After a long break, I booted a corporate laptop and ran ping before checking email. The tool reported “countermeasures” because the clock had rolled backward. Ping, first written in 1983 by Mike Muuss, detects negative round‑trip times and resets them to zero, a quirky safety net rarely seen in utilities. It illustrates how time drift can silently corrupt diagnostics today.

Ping’s source shows it logs a negative RTT as “countermeasures” in ping_common.c. Under the hood it uses gettimeofday for legacy mode and SO_TIMESTAMP for the default, more accurate path. Modern Linux swaps these calls into a vdso shared object, so standard strace misses them unless you override with LD_PRELOAD. This tweak exposes the hidden system calls and reveals timing behavior.

Today ping runs without the suid bit, relying on the CAP_NET_RAW capability to send ICMP packets. Developers can even replace it with an eight‑line Python script using ping sockets, which work on modern kernels when the ping_group_range sysctl is enabled. Understanding these internals helps engineers debug fragile network tools that misbehave when the clock jumps during time adjustments.