If you’re an IT auditor or security analyst and you don’t know how to ping a server, then I have some words for you:
So let’s do it.
I’m assuming most of my readers already know how to do this. If so, please answer the poll question at the bottom. If not, please read on, then answer the poll question. Thanks!
You can use ping for a number of reasons, but for this post, I’m limiting the reason to determining whether a server (or PC or network device, such as a router) is up and running.
How to ping
In Windows, to ping a device, you must open the command prompt. In most Windows operating systems, just click Start, Run, type cmd and press Enter. Since my computer account is ITauditSecurity, I get this prompt:
You can either ping a device by IP address or name (this post deals with version 4 IP addresses; version 6 is different; today, most IP addresses are still version 4 and will probably be that way for several more years).
If the server has an IP address of 192.168.22.50 and the server’s name is server1, you can ping it by IP address (see highlight in red box below) or name (white box) as follows.
If you can’t reach the device, you’ll get a message like those shown below (see green boxes).
You might receive this kind of a response due to a number of reasons–here’s just a few:
- The asset is not up and running.
- A network device is not allowing you to reach the asset due to a network problem or by design (i.e., your ping request was dropped or blocked). The asset may indeed be alive and well, but “hidden”.
- Your ping command was incorrect (wrong server name or IP address, or a command syntax error).
Regardless of the reason, the important thing is that you need to ask a subject matter expert (SME) why you couldn’t reach the device. If it was not due to your own error, the reason could give you a better understanding of the network or the device you are trying to ping–which might shed light on your audit or research you are performing.
Ping a Web Site
You can also ping a web site, like google.com. Just type ping google.com and press Enter.
This is my favorite way to determine whether a computer has Internet access.
My astute readers may have noticed that the first 2 images above show that the ITauditSecurity account is an administrator account (see the blue banner at the top of those images). As I have noted before on this blog, I do not use an administrator account for everyday usage and strongly suggest you don’t either (see Log in as Root or Administrator?).
I created these images on my admin account because I did not want to reveal the account name I use for my non-admin account (if your account reflects your name, you’re giving that away freely to every web site you visit). But then I logged out and blogged this post under my non-admin account.