How Does the ping Command Really Work? A Deep Dive into ICMP and Traceroute

You Know How the ping Command Works?

The ping utility tests network connectivity between two hosts by sending ICMP echo‑request packets and waiting for echo‑reply packets, measuring round‑trip time.

Introducing the ICMP Protocol

Internet Control Message Protocol (ICMP)

is a fault‑reporting mechanism used between IP hosts and routers to convey control information such as reachability and routing errors.

Why Is ICMP Needed?

IP provides a best‑effort service; when packets are dropped due to congestion or other issues, higher‑level protocols have no way to know why. ICMP supplies error and status messages so hosts can perform flow control and error handling.

ICMP Packet Format

ICMP messages consist of an 8‑bit type field, an 8‑bit code field, a 16‑bit checksum, and a variable data section. For echo requests/replies the data includes a 16‑bit identifier, a 16‑bit sequence number, and optional payload.

Echo (Query) Messages

Ping sends an ICMP type 8 (Echo Request) packet; a successful reply is an ICMP type 0 (Echo Reply). The identifier and sequence number help match replies to requests, and the timestamp stored in the packet allows calculation of round‑trip time.

Common ICMP Error Messages

Type 3 – Destination Unreachable

Type 4 – Source Quench (congestion control)

Type 11 – Time Exceeded (TTL expired)

Type 5 – Redirect

Type 3 – Destination Unreachable

Various codes indicate specific problems:

Network unreachable – the router has no route to the destination network.

Host unreachable – the router cannot find the destination host or the host is offline.

Protocol unreachable – a firewall blocks the protocol (e.g., UDP) to the host.

Port unreachable – the target port (e.g., 22 for SSH) is closed.

Fragmentation needed and DF set – the packet exceeds the MTU and the DF flag is set, so the router returns this message.

Type 4 – Source Quench

Sent when a router experiences congestion; the source host should reduce its sending rate.

Type 11 – Time Exceeded

When a packet’s TTL reaches zero, the router discards it and sends a Time Exceeded message, preventing infinite loops.

Type 5 – Redirect

If a router determines that a better path exists for the source, it sends a Redirect message to advise the source to use the optimal route.

Ping Sending and Receiving Process

Sending an Echo Request

The host builds an ICMP packet with Type 8, Code 0, includes identifier, sequence number, and timestamp, then sends it to the target.

Receiving an Echo Reply

The destination replies with an ICMP packet of Type 0, Code 0; the payload mirrors the request except for the type/code fields.

Displaying Results

The local host records the send time and the receive time; the difference is reported as the round‑trip time.

ICMP‑Based Traceroute

Traceroute exploits ICMP by sending packets with incrementally increasing TTL values. Each router that decrements TTL to zero returns a Time Exceeded message, revealing its IP address. By using UDP packets with unlikely destination ports, the final hop returns a Destination Unreachable (Port Unreachable) message, confirming the target is reached. Traceroute can also discover the path MTU by sending packets with the DF flag set and observing fragmentation‑needed messages.