ping / traceroute / tracert

ICMP/UDP reachability and path-discovery utilities built into every OS.

Network Recon & Monitoring Built-in OS CLI Practiced in lab Windows Linux macOS

Cyber Kill Chain & Defender Lifecycle

Attacker — Kill Chain

1 Reconnaissance

2 Weaponization

3 Delivery

4 Exploitation

5 Installation

6 Command & Control

7 Actions on Objectives

Defender — IR Lifecycle

8 Detection / Monitoring

9 Containment & Eradication

10 Post-incident Forensics

Description

The first-resort connectivity duo every analyst and admin reaches for:

ping — sends ICMP Echo Request to confirm host reachability and measure round-trip latency / packet loss.
traceroute (Linux/macOS, UDP by default) and tracert (Windows, ICMP) — maps the L3 path hop-by-hop, exposing routing loops, asymmetric paths, and where packets are being dropped.

During an incident these are used to confirm whether a victim host is alive, whether outbound to a suspected C2 IP is reachable, and to spot anomalous routes that may indicate hijacking or transparent proxying.

Use cases

Confirming a host is up before deeper triage
Identifying the hop where a path breaks
Spotting unexpected routes to a known-bad IP

Example

ping -c 4 8.8.8.8
traceroute -n example.com
tracert -d example.com