how does 'ping' command really work?
If you really want to understand, there is an excellent (very well written) white paper here.
Here is the summary:
- Ping (Program on the application layer.
- Opens a 'raw' socket to IP layer.
- IP layer (Layer 2 on OSI) packages ICMP packet and sends it.
Since there is no TCP layer in between, the Ping (program)
has to monitor all the incoming ICMP packets and filter only the one's from the destination.
Hope that helps.
Assuming the ping involves a packet being sent over an Ethernet or WiFi network, ARP is used to find the Ethernet hardware address of the device that receives the outbound packet. Typically this will be the router for the LAN the machine originating the ping is on.
The typical process is:
You enter a command to ping a destination.
DNS is used to determine the IP address (if needed).
The routing table is consulted to find the next hop towards that destination.
ARP is used to find the hardware address of the next hop.
The IP packet is sent to the next hop, encapsulated in an Ethernet or WiFi frame.