Overview

The Ping (ICMP) protocol sends ICMP echo requests to measure latency and packet loss. Because ICMP runs below the TCP/UDP layer, it needs elevated privileges to open the underlying raw socket — this is the most common reason ping shows as disabled.

Grant Raw Socket Access

Linux — run the node with sudo, or grant the binary the CAP_NET_RAW capability so it can open raw sockets without root:

sudo setcap cap_net_raw+ep $(which bitpingd)

If running via Docker, ensure the container has the NET_RAW capability. This is included by default in most Docker configurations but may be dropped if you’re using a restricted security profile (e.g. seccomp default, --cap-drop=ALL).

macOS — run the node with sudo, or install via the Bitping Desktop app which requests the necessary permissions at install time.

Windows — run the node as Administrator.

Check Your Firewall

Some firewalls or network configurations block outbound ICMP traffic entirely. Confirm ICMP echo requests are allowed to reach the public internet:

ping -c 4 1.1.1.1

If this fails but curl https://1.1.1.1 works, ICMP is being filtered. Check:

• Local firewall rules (ufw, iptables, nftables on Linux; Windows Defender Firewall; macOS Application Firewall)
• Router or carrier-level filtering (some ISPs and mobile carriers drop ICMP on certain interfaces)
• Corporate / school networks frequently block outbound ICMP entirely — this is a network policy, not a node bug

Still Disabled After Granting Permissions?

If you’ve granted raw socket access and ping still shows disabled, restart the node — capability checks run once at startup and won’t pick up new permissions until the process restarts.

See also: Troubleshooting Protocol Failures.