Ping, Tracert, PathPing
When troubleshooting network connectivity those tools are very useful Ping, Tracert, PathPing, the next step after verifying ip information with ip config, is to use the Ping utility.
If a client is having trouble getting out to the internet, or just on the network, I’ll first ping it’s default gateway. From the command line, I’ll simply type ping, and the ip address of the default gateway. 10.3.25.1 By default, it will issue four pings, and uses 32 bytes per ping, reporting the latency of each ping, measured in milliseconds.
This is also known as the round trip time, since it measures how long it takes the packet to reach the destination and return. When the four pings are complete, statistics like how many packets were sent, and how many returned, as well as the minimum, maximum, and average latency for the packets are displayed. Sometimes, four pings isn’t enough to troubleshoot intermittent connectivity issues. To persistently ping a host, I’ll type, ping – t, and the ip address.
10.3.25.1 It will continuously ping showing latency, and possible packet loss. To end this string, I’ll type control c. The CLI will spit out complete statistics on all the pings sent. I’m going to go ahead and clear the screen now. To ping an ip and resolve it to a DNS name, I can type ping – a and then the ip address.
I’ll do Google’s DNS server. 184.108.40.206 The CLI will attempt to resolve the address and continue on pinging the host. I’m going to go ahead and clear the screen now. Ping – l allows me to adjust the size of the packets. This can be especially useful when troubleshooting maximum transmission unit issues. By default, when a packet hits a router and it’s too large for the interface, the router will fragment the packet and forward it on.
Some types of traffic have the do-not-fragment bit set in their header, which prevents the router from fragmenting it. If the MTU on the router is lower than that of the sending host, it can cause issues. I can emulate this experience with a ping by combining – f with l. The – f sets the do-not-fragment bit while the – l adjusts the size of the packets. I’ll start with a low size packet, then slowly increase until the packets fail to transmit.
This is an example of sending a smaller one. We’ll send a 1300 byte set of pings to 220.127.116.11. As you can see, they were able to transmit. I’m going to hit the up arrow on my keyboard, and then just adjust the MTU size far too large for the interface. As you can see, the packet was unable to fragment, and thus was dropped. The next go-to tool is Traceroute.
In Windows, the utility is called tracert. Traceroute uses ICMP packets to map out the path to a destination host. It will track every Layer 3 device in the path, be it a firewall or router, as long as it responds to ICMP. The actual method it uses is quite clever. It sends it’s first round of ICMP packets with a TTL of one. Whenever the first router receives the packet, it will decrement the TTL. Since the TTL is zero now, it will drop the packet and send back an ICMP message saying it was dropped.
The next round of ICMP will have a TTL of two, then three, and will continue on until it reaches the final destination. For my first trace, I can type tracert google.com which resolves through the DNS to 18.104.22.168. As it hops through, I may occasionally see an asterisk. This means a packet was lost. If a hop responds with all asterisks, it likely means it is blocking ICMP.
It could also mean that the device is having severe issues. On the left, I see the hop count go up as the packets head towards the destination. The amount of latency, the ip address, and DNS name of each hop is also listed. Once the destination has been reached, the CLI prints a trace complete message, or it will count up to the default of 30 hops and say complete. If a hop has erratic latency, it might be indicative of an issue. I can add the – d flag to skip resolving the names of each hop ip.
This can speed up the trace, since the client isn’t waiting to resolve the address. The – h option lets me change the default max number of hops. The last tool is PathPing. It marries attributes of both Ping and Traceroute. It will do a traceroute, then ping each hop for 25 seconds. This attempts to give better statistics than either Traceroute or Ping. It provides the round trip time as well as the packet loss along the way. It has many of the Tracert options, like – h for maximum hops, and – n to not resolve DNS names.
I can specify – q to adjust the number of times it pings each hop. The default is 100. I’ll go ahead and issue a path ping to google.com. Depending on the number of hops, the end wait time will be different. For each additional hop, PathPing adds 25 seconds to the compute time at the end. All of these tools used in combination, especially Ping and Traceroute, are essential to troubleshooting network connectivity issues.
Latest posts by Hamza Arif (see all)
- Wide area networks (WAN) & Metropolitan area networks (MAN) - August 18, 2018
- Understanding the Internet, intranets, and extranets - August 17, 2018
- Exploring network collisions, CSMA/CD, and CSMA/CA - August 16, 2018