ping -s values on Windows NT 6

Posted on

QUESTION :

Windows NT 6 (Server 2008 R1 32-Bit) offers

-s Count : Specifies that the Internet Timestamp option in the IP header is used to record the time of arrival for the Echo Request message and corresponding Echo Reply message for each hop. The Count must be a minimum of 1 and a maximum of 4

source: Technet

Setting the value of

  • 1 → Timestamp: Milliseconds since Midnight, UTC Time
  • 2 → 2 Timestamps: First one from when ping recieved, second from reply sent
  • 3 → seemingly same as 2
  • 4 → seemingly same as 2, 3

Question:

  • What do the values in ping -s VALUES define? I don’t see any difference between the output

ANSWER :

When you use -S option, your outgoing ICMP echo request packets are sent out with with the IP timestamp option, more precisely with IP timestamp and flag 1, meaning each router along the path of your ICMP packet inserts it’s IP+TIMESTAMP in a special zone of the IP header. There is room for only 4 IP:TIMESTAMP pairs in the header, hence the limitation to 4 hops in the ping -s command.

The standard timestamp that gets added by a router when this option is
activated, is the number of milliseconds past midnight (UTC).

Each router on the way calculates timestamp with based on it’s own date/time.

Leave a Reply

Your email address will not be published. Required fields are marked *