Ping: ICMP vs. ARP

Filed under

Network and system administrators are well-versed in using the ping utility for troubleshooting purposes, but where do you turn when ping doesn't do the trick?

Pinging a host is usually the first step in determining if the host is properly connected to the network. If the host does not respond to a ping request, the host is usually assumed to be offline.

But is it?

Today almost every organization employs firewalls for enhanced security. Firewalls can be set up in such a way that Internet Control Message Protocol (ICMP) requests are blocked, which means that traditional pings do not work. Setting a firewall to block ICMP requests is based on the theory that if a would-be hacker cannot "see" the target, he may not attack the host.

This makes system and network administration more difficult. A failed ping is no longer a valid test -- the user may have enabled a firewall that is blocking the ping, but the host may still be up. Before a network administrator can accurately determine if a host is down, the user needs to turn off all firewall applications -- or at least turn off any rules blocking ICMP -- which is probably asking too much of the average user.