How to use timestamp option in ping
I noticed that there is a timestamp option -T in the ping help. But I don’t know how to use it. I tried:
2 Answers 2
The -T option is used to ask hops to insert the timestamp in the IP packets upon receiving the ping. It works by using the TS option of IP packets, specified by RFC791.
ping -T requires an argument: one of tsonly , tsandaddr or tsprespec . You can read the manpage online or by running man ping for more information on the usage.
Here’s an example of usage:
$ ping -T tsandaddr 192.168.1.1 PING 192.168.1.1 (192.168.1.1) 56(124) bytes of data. 64 bytes from 192.168.1.1: icmp_seq=1 ttl=64 time=3.22 ms TS: 192.168.1.3 63668917 absolute 192.168.1.1 534841740 absolute not-standard 192.168.1.1 1 not-standard 192.168.1.3 3 64 bytes from 192.168.1.1: icmp_seq=2 ttl=64 time=6.59 ms TS: 192.168.1.3 63669919 absolute 192.168.1.1 534842745 absolute not-standard 192.168.1.1 0 not-standard 192.168.1.3 6 64 bytes from 192.168.1.1: icmp_seq=3 ttl=64 time=3.20 ms TS: 192.168.1.3 63670920 absolute 192.168.1.1 534843743 absolute not-standard 192.168.1.1 1 not-standard 192.168.1.3 3 ^C --- 192.168.1.1 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 2002ms rtt min/avg/max/mdev = 3.207/4.343/6.599/1.595 ms
Note that I’ve tried on my LAN. Some hops on the internet may reject IP packets with the timestamp option. (In fact, I cannot ping any internet host with -T , probably my ISP is rejecting my packets.)
How to Enable Timestamp in Linux Ping Command Output
Ping is the most widely used command on Linux and Unix servers for network troubleshooting. With the ping command we generally check connectivity to remote system either via its ip address or dns name. There can be some situations where we want to capture time in each ping reply. In this article, I will demonstrate how to enable timestamp in ping command output.
There are different ways to capture timestamp of each ping reply. Some of them are listed below:
Method 1)
Run the following command from terminal to enable timestamp in ping reply / output.
$ ping | while read pong; do echo “$(date): $pong”; done
$ ping www.linuxbuzz.com | while read pong; do echo "$(date): $pong"; done
Output of above command would be
If you wish to save above command output to a file then run,
$ ping -c 4 www.linuxbuzz.com | while read pong; do echo "$(date): $pong"; done > /tmp/TimeStamp-Ping.log
To Change the time format in ping’s reply, tweak date command parameters as shown below,
[[email protected] ~]$ ping -c 4 www.linuxbuzz.com | while read pong; do echo "$(date +%Y-%m-%d_%H%M%S): $pong"; done 2020-12-29_155507: PING www.linuxbuzz.com (104.27.152.86) 56(84) bytes of data. 2020-12-29_155507: 64 bytes from 104.27.152.86 (104.27.152.86): icmp_seq=1 ttl=59 time=53.0 ms 2020-12-29_155508: 64 bytes from 104.27.152.86 (104.27.152.86): icmp_seq=2 ttl=59 time=53.7 ms 2020-12-29_155509: 64 bytes from 104.27.152.86 (104.27.152.86): icmp_seq=3 ttl=59 time=52.6 ms 2020-12-29_155510: 64 bytes from 104.27.152.86 (104.27.152.86): icmp_seq=4 ttl=59 time=52.3 ms 2020-12-29_155510: 2020-12-29_155510: --- www.linuxbuzz.com ping statistics --- 2020-12-29_155510: 4 packets transmitted, 4 received, 0% packet loss, time 3002ms 2020-12-29_155510: rtt min/avg/max/mdev = 52.336/52.959/53.769/0.534 ms [[email protected] ~]$
Method 2)
By Passing ‘-D’ option in ping command, we can enable timestamp in the output. Example is shown below.
$ ping -D -c 4 www.linuxbuzz.com
In the above ping command output, Unix time plus microseconds are printed in-front of each ping reply.
If you wish to create a shell script that will capture ping reply along with timestamp, then create a file with below contents.
#!/bin/bash #Script will continuously ping NFS VIP and capture timestamp DIR=/var/tmp/nfs-ping-pong if [ -d $DIR ] then echo "Directory Exists" else mkdir -p $DIR fi ping 10.8.3.102 | while read pong; do echo "$(date): $pong" >> $DIR/nfs-ping-$(date +%Y-%m-%d).txt; done
In the above script, you can replace remote NFS server IP address that suits to your setup. You can also schedule this script as a cron job. That’s all from this article, please do share your feedback and comments.
2 thoughts on “How to Enable Timestamp in Linux Ping Command Output”
there is a ‘ts’ utility (sudo apt install moreutils) which provides timestamp. example: ping localhost | ts Reply
How to command «Ping» display time and date of ping
Another possibility to use the ping -D option which gets you the timestamp as Unix time.
tilo@t-ubuntu:~$ ping google.com -D PING google.com (173.194.33.73) 56(84) bytes of data. [1388886989.442413] 64 bytes from sea09s15-in-f9.1e100.net (173.194.33.73): icmp_req=1 ttl=57 time=11.1 ms [1388886990.443845] 64 bytes from sea09s15-in-f9.1e100.net (173.194.33.73): icmp_req=2 ttl=57 time=11.0 ms [1388886991.445200] 64 bytes from sea09s15-in-f9.1e100.net (173.194.33.73): icmp_req=3 ttl=57 time=10.8 ms [1388886992.446617] 64 bytes from sea09s15-in-f9.1e100.net (173.194.33.73): icmp_req=4 ttl=57 time=10.9 ms ^C --- google.com ping statistics --- 4 packets transmitted, 4 received, 0% packet loss, time 3004ms rtt min/avg/max/mdev = 10.860/11.005/11.139/0.123 ms tilo@t-ubuntu:~$
here is a awk cmd to parse timestamp to date format:
$ ping -D 10.1.1.1 | awk '< if(gsub(/\[|\]/, "", $1)) $1=strftime("[%F %T]", $1); print>' PING 10.1.1.1 (10.1.1.1) 56(84) bytes of data. [2020-04-10 19:25:08] 64 bytes from 10.1.1.1: icmp_seq=1 ttl=63 time=14.1 ms [2020-04-10 19:25:09] 64 bytes from 10.1.1.1: icmp_seq=2 ttl=63 time=12.9 ms [2020-04-10 19:25:10] 64 bytes from 10.1.1.1: icmp_seq=3 ttl=63 time=12.0 ms ^C
PS: awk may full-buffered with pipe, a fflush() after print will fix:
ping.ts()< if [ -t 1 ]; then ping -D "$@" | awk '< if(gsub(/\[|\]/, "", $1)) $1=strftime("[\033[34m%F %T\033[0m]", $1); print; fflush()>' else ping -D "$@" | awk '< if(gsub(/\[|\]/, "", $1)) $1=strftime("[%F %T]", $1); print; fflush()>' fi >
2. time from date
Here a version of «Achu» command with slightly different format:
ping www.google.com -i 10 -c 3000 | while read pong; do echo "$(date +%Y-%m-%d_%H%M%S): $pong"; done >PingTest_2014-01-04.log
2014-01-04_175748: 64 bytes from sea09s16-in-f19.1e100.net (173.194.33.115): icmp_req=13 ttl=57 time=10.5 ms
There is a utility called ts , which reads stdin, adds timestamps, and writes it to stdout:
me@my-laptop:~$ ping localhost | ts Nov 08 09:15:41 PING localhost (127.0.0.1) 56(84) bytes of data. Nov 08 09:15:41 64 bytes from localhost (127.0.0.1): icmp_seq=1 ttl=64 time=0.060 ms Nov 08 09:15:42 64 bytes from localhost (127.0.0.1): icmp_seq=2 ttl=64 time=0.098 ms Nov 08 09:15:43 64 bytes from localhost (127.0.0.1): icmp_seq=3 ttl=64 time=0.082 ms Nov 08 09:15:44 64 bytes from localhost (127.0.0.1): icmp_seq=4 ttl=64 time=0.091 ms
It can be installed in Ubuntu with sudo apt install moreutils .
+1 Just as a sidenote — ts is not installed in Ubuntu (at least 16.04) by default, so you need to install it as apt install moreutils
You can also use gawk (or awk , if your /etc/alternatives/awk points to /usr/bin/gawk ):
ping -c 4 www.google.fr | gawk ''
This is similar to the approach in Achu’s answer, but ping ‘s output is piped to gawk instead of a shell loop that calls date . As with that approach, it works without -c , but if you don’t pass -c n to make ping stop after n pings, and you stop the loop with Ctrl + C , ping won’t print the usual statistics.
ek@Io:~$ ping -c 4 www.google.fr | gawk '' Tue 03 Jan 2017 10:09:51 AM EST: PING www.google.fr (216.58.193.99) 56(84) bytes of data. Tue 03 Jan 2017 10:09:51 AM EST: 64 bytes from sea15s08-in-f3.1e100.net (216.58.193.99): icmp_seq=1 ttl=51 time=327 ms Tue 03 Jan 2017 10:09:52 AM EST: 64 bytes from sea15s08-in-f3.1e100.net (216.58.193.99): icmp_seq=2 ttl=51 time=302 ms Tue 03 Jan 2017 10:09:53 AM EST: 64 bytes from sea15s08-in-f3.1e100.net (216.58.193.99): icmp_seq=3 ttl=51 time=282 ms Tue 03 Jan 2017 10:09:54 AM EST: 64 bytes from sea15s08-in-f3.1e100.net (216.58.193.99): icmp_seq=4 ttl=51 time=349 ms Tue 03 Jan 2017 10:09:54 AM EST: Tue 03 Jan 2017 10:09:54 AM EST: --- www.google.fr ping statistics --- Tue 03 Jan 2017 10:09:54 AM EST: 4 packets transmitted, 4 received, 0% packet loss, time 3003ms Tue 03 Jan 2017 10:09:54 AM EST: rtt min/avg/max/mdev = 282.035/315.227/349.166/25.398 ms
ek@Io:~$ ping www.google.fr | gawk '' Tue 03 Jan 2017 10:10:35 AM EST: PING www.google.fr (216.58.193.99) 56(84) bytes of data. Tue 03 Jan 2017 10:10:35 AM EST: 64 bytes from sea15s08-in-f99.1e100.net (216.58.193.99): icmp_seq=1 ttl=51 time=305 ms Tue 03 Jan 2017 10:10:35 AM EST: 64 bytes from sea15s08-in-f99.1e100.net (216.58.193.99): icmp_seq=2 ttl=51 time=365 ms Tue 03 Jan 2017 10:10:36 AM EST: 64 bytes from sea15s08-in-f99.1e100.net (216.58.193.99): icmp_seq=3 ttl=51 time=390 ms Tue 03 Jan 2017 10:10:38 AM EST: 64 bytes from sea15s08-in-f99.1e100.net (216.58.193.99): icmp_seq=4 ttl=51 time=824 ms Tue 03 Jan 2017 10:10:38 AM EST: 64 bytes from sea15s08-in-f99.1e100.net (216.58.193.99): icmp_seq=5 ttl=51 time=287 ms ^C
This happens whether ping ‘s output is piped to gawk or a shell while loop. The reason is that command on the right side of the pipe, rather than ping , receives SIGINT when Ctrl + C is pressed, and ping does not know to print the statistics before being terminated.
If you have run ping without -c on the left side of a pipe (as shown above) and you want to terminate it in such a way that it still prints the statistics, then instead of pressing Ctrl + C in the terminal where it is running, you could run kill -INT PID from another terminal, replacing PID with the process ID of the ping command. If you’re only running one instance of ping then you could simply use killall -INT ping .
Alternatively, you could replace the ping command on the left side of the pipe with a command that runs a shell, reports the process ID of that shell, and then replaces that shell with the ping command (causing it to have the same PID):
sh -c 'echo $$; exec ping www.google.fr' | gawk ''
Then the first line of output, will show the process ID of the ping command (which will typically be different each time). It would look like this, but with a different time and date and probably a different process ID:
Tue 20 Mar 2018 12:11:13 PM EDT: 7557
Then, from another terminal, you can run kill -INT 7557 , replacing 7557 with the actual process ID you saw, to terminate the ping command in such a way as to cause it to print statistics.
(If you take advantage of your shell’s job control features, then you can achieve this within the same terminal, too. But if you want to copy text from your terminal without having to remove any extranous part where you ran commands in that terminal, then you should terminate ping from a separate terminal.)
- Alin’s answer to How to derive current date and time and append at the end of each line that contain ‘Hello’ on Stack Overflow.
- 9.1.5 Time Functions in Gawk: Effective AWK Programming (Gawk’s official reference manual).
- man ping — «When the specified number of packets have been sent (and received) or if the program is terminated with a SIGINT, a brief summary is displayed.«