What causes duplicate ICMP ECHO responses?
I've never seen this before, neither have a colleague and an ex-colleague, both with a reasonably strong background in smallish ISP operations.
What causes so many duplicate ICMP ECHO responses?
$ ping -n x.com
PING x.com (196.x.y.z) 56(84) bytes of data.
64 bytes from 196.x.y.z: icmp_req=1 ttl=120 time=51.8 ms
64 bytes from 196.x.y.z: icmp_req=1 ttl=120 time=51.8 ms (DUP!)
64 bytes from 196.x.y.z: icmp_req=1 ttl=120 time=52.3 ms (DUP!)
64 bytes from 196.x.y.z: icmp_req=1 ttl=120 time=52.7 ms (DUP!)
64 bytes from 196.x.y.z: icmp_req=1 ttl=120 time=53.6 ms (DUP!)
64 bytes from 196.x.y.z: icmp_req=2 ttl=120 time=92.2 ms
64 bytes from 196.x.y.z: icmp_req=2 ttl=120 time=92.6 ms (DUP!)
64 bytes from 196.x.y.z: icmp_req=2 ttl=120 time=93.0 ms (DUP!)
64 bytes from 196.x.y.z: icmp_req=2 ttl=120 time=93.4 ms (DUP!)
64 bytes from 196.x.y.z: icmp_req=2 ttl=120 time=93.8 ms (DUP!)
Solution 1:
man ping
:
Duplicates are expected when pinging a broadcast or multicast address, since they are not really duplicates but replies from different hosts to the same request.
It should be stated that public internet hosts usually are configured to discard echo requests to broadcast and multicast addresses to prevent smurf attacks - this is why you hardly ever see it happen.
It also might be the result of some kind of bizarre network looping where a packet gets copied in transit.