What is the purpose of using a large ping packet?
While analyzing some traffic logs, I noticed a node pinging its gateway with a large ping packet size, ranging from 700 bytes to 1 MB. It's a constant ping from node to gateway and the size per ping is rather high. Does anyone know why this might be happening or if there is a benefit (possibly for testing purposes) to manipulating the PING size?
Solution 1:
It's to ensure that the path taken can handle the large packet, not all routes have the same MTU throughout. Having a good MTU will also prevent IP fragmentation.
Solution 2:
The only benefit of using a big load on a ping is to test the stability of the line. If a line fluctuates or goes offline with a high load, but not with a small load, a standard ping with just 32 bytes won't detect the problem.
Solution 3:
No one mentioned the PING OF DEATH??
A ping of death is a type of attack on a computer that involves sending a malformed or otherwise malicious ping to a computer. A correctly formed ping message is typically 56 bytes in size, or 84 bytes when the Internet Protocol [IP] header is considered. Historically, many computer systems could not properly handle a ping packet larger than the maximum IPv4 packet size. Larger packets could crash the target computer.
Generally, sending a 65,536-byte ping packet violates the Internet Protocol as documented in RFC 791, but a packet of such a size can be sent if it is fragmented; when the target computer reassembles the packet, a buffer overflow can occur, which often causes a system crash.
I don't think it's a widespread as it used to be, but if you want a purpose of a large ping packet, well, DDoS is one.