There are several articles in the literature that warn against using ping/ICMP measurements compared to TCP and UDP measurements. See for example:
- https://isc.sans.edu/forums/diary/Ping+is+Bad+Sometimes/11335/
- http://www.tomshardware.com/answers/id-3023937/icmp-latency-tcp-latency.html
- https://networkengineering.stackexchange.com/questions/35376/how-to-find-out-tcp-udp-latency-of-your-network
The concerns are that both the ISPs and the end-node sites de-priortitize ICMP compared to TCP and UDP based applications.
In 1998 we compared the round trip times (RTT) and losses measured by ping with those measured between sending the SYN pacjet for a TCP stream and receiving the ACK back. we found that the distributions agreed well, e.g. the median and average RTTs and losses agreed well (well within the Inter Quartile Range) of the distributions.
Since then there may have been increased de-prioritizing which could increase the differences in the two types of measurements.
It would be good to quantitatively understand these differences and understand how they manifest themselves (e.g. region of world for targets, ipv4 and ipv6).
A project to quantitatively compare TCP and ICMP RTTs and losses would be to use hping3 (does not support ipv6) or nping (supports ipv6) to measure TCP RTTs and losses to multiple web servers (port 80) already pinged by PingER and compare them to those of similar ICMP. measurements (made from the same measurement agent (MA) at similar times)
For example we could use the command:
460cottrell@pinger:~$sudo hping3 -p 80 -c 2 -S www.google.com [sudo] password for cottrell: HPING www.google.com (eth0 172.217.14.100): S set, 40 headers + 0 data bytes len=46 ip=172.217.14.100 ttl=50 id=44206 sport=80 flags=SA seq=0 win=42780 rtt=10.0 ms len=46 ip=172.217.14.100 ttl=50 id=24818 sport=80 flags=SA seq=1 win=42780 rtt=9.8 ms --- www.google.com hping statistic --- 2 packets transmitted, 2 packets received, 0% packet loss round-trip min/avg/max = 9.8/9.9/10.0 ms or 476cottrell@pinger:~$sudo nping -c 2 --tcp -p 80 www.google.com Starting Nping 0.5.51 ( http://nmap.org/nping ) at 2018-01-13 15:05 PST SENT (0.0173s) TCP 134.79.104.80:36386 > 172.217.14.100:80 S ttl=64 id=19801 iplen=40 seq=790870282 win=1480 RCVD (0.0274s) TCP 172.217.14.100:80 > 134.79.104.80:36386 SA ttl=50 id=43697 iplen=44 seq=610794609 win=42780 <mss 1380> SENT (1.0178s) TCP 134.79.104.80:36386 > 172.217.14.100:80 S ttl=64 id=19801 iplen=40 seq=790870282 win=1480 RCVD (1.0276s) TCP 172.217.14.100:80 > 134.79.104.80:36386 SA ttl=50 id=44487 iplen=44 seq=626421474 win=42780 <mss 1380> Max rtt: 9.827ms | Min rtt: 9.613ms | Avg rtt: 9.720ms Raw packets sent: 2 (80B) | Rcvd: 2 (92B) | Lost: 0 (0.00%) Tx time: 1.00076s | Tx bytes/s: 79.94 | Tx pkts/s: 2.00 Rx time: 2.00249s | Rx bytes/s: 45.94 | Rx pkts/s: 1.00 Nping done: 1 IP address pinged in 2.03 seconds or 486cottrell@pinger:~$sudo nping -p 80 -c 2 -6 --tcp-connect 2001:da8:270:2018:f816:3eff:fef3:bd3 Starting Nping 0.5.51 ( http://nmap.org/nping ) at 2018-01-13 15:21 PST SENT (0.0021s) Starting TCP Handshake > 2001:da8:270:2018:f816:3eff:fef3:bd3:80 RECV (0.1679s) Handshake with 2001:da8:270:2018:f816:3eff:fef3:bd3:80 completed SENT (1.0041s) Starting TCP Handshake > 2001:da8:270:2018:f816:3eff:fef3:bd3:80 RECV (1.1692s) Handshake with 2001:da8:270:2018:f816:3eff:fef3:bd3:80 completed Max rtt: 165.789ms | Min rtt: 165.073ms | Avg rtt: 165.431ms TCP connection attempts: 2 | Successful connections: 2 | Failed: 0 (0.00%) Tx time: 1.00329s | Tx bytes/s: 159.48 | Tx pkts/s: 1.99 Rx time: 1.16836s | Rx bytes/s: 68.47 | Rx pkts/s: 1.71 Nping done: 1 IP address pinged in 1.17 seconds
We could use the list of PingER www hosts that respond to pings. Note that sometimes pings are blocked to a host but TCP port 80 packets work, e.g. adl-a-ext1.aarnet.net.au (202.158.195.68).