 disable this Echo Request by default. Here's how you can turn this on:

1. Open Server Manager
2. Expand Configuration section
3. Expand Windows Firewall with Advanced Security (OK, Microsoft, is there a Basic one???)
4. Click on Inbound Rules
5. In the middle pane, scroll down and find "File and Printer Sharing (Echo Request - ICMPvX-in)" where the X stands for the IP version number
6. Right click it and select Enable
7. If you want to edit advanced options then right click it and select Properties option instead

If you are running the core version, you can accomplish the same thing by issuing the netsh command:

netsh firewall set icmpsetting 8

Programmatically Ping A Networking Device

I would say Ping is one of the most popular software tool used to troubleshoot network issue. When a networking device or server goes down, one of the first things network engineers or system admininistrator do is try to ping it and see if it can be reached.

This blog will show you two ways to ping a device so you can integrate the ping feature into your application.

The first and easiest way to issue a ping command is to call the Ping method in the My.Computer.Network class:

If my.Computer.Network.Ping("www.google.com") Then
MsgBox("device up")
Else
MsgBox("device down")
End If

The drawback of this method is that it only gives you a boolean as the result to indicate whether the device is up or down.

The second way is to call the Ping.Send() method in the System.Net.NetworkInformation namespace which returns a PingReply through which you could get more detailed information about the ping:

Dim myPing As New System.Net.NetworkInformation.Ping
Dim PR As System.Net.NetworkInformation.PingReply
PR = myPing.Send("www.yahoo.com")
If PR.Status = IPStatus.Success Then
MsgBox("Reply from " & PR.Address.ToString & ": BYTES=" & PR.Buffer.Length & " TIME<" & PR.RoundtripTime & "ms TTL=" & PR.Options.Ttl)
Else
MsgBox(PR.Status.ToString)
End If

There you have it. Two ways of pinging a networking device. I recommend that you further study the PingReply object to get more information from the ping reply.

Smurf Attack

A smurf attack is a Denial of Service (DoS) attacked that uses spoofed broadcast ping messages to flood the target system with ping replies. The attack method gets its name after its exploit program.

In this attack, an attacker sends out a large number of ICMP Echo Request packets to IP broadcast addresses with all requests having a spoofed source address of the intended victim. Once the routing device receives this type of request, it will broadcast it to all hosts on its network. When the hosts reply, they will overwhelm the targeted's network with so much traffic that it will effectively shut out the network from the rest of the world.

Using a Cisco router, one can issue the command:

no ip directed-broadcast

to secure their network from this type of attack.

Note that this does not prevent a network from becoming the target of a smurf attack; it just prevent the network from taking part in an attack agains other networks.

Ping Flood Attack

A ping flood is a simple Denial of Service (DoS) attack where the attacker sends a massive number of ICMP Echo Request (ping) packets to the victim in hope of overwhelming the victim and consuming both outgoing and incoming bandwidth on the victim's network. An effective attack could render the victim's network useless.

This type of attack only succeeds if the attacker has more available bandwidth than the victim (like a T3 versus and DSL line) which is very unlikely. To get around this, the attacker normally use an army of computers (a network of computers that attacker has control called zombies or bots) numbered in the hundreds or thousands to attack the victim with their combined bandwidth power.

Defense Your Network

To reduce the effects of ping flood attack, one can use a firewall to inspect the traffic and filter ICMP Echo Request packets. However, doing this can also have its side effects such that it prevents legistimate users from pinging their hosts. For this reason, we can use firewall to authorize ICMP Echo Request packets from legistimate source only.