The Ping Fallacy
Many people (even specialists) use ping to measure speed. But it measures network latency, a completely different property that should not be confused with with bandwidth, throughput, or surfing speed.
Ping was originally developed to probe a target machine and see if the network towards it is functioning correctly. It will send a very small ICMP packet (usually 8 bytes, plus the standard TCP/IP and ICMP overhead) to the target, which responds with a similarly minimal packet. The target and the network do not have to do much work, so the round-trip usually takes mere milliseconds. When you receive the reply you know that both the target and the network are alive and well. Ping will measure the time it takes for the round-trip. A pure latency measurement would only measure the one-way delay, ping measures there-and-back delays together.
Traffic on the internet is much larger (kilobytes and more) than ping traffic, is often split in several chunks, servers must perform real work (like fetching an image from harddisk), and the protocols are quite different (HTTP, SMTP, FTP, etc.). Many providers have optimized their routers for Ping, which obviously doesn't do anything for regular internet traffic. Another difference, more subtle, is that users jump all over the place. The internet is a complex collection of fast and slow networks, so ping measurements between two points say nothing about other stretches on the information highway.
So why is everybody using Ping? Well, Ping has been around for a long time and everybody knows it. It's very easy to use, just a single command. Ping has been ported to just about every operating system and is included as a standard component, so it's free and it's readily available. Building Ping into other programs is almost trivial, it's very small and basic. Other programs for measuring the speed of the internet exist but are more difficult to get, install, use, and understand.
Traceroute is a derivative of Ping and uses the same technology. It was developed as a tool for network administrators to pinpoint problems in a network. Traceroute will send ping-packets to all the individual routers between the source and the target. The replies are listed and show exactly which router is causing problems. Measurements based on Traceroute do exactly the same as Ping, they simply measure round-trip times. Tabulated and averaged this provides valuable information for network administrators, but is most definitely not a speed measurement.
Ping was written by Mike Muuss in december 1983. Sadly, Mike was killed in an automobile accident on US route 95 in Maryland, on November 20, 2000. His homepage is still available, a testament to his intellect and indomitable spirit.
Quoted from the Ping manual:
Ping uses the ICMP protocol's mandatory ECHO_REQUEST datagram to elicit an ICMP ECHO_RESPONSE from a host or gateway. ECHO_REQUEST datagrams ('pings') have an IP and ICMP header, followed by a 'struct timeval' and then an arbitrary number of 'pad' bytes used to fill out the packet.
An IP header without options is 20 bytes. An ICMP ECHO_REQUEST packet contains an additional 8 bytes worth of ICMP header followed by an arbitrary amount of data. When a packetsize is given, this indicated the size of this extra piece of data (the default is 56). Thus the amount of data received inside of an IP packet of type ICMP ECHO_REPLY will always be 8 bytes more than the requested data space (the ICMP header).
If the data space is at least eight bytes large, ping uses the first eight bytes of this space to include a timestamp which it uses in the computation of round trip times. If less than eight bytes of pad are specified, no round trip times are given.
Ping [from the submariners' term for a sonar pulse]
Ping of death
Ping O' Death n.
A notorious exploit that (when first discovered) could be easily used to crash a wide variety of machines by overunning size limits in their TCP/IP stacks. First revealed in late 1996. The open-source Unix community patched its systems to remove the vulnerability within days or weeks, the closed-source OS vendors generally took months. While the difference in response times repeated a pattern familiar from other security incidents, the accompanying glare of Web-fueled publicity proved unusually embarrassing to the OS vendors and so passed into history and myth. The term is now used to refer to any nudge delivered by network wizards over the network that causes bad things to happen on the system being nudged. For the full story on the original exploit, see http://www.insecure.org/sploits/ping-o-death.html. Compare with 'kamikaze packet,' 'Finger of Death' and 'Chernobyl packet.'
Ping storm n.
A form of DOS (Denial Of Service) attack consisting of a flood of ping requests (normally used to check network conditions) designed to disrupt the normal activity of a system. This act is sometimes called `ping lashing' or `ping flood'. Compare with 'mail storm', 'broadcast storm'.