Author: Rick Cable / AKA Cyber Abyss

Setting the Size of Ping Data

A common question on cybersecurity tests is how do you set the size of the data carried by an ICMP echo request using the ping command.

You can use the -s option in Linux or macOS. This option allows you to specify the number of data bytes to be sent. The size you specify does not include the ICMP header and IP header.

For example, to send a ping with 120 bytes of data, you would use:

ping -s 120 <destination>

On Windows systems, the equivalent option is -l (that’s a lowercase L), which also specifies the size of the data portion of the packet.

For example, to send a ping with 120 bytes of data on a Windows system, you would use:

ping -l 120 <destination>

Both of these commands set the size of the ICMP payload to the number of bytes you specify, which can be useful for testing network performance, MTU issues, or the impact of packet size on network throughput.

A Full List of Ping Options

There’s a lot more you can do with ping so here’s a list of commonly used options for the ping command along with their compatibility across Linux, macOS, and Windows systems. The list is arranged from the most frequently used options to less common ones:

1. -c (Count) – Specifies the number of echo requests to send.
   • Linux/macOS: Yes
   • Windows: Use -n instead
2. -t (TTL) – Sets the Time to Live for packets.
   • Linux/macOS: Yes (-t)
   • Windows: Yes (-i)
3. -i (Interval) – Sets the interval in seconds between sending each packet.
   • Linux/macOS: Yes
   • Windows: Not directly supported (default is 1 second)
4. -s (Size) – Specifies the size of the payload in the ICMP packet.
   • Linux/macOS: Yes
   • Windows: Yes (-l)
5. -w (Timeout) – Sets the timeout in seconds to wait for a reply.
   • Linux: Yes
   • macOS: Use -W for timeout per packet
   • Windows: Yes, but specifies the timeout to wait for each reply
6. -W (Time to wait for a response) – Sets how long to wait for a response in milliseconds.
   • Linux: Yes
   • macOS: Yes
   • Windows: Not directly supported (use -w for overall timeout)
7. -v (Verbose) – Provides verbose output.
   • Linux/macOS: Yes
   • Windows: Not directly supported
8. -q (Quiet) – Suppresses most output.
   • Linux/macOS: Yes
   • Windows: Not directly supported
9. -l (Preload) – Sends the specified number of packets as fast as possible before falling into the normal mode of operation.
   • Linux: Yes
   • macOS: Not supported
   • Windows: Uses -l for setting buffer size instead
10. -p (Pattern) – Allows you to specify up to 16 “pad” bytes to fill out the packet you send. This is used for diagnosing data-dependent problems in a network.
    • Linux: Yes
    • macOS: Yes
    • Windows: Not supported
11. -R (Record Route) – Records the route of the packet.
    • Linux/macOS: Yes
    • Windows: Not supported
12. -T (Timestamp) – Specifies to use the Timestamp option in the ICMP packets.
    • Linux: Yes
    • macOS: Yes
    • Windows: Not supported
13. -D (Don’t Fragment) – Sets the Don’t Fragment flag in the packet (IPv4-only).
    • Linux: Yes
    • macOS: Yes
    • Windows: Not directly supported; -f is used to set “Do not Fragment.”

These options offer various controls over how ping operates and how it reports the results, allowing users to tailor the command to specific diagnostic needs. Each system has some unique flags, so always check the man page or use ping -? on Windows for the most accurate information on supported options.

What is the size of the ICMP header in bytes?

Another common question on cybersecurity tests is regarding the ICMP (Internet Control Message Protocol) header which is 8 bytes in size. This header consists of:

• Type (1 byte)
• Code (1 byte)
• Checksum (2 bytes)
• Additional fields depending on the type of ICMP message (4 bytes)

For example, in the case of ICMP Echo Request and Echo Reply messages (which are used by the ping command), these additional fields are used for an Identifier (2 bytes) and a Sequence Number (2 bytes).