ABC ~ All 'Bout Computers, Vol 29: Ping, Pathping, Tracert Explained

[ABC home] [ABC Archives by Issue] [ABC Archives by Author] [Search] [Privacy]

Advertise in ABC

Online classes
at Eclectic Academy

ABC ~ All 'Bout Computers
The Online Web-azine for Computer Enthusiasts
-- brought to you by

contents page for this issue

My Newest Book
Excel 2003 Study Guide

published by Wiley
get it at Amazon,
at Barnes & Noble,
or at Borders

Linda's Ebooks

Linda's CD

The Newbie Club

Online classes
at Eclectic Academy

FrontLook
Add-ins
& Screen Capture

What's a PING? A Tracert? A PathPing? A Session Protocol?
~~ by Greg Chapman, Senior Systems Engineer

There are many who believe that PING stands for Packet InterNet Groper, and appealing as that idea is, the author of the program says he only wishes the inspiration were so glamorous. All he was really trying to do was to use the ICMP (Internet Control Message Protocol) to see if a particular IP address on a different network from his own was running. He likened this tool to a submarine's sonar and called it PING after the sound of the sonar hitting an object under water. But, on with the way PING works...

By using the ICMP protocol's ECHO request, he could effectively get information from a host that normally isn't transported between routers. With a PING, then, we can see if the host at some address is alive and running.

To run ping, simply open a CMD prompt and type:
ping <hostname>

Here are the results of pinging www.personal-computer-tutor.com:

Pinging www.personal-computer-tutor.com [66.113.130.224] with 32 bytes of data:

Reply from 66.113.130.224: bytes=32 time=335ms TTL=51
Reply from 66.113.130.224: bytes=32 time=50ms TTL=51
Request timed out.
Reply from 66.113.130.224: bytes=32 time=222ms TTL=50

Ping statistics for 66.113.130.224:
Packets: Sent = 4, Received = 3, Lost = 1 (25% loss),
Approximate round trip times in milli-seconds:
Minimum = 50ms, Maximum = 335ms, Average = 202ms

The results indicate that a host does answer at that address and that the response times are acceptable (about 1/4 second) but there may be some congestion somewhere along the route causing a request to be lost.

When this happens, we sometimes want to take a look at the condition of the network path to the site. For that job, we use Tracert (Trace Route). Again, from the CMD prompt, type:

tracert www.personal-computer-tutor.com

Tracing route to www.personal-computer-tutor.com [66.113.130.224] over a maximum of 30 hops:

1 3 ms 4 ms 4 ms 192.168.0.1
2 119 ms 346 ms 65 ms 10.246.114.1
3 * 260 ms 44 ms ilchsert01.il.sprintbbd.net [66.1.0.1]
4 * 549 ms 35 ms sl-gw34-chi-6-0-ts3.sprintlink.net [144.228.207.29]
5 56 ms 34 ms 295 ms sl-bb23-chi-4-2.sprintlink.net [144.232.26.45]
6 33 ms 37 ms 46 ms sl-bb20-chi-8-0.sprintlink.net [144.232.26.53]
7 * 218 ms 31 ms chi-brdr-03.inet.qwest.net [205.171.1.161]
8 314 ms 41 ms 40 ms chi-core-02.inet.qwest.net [205.171.20.137]
9 45 ms 30 ms 39 ms chi-edge-08.inet.qwest.net [205.171.20.114]
10 89 ms 40 ms 40 ms pos-6-0.ons.siteprotect.com [65.112.64.146]
11 42 ms 41 ms 43 ms lfw100.siteprotect.com [66.113.129.251]
12 400 ms 40 ms 40 ms lsh135.siteprotect.com [66.113.130.224]

Trace complete.

A hop is the same thing as saying 'router'. Every time the request crosses a router, it has made a 'hop'. Each hop along the way is listed and the results of 3 echo requests to that router are listed. As we can see in the above output, my route to www.personal-computer-tutor.com isn't the best. Otherwise I wouldn't see any asterisks (*) in the output. In ping and tracert, an asterisk indicates an echo request that was lost.

With Windows 2000, Microsoft introduced a new tool called PathPing. PathPing is an averaging tool to measure site connectivity latency. Each of the times in a tracert represent the latency of that route. But doing a single trace to the site may produce results which don't accurately represent the condition of the route. PathPing is designed to provide a more reasonable, averaged measurement of the routes. Using this tool, let's see if we can learn anything about the condition of the routes to www.personal-computer-tutor.com.

pathping www.personal-computer.tutor.com
-tutor.com

Tracing route to www.personal-computer-tutor.com [66.113.130.224] over a maximum of 30 hops:
0 chappieslappie.mtraxhome.dyndns.org [192.168.0.151]
1 192.168.0.1
2 10.246.114.1
3 ilchsert01.il.sprintbbd.net [66.1.0.1]
4 sl-gw34-chi-6-0-ts3.sprintlink.net [144.228.207.29]
5 sl-bb23-chi-4-2.sprintlink.net [144.232.26.45]
6 sl-bb20-chi-8-0.sprintlink.net [144.232.26.53]
7 chi-brdr-03.inet.qwest.net [205.171.1.161]
8 chi-core-02.inet.qwest.net [205.171.20.137]
9 chi-edge-08.inet.qwest.net [205.171.20.114]
10 pos-6-0.ons.siteprotect.com [65.112.64.146]
11 lfw100.siteprotect.com [66.113.129.251]
12 lsh135.siteprotect.com [66.113.130.224]

Computing statistics for 300 seconds...

As you can see, pathping will spend the next 5 minutes working out the averages for each hop along the way.

At the end of 300 seconds, we get to see the results:

Hop	RTT	Source to Here Lost/Sent = Pct	This Node/Link Lost/Sent = Pct	Address
0				chappieslappie.mtraxhome.dyndns.org [192.168.0.151]
			0/ 100 = 0%	\|
1	3ms	0/ 100 = 0%	0/ 100 = 0%	192.168.0.1
			8/ 100 = 8%	\|
2	112ms	14/ 100 = 14%	6/ 100 = 6%	10.246.114.1
			0/ 100 = 0%	\|
3	139ms	11/ 100 = 11%	3/ 100 = 3%	ilchsert01.il.sprintbbd.net [66.1.0.1]
			0/ 100 = 0%	\|
4	131ms	11/ 100 = 11%	3/ 100 = 3%	sl-gw34-chi-6-0-ts3.sprintlink.net [144.228.207.29]
			0/ 100 = 0%	\|
5	130ms	8/ 100 = 8%	0/ 100 = 0%	sl-bb23-chi-4-2.sprintlink.net [144.232.26.45]
			0/ 100 = 0%	\|
6	104ms	11/ 100 = 11%	3/ 100 = 3%	sl-bb20-chi-8-0.sprintlink.net [144.232.26.53]
			0/ 100 = 0%	\|
7	105ms	8/ 100 = 8%	0/ 100 = 0%	chi-brdr-03.inet.qwest.net [205.171.1.161]
			3/ 100 = 3%	\|
8	115ms	12/ 100 = 12%	1/ 100 = 1%	chi-core-02.inet.qwest.net [205.171.20.137]
			0/ 100 = 0%	\|
9	134ms	11/ 100 = 11%	0/ 100 = 0%	chi-edge-08.inet.qwest.net [205.171.20.114]
			1/ 100 = 1%	\|
10	125ms	12/ 100 = 12%	0/ 100 = 0%	pos-6-0.ons.siteprotect.com [65.112.64.146]
			3/ 100 = 3%	\|
11	141ms	15/ 100 = 15%	0/ 100 = 0%	siteprotect.com [66.113.129.251]
			3/ 100 = 3%	\|
12	128ms	18/ 100 = 18%	0/ 100 = 0%	lsh135.siteprotect.com [66.113.130.224]

Trace complete.

From the above output, we can start to characterize the stability and 5 min average for each of the hops in the route. These tell us about the relative stability of a connection from our system to that remote system.

Sometimes, pings and tracert commands to www.msn.com produces nothing but asterisks for the host of that site:

Tracing route to www.msn.com [207.68.173.244] over a maximum of 30 hops:

1 3 ms 4 ms 3 ms 192.168.0.1
2 221 ms 29 ms 29 ms 10.246.114.1
3 128 ms 116 ms 323 ms ilchsert01.il.sprintbbd.net [66.1.0.1]
4 62 ms 30 ms 29 ms sl-gw34-chi-6-0-ts3.sprintlink.net [144.228.207.29]
5 162 ms 63 ms 300 ms sl-bb23-chi-4-2.sprintlink.net [144.232.26.45]
6 53 ms 50 ms 34 ms sl-bb25-chi-14-0.sprintlink.net [144.232.26.94]
7 152 ms 73 ms 74 ms sl-bb21-sea-1-0.sprintlink.net [144.232.20.156]
8 109 ms 86 ms 102 ms sl-gw14-sea-9-0.sprintlink.net [144.232.6.134]
9 * * * Request timed out.
10 * * * Request timed out.

This is because ECHO requests at the gateway for MSN.com are blocked. Why? Because ICMP can be dangerous in that they provide a simple way of executing a denial of service attack against a site.

So, often, a site may be up and usable yet a tracert or ping request will indicate that the host at that network location is down.

That brings us to the final points to understand about troubleshooting a network and connectivity to hosts. Ping, Tracert and PathPing all depend on the use of a session layer protocol called ICMP. Yes, you're used to thinking of protocols as being nothing more than TCP/IP. It doesn't end there.

ICMP is a session layer protocol. So are HTTP (web), SMTP (email delivery), POP3 (email pickup) and FTP (file transfer protocol). Each of these uses different IP ports (every IP address has 65,535 ports it can listen/talk across) and a different 'language' for doing its job. Therefore, when I'm talking to a web server with Ping, I may get results that indicate the site is down. Yet, if I use my web browser to go to that site, I'll get a web page. That says the site is blocking ICMP Echo requests (which causes Ping and Tracert to fail) but the web service on the site at port 80 is accepting requests. That's why you can't simply use Ping and Tracert to tell the whole tale of connectivity. Yet they are indespensable for the job because there is no path tracing tool for checking the web protocol. The same is true for when you're attempting to diagnose email delivery issues.

This is helpful stuff about the command line options for each of these programs:

PING:

Usage: ping [-t] [-a] [-n count] [-l size] [-f] [-i TTL] [-v TOS]
[-r count] [-s count] [[-j host-list] | [-k host-list]]
[-w timeout] target_name

Options:
-t	Ping the specified host until stopped. To see statistics and continue - type Control-Break; To stop - type Control-C.
-a	Resolve addresses to hostnames.
-n count	count Number of echo requests to send.
-l size	Send buffer size.
-f	Set Don't Fragment flag in packet.
-i TTL	Time To Live.
-v TOS	Type Of Service.
-r count	Record route for count hops.
-s count	Timestamp for count hops.
-j host-list	Loose source route along host-list.
-k host-list	Strict source route along host-list.
-w timeout	Timeout in milliseconds to wait for each reply.

TRACERT:

Usage: tracert [-d] [-h maximum_hops] [-j host-list] [-w timeout]
target_name

Options:
-d	Do not resolve addresses to hostnames.
-h maximum_hops	Maximum number of hops to search for target.
-j host-list	Loose source route along host-list.
-w timeout	Wait timeout milliseconds for each reply.

PATHPING:

Usage: pathping [-g host-list] [-h maximum_hops] [-i address] [-n]
[-p period] [-q num_queries] [-w timeout] [-P] [-R] [-T]
[-4] [-6] target_name

Options:
-g host-list	Loose source route along host-list.
-h maximum_hops	Maximum number of hops to search for target.
-i address	Use the specified source address.
-n	Do not resolve addresses to hostnames.
-p period	Wait period milliseconds between pings.
-q num_queries	Number of queries per hop.
-w timeout	Wait timeout milliseconds for each reply.
-P	Test for RSVP PATH connectivity.
-R	Test if each hop is RSVP aware.
-T	Test connectivity to each hop with Layer-2 priority tags.
-4	Force using IPv4.
-6	Force using IPv6.

<<<back to contents

Greg Chapman is a Microsoft MVP, Senior Systems Engineer, developer, private pilot, luthier, musician and dad. When Greg's not flying or helping to solve the latest teenager crisis, he gets his jollies from finding the unusual stuff in Windows, wrestling with some obscure technical issues or beta testing games and simulators. His freelance work through MouseTrax Computing Solutions allows him to exercise these passions to their fullest.

Pay Per Click Ads by

What's a PING? A Tracert? A PathPing? A Session Protocol? ~~ by Greg Chapman, Senior Systems Engineer

What's a PING? A Tracert? A PathPing? A Session Protocol?
~~ by Greg Chapman, Senior Systems Engineer