Introduction
There are several articles in the literature that warn against using ping/ICMP measurements compared to TCP and UDP measurements. See for example:
- https://isc.sans.edu/forums/diary/Ping+is+Bad+Sometimes/11335/
- http://www.tomshardware.com/answers/id-3023937/icmp-latency-tcp-latency.html
- https://networkengineering.stackexchange.com/questions/35376/how-to-find-out-tcp-udp-latency-of-your-network
The concerns are that both the ISPs and the end-node sites de-priortitize ICMP compared to TCP and UDP based applications.
In 1998 we compared the round trip times (RTT) and losses measured by ping with those measured between sending the SYN pacjet for a TCP stream and receiving the ACK back. we found that the distributions agreed well, e.g. the median and average RTTs and losses agreed well (well within the Inter Quartile Range) of the distributions.
Since then there may have been increased de-prioritizing which could increase the differences in the two types of measurements.
It would be good to quantitatively understand these differences and understand how they manifest themselves (e.g. region of world for targets, ipv4 and ipv6).
A project to quantitatively compare TCP and ICMP RTTs and losses would be to use hping3 (does not support ipv6) or nping (supports ipv6) to measure TCP RTTs and losses to multiple web servers (port 80) already pinged by PingER and compare them to those of similar ICMP. measurements (made from the same measurement agent (MA) at similar times)
For example we could use the command:
486cottrell@pinger:~$sudo nping -p 80 -c 2 -6 --tcp-connect 2001:da8:270:2018:f816:3eff:fef3:bd3 Starting Nping 0.5.51 ( http://nmap.org/nping ) at 2018-01-13 15:21 PST SENT (0.0021s) Starting TCP Handshake > 2001:da8:270:2018:f816:3eff:fef3:bd3:80 RECV (0.1679s) Handshake with 2001:da8:270:2018:f816:3eff:fef3:bd3:80 completed SENT (1.0041s) Starting TCP Handshake > 2001:da8:270:2018:f816:3eff:fef3:bd3:80 RECV (1.1692s) Handshake with 2001:da8:270:2018:f816:3eff:fef3:bd3:80 completed Max rtt: 165.789ms | Min rtt: 165.073ms | Avg rtt: 165.431ms TCP connection attempts: 2 | Successful connections: 2 | Failed: 0 (0.00%) Tx time: 1.00329s | Tx bytes/s: 159.48 | Tx pkts/s: 1.99 Rx time: 1.16836s | Rx bytes/s: 68.47 | Rx pkts/s: 1.71 Nping done: 1 IP address pinged in 1.17 seconds
Together with this we could use the list of PingER www hosts that respond to pings. Note that sometimes pings are blocked to a host but TCP port 80 packets work, e.g. adl-a-ext1.aarnet.net.au (202.158.195.68).
Project
We wrote a script ping-vs-tcp.pl.
Usage: ping-vs-tcp.pl [opts] Opts: -v print this USAGE information -D debug_level (default=0) -p protocol (6 or '') (default '') Function: Ping the host provided in %NODE_DETAILS For each host it gets the IP address either from NODE_DETAILS (IPv4) or using the dig command (IPv6). it then Pings and npings the host and gathers the min, average, maximum RTTs and losses and reports them to STDOUT. together with host information such as name, IP address, contry, region etc. Input: It gets information on the PingER hosts from %NODE_DETAILS using: require '/afs/slac/package/pinger/nodes.cf'; Examples: ping-vs-tcp.pl ping-vs-tcp.pl -f top-uni.txt ping-vs-tcp.pl -p 6 ping-vs-tcp.pl -v -D 1