hrPing -- high resolution Ping/Traceroute/Pathping with advanced functions by cFos Software GmbH -- http://www.cfos.de -------------------------------------------------------------------------- Why another Ping utility? ------------------------- Many Ping utilities are already available, one is even released with Windows itself, called Ping. But hrPing has some advanced features other Pings have not. In short: -- Graphical display of ping results -- Uses high resolution timers, so ping times are accurate to the usec -- Can ping as well with UDP packets or ICMP timestamp messages -- Times and handles ICMP error replies as well -- Can have multiple pings "in-flight", no need to wait for a reply before sending the next ping -- Improved statistics -- Size sweep: send increasing packet sizes -- Can show only a summary of results -- Is a Traceroute and a Pathping as well You can do much more with hrPing than with Windows Ping. More text, please. ------------------ Like every Ping, hrPing sends "ICMP Echo Request" packets to the remote computer and listens to the matching "Echo response" packets. What's more, hrPing can send UDP packets and ICMP timestamp packets as well. Not all packet types pass all firewalls and networks equally easy. With hrPing you have the possibility to vary. (-M and -u switches) What's more, hrPing times the round trip delay in microseconds (1/1000 msec). This is usually done by using the Windows' "Performance Counter" which has a resolution of some MHz. You can even ask hrPing to use the CPU's "Time Stamp Counter" which is incremented with the CPU's clock cycle. You can't get any more accurate with standard PCs today! The next thing Windows Ping can not do is send more than one ping packet at a time. Windows Ping always sends one packet, waits for the reply, then prints its output line, repeat. hrPing sends out one ping packet every x milliseconds (you can adjust this time with the -s parameter) while listening for incoming replies and printing the output if there is any. The reason why you should like this is easy: with broadband you often have a delay of some 40 msec, while the upstream bandwidth of the whole connection is some 500 kbytes/sec. So, with a "standard" ping packet of 60 bytes (IP header + ICMP header + ping payload) you can send thousands of packets before you get the first reply. If you want to test line conditions, throughput, etc. this "overlapped" way of sending is really helpful. Plus, hrPing has much better statistics than Windows Ping. You get the round trip times for ICMP error message replies as well! This way you can e.g. monitor the delay of a TTL exceed. hrPing counts the replies and error messages separately, so the global statistics don't mess up one another. Plus, for the statistically inclined, hrPing calculates the standard deviation as well, to show you how much the values "jiggle". hrPing shows you the standard deviation of the timings as well as the average times. hrPing displays the IP identification field of the replies and thus makes it possible to do "silent load measurements"; see german c't magazine 23/2003, p. 212 for details. (-I switch) When sending a lot of packets hrPing's "Summary mode" comes in handy: it will suppress the printing of each reply on its own line, but instead print a summary for all replies so far and a summary for the last 10 seconds (time can be adjusted). This lets you keep a nice overall view. (-y switch) Is there more? Yes: hrPing can send out pings with increasing sizes: the "Size Sweep" function, where after each send, the size is increased until it reaches a maximum, then reset. Plus, we do some math when processing the replies and estimate the line speed, if the data is conclusive enough. (-l and -L switches) Ah, one more thing: hrPing is a traceroute (-r switch) and a pathping (-p switch) as well :-) There's a lot more goodies hidden in hrPing, just use it and you will find out about small but useful features. And this is how to use it: -------------------------- hrping [] may be the IP address or the host name. In the latter case the name will be resolved to its address at the beginning of the ping loop. There are a couple of options that let you specify the data you're sending: -f Set Don't Fragment flag in packet. Set the "Don't fragment" bit in the IP header of the ping packet. Default is not set. -i TTL Time To Live. Set the "Time To Live" value in the IP header of the ping packet. Default is 255. -v TOS Type Of Service. Set the "Type Of Service" bits in the IP header of the ping packet. Default is 0. It is possible that Windows erases or overwrites this field when sending the packet. Furthermore, TOS is deprecated nowadays. hrPing will use IP_HDRINCL option to set TOS. -l size Send buffer size (ICMP payload size). How many bytes payload should be send? Remember that each packet is of the form: IP header (20 bytes) + ICMP header (8 bytes) + payload. You may only specify the payload size. Minimum is 0, maximum is 64k-1-20-8, i.e. 65507 bytes. Default is 32 bytes. This works for UDP mode as well, but not for ICMP timestamp mode. There the ICMP length is always 10 bytes. -l s1[:s2[:i]] Size sweep: send buffer size from to step With this syntax hrPing will start sending a payload of bytes, increase the payload by bytes for each send (if was set, otherwise increment by 1) until is reached or exceeded and then restart with bytes. This switches the correlation calculation on that tries to see if there is a correlation between the size of the packet you send and the time it takes for a reply. -L size Total IP datagram size (ICMP payload size + 28). Same as the above, only that this size here is the size for the total IP datagram. -L s1[:s2[:i]] IP datagram size (payload size + 28, default 60) [with sweep] Analogue as above for -l s1[:s2[:i]] -M Send ICMP timestamp requests This will send out ICMP timestamp requests and print ICMP timestamp replies. In the reply there is the send time off the other side in milliseconds, so it's possible to distinguish between delay that was caused sending and delay that was caused when receiving. These numbers have only millisecond resolution. To synchronise clocks hrPing will calculate the clock offset from the first ICMP timestamp reply, assuming that half of the delay came from each direction. -u [port] Send UDP packets (port 7 by default) You can send UDP packets as well. This causes UDP packets to be send to and from port . Hopefully, the other side has no UDP port under that port number and will reply with a "port unreachable" message, which will be counted as a proper reply. Options that allow you to specify how hrPing operates: -t Ping the specified host until stopped. Loop forever. You can abort hrPing any time with Ctrl-C. Unlike Windows Ping, hrPing will still print the statistics gathered so far when you abort. Ctrl-C waits for some time for replies still to come in before it aborts. If you are fed up with waiting, press Ctrl-C 5 times. Ctrl-Break just prints the statistics, but doesn't abort. That's nice in quiet mode or with many replies. -n count Number of echo requests to send. Specify the number of ping packets to send. Default number is 4. For traceroute or pathping modes (see below) this specifies the number of pings per hop. For tracerroute mode, the default number is 3. -w timeout Timeout in milliseconds to wait for each reply. Maximum timeout to wait for a reply. This time applies when hrPing is waiting for the last replies to come in. Furthermore, hrPing will even count a reply as timeouted if it took too long. Default is 2000 milliseconds. -s time Interval in milliseconds between packets. This is the number of milliseconds between sending of two ping packets. hrPing will try to stick to this number quiet accurately. If sending took a little longer for one packet it will send out the next packet a little earlier. Default is 500 milliseconds. (You can use decimals for a very fine grained interval: -s5.4 will send a packet every 5400 microseconds on average.) -c [num] Concurrent sending of up to pings at a time (default 1) Try to keep a maximum of pings in transmission without a reply. When either a reply comes in or a timeout occurs, send more pings, so pings are again in flight. -c (without a number) effectively turns off overlapped send/receive, since a second ping is only sent after a reply to the first or an timeout. This, together with the -w option make hrPing behave like Windows' ping. -r [count] Be a traceroute (do pings each hop, default 3) hrPing contains a traceroute utility! It works almost the same as Windows TRACERT, except that you can specify how many packets are sent per hop, default is three. By default, IP addresses are not resolved to names. Use -a to do that. -a [hop] Resolve addresses to names for traceroute (start at ) This tries to resolve the IP addresses into DNS names. If you specify hrPing will not try to resolve the first -1 hops, since they are often not resolvable and it only costs time to try (and who has time nowadays?) -p Trace path to destination, then ping all hops on path Do a path ping: work like traceroute to get the adresses on the path to a given destination, then ping each of them individually (-u and -M honoured as well as other options that make sense (-l, even with size sweep, -c, -s, -w, etc). At the end, print some statistics for all hops on the path. And some options control the output: -lic Show public license and warranty We need you to accept the software license. This is done the first time you start hrPing. If you want to re-read it, use this option. -fwhelp Print firewall help text Remarks on how to set up the Windows firewall to let hrPing's packets pass. -F file Log output into as well, even if -q is set All output is logged to file as well as to the screen. If -q options are set, all output goes to log file, even if it's not printed to the screen. -T Print timestamp in front of each line Precede each line of output with a timestamp of the form "2012-05-22 18:19:53.508: " -q[r|e|t] Be quiet (-qr=no replies, -qe=no errors, -qt=no timeouts) Be quiet. Use -qr to not print replies, -qe to not print IMCP error messages or -qt not to print timeouts. -y [sec] Print summary of the last secs (default 10) Be quiet, but print a summary of all packets (with counts and statistics) and one of packets of the last seconds. Useful with small -s send delays or long sends (-t or high -n). -? -h Help Prints a help screen, -?? or -hh prints an even longer one. And then, we have options for the connoisseur: -I id Set ICMP id field to Set the "Identification" IP header field to the value specified. It is possible that Windows erases or overwrites this field when sending the packet. -W "warm up" with one uncounted echo request at beginning If specified, hrPing will send one uncounted ping before all others. This "warm up" is useful with some firewalls that somehow cause the first packet to be much slower than the following ones. -s, -w apply. -A Abort after the first echo reply (-AA => or error) Loop as long as there are no proper replies (or even error messages if -AA). -H Use IP_HDRINCL socket option (default for UDP or with TOS) With this option set, hrPing sets up his IP headers for send itself, otherwise Windows does it. -H is selected automatically with -u or -v, because it doesn't work otherwise. -E file Stop pinging if exists This is nice for batch files or for coordinating with a background job. hrPing will loop as long as usual (i.e. depending on -t or -n options), but will furthermore check for the existence of . If comes into existence, hrPing will exit the loop. -diag Diagnose your connectivity: send different packet types Send all kinds of different packets (ICMP echo, ICMP timestamp, UDP) with high and low TTL to the destination and see if we get an answer. That might be useful to check what is coming through your firewall or ISP. -K Wait for any key press when done Useful if hrPing is started from Windows Explorer. -qr time Suppress all replies under