The ping, traceroute and whois commands are some of the first things new admins learn about. Many who do not specialize in networks are limited by them. And this is a mistake. A huge amount of information about the problem can be extracted with standard tools.

Ping Command

Everyone, even a person far from networks, knows the «ping» command. It sends ICMP echo packets to the remote host, to which, in theory, it should respond with the same packet. However, this protocol is called the Internet Message Control Protocol for a reason. Its functions are far from only diagnostic.

What Can the Ping Command Say

Oftentimes, if the destination host is unreachable, ping really only gets the request timeout and nothing else. If a successful response always comes from the destination host itself, then delivery error messages are from intermediate routers. By standard, intermediate routers can, but are not required to, notify the sender. Often they are not notified for performance reasons, and there is nothing to blame.

Nevertheless, if you received a response from an intermediate router, it is usually informative. For example, a destination host unreachable response should only be sent when the host is on the same LAN as the router and is not responding. The easiest way to see this error is to ping a deliberately non-existent address on your own network. For example, if your network is and host is not there, then ping This response can only come from the last router on the path to the host.

How to Fix the Most Common Problems

However, network unreachable indicates that there is no route to the specified network for one of the hosts on the way. This error can occur anywhere along the path, so you need to pay attention to the sender.

Most often, you will have the problem when the route settings have flown or the host has not received a route from the DHCP server. And such a response can come from an intermediate router:

  • From icmp_seq = 1 Destination Net Unreachable

If you see this picture, something seriously went wrong. If the host is reachable from other networks, the ISP may be having a problem with BGP settings. Many people have at least once come across the fact that a large provider mistakenly filtered routes from a network that is considered reserved for future use. Although at that time, IANA had already transferred it to the RIPE NCC for six months and many people received addresses from it.

Destination host / net prohibited errors mean that the packet was dropped by a firewall rule. However, no one obliges to answer the sender in this way, or even answer at all. For example, in Linux, rules like iptables -j REJECT default to destination port unreachable unless you explicitly specify –reject-with. And you can specify any type, even ICMP-net-unreachable.

But this is all about simple ping with no options. Some problems are best identified with additional options.