“For a complete guide to security, check out ‘Security+ Study Guide and DVD Training System’ from Amazon.com“
Pathping is a TCP/IP based utility (command-line tool) that provides useful information about network latency and network loss at intermediate hops between a source address and a destination address. It does this by sending echo requests via ICMP and analyzing the results. ICMP stands for Internet Control Message Protocol. ICMP is an extension to the Internet Protocol (IP – part of the TCP/IP protocol suite) defined by RFC 792. ICMP supports packets containing error, control and informational messages. Pathping will send multiple echo request messages to each router between what you are attempting to ping – the source address. If your destination is across a WAN link then it’s certain that you will be using some form of router, most likely two, which would mean that you could test pathping across a two hop network – two router hops. A typical network diagram is seen in the following illustration.
This is a typical WAN setup which shows you two sites that are connected via a T1 and an Integrated Services Digital Network (ISDN) link. What’s important to see here is that there are multiple paths throughout the network. There is a T1 and an ISDN link. Both technologies connect to each site. The T1 is the main link operating at 1.544 Mbps and the ISDN link is the back up in case the primary fails. Since ISDN is a technology that allows you to pay as you use it, it is a perfect technology to lay dormant until needed. It has less transmission speed (perhaps 64 Kbps), but at the same time, it’s only for emergency so it may be good enough for critical services. The bandwidth drop will add more time for packets to traverse the network and add latency or delay to the traffic. Latency is a measurement of how long it takes for a data packet to get from one point to another. Pathping is a good testing for this element. Latency can be measured by sending a packet as a test that will be returned back to the sender and from that time period – the round-trip time – that is what is considered the latency.
You can use a tool like pathping to see not only if your packets are making it across the network, but are taking the correct preferred path (the T1), or flowing over the alternate link (which would indicate a misconfiguration or a downed link) which is ISDN and, if you have bottlenecks on your network, to see if you have any latency issues. Lack of bandwidth and latency or delay may cause time out issues for your data transmissions. Using the pathping tool you can send multiple echo request messages to each router between you (the source) and your intended destination and after a specific amount of time has elapsed, computes the results from the data that it receives back from each router the packets traversed. Pathping will then display the results.
To use pathping, you simply need to open a command prompt on the source system you will run the test from. If you want to use the next illustration as an example, adding an IP address will help you to perform the test. You can see that we have a test PC located at site B and the IP address is 10.1.2.4. This system wants to pathping to site A, a server with an IP address of 10.1.1.5.
Running pathping is easy. Open a command prompt (start -> run -> cmd -> pathping) and type pathping.
As listed here, you can see that the pathping command has many options to include
Prevents pathping from attempting to resolve the IP addresses of intermediate routers to their names. You may want to consider doing this if you think you have a name resolution issue, or if DNS for example is not configured on your system … the time spent trying to contact a name server can be avoided using this switch.
Specifies the maximum number of hops in the path to search for the target (destination). The default is 30 hops.
Specifies the number of milliseconds to wait between consecutive pings. The default is 250 milliseconds (1/4 second).
Specifies the number of Echo Request messages sent to each router in the path. The default is 100 queries.
Specifies the number of milliseconds to wait for each reply. The default is 3000 milliseconds (3 seconds).
Displays help at the command prompt
There are more options, but these are the most commonly used. You can use the help feature to learn more about the options as they are listed in the Windows command prompt.
To use pathping, launch the pathping command from the source to the destination and let pathping do its computation.
D:\>pathping -n server-1
Tracing route to server-1 [10.1.1.5]
over a maximum of 30 hops:
Computing statistics for 50 seconds…
Source to Here This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0/ 100 = 0% |
1 35ms 0/ 100 = 0% 0/ 100 = 0% 10.1.1.1
13/ 100 = 13% |
2 28ms 16/ 100 = 16% 3/ 100 = 3% 10.1.1.5
0/ 100 = 0% |
(some output omitted)
Although in this example, I skimmed it down to the basics and omitted some of the text so we can look right at what we need to know – the statistics and how to read them. In this example, we see that there is a little latency on the second hop, which is 10.1.1.1, traversing the link to the next hop which is 10.1.1.5. In this section we see a small amount of latency which is normal for this size and speed link. If the milliseconds rate were at a very high number, such as 500 ms, then you might consider having a bandwidth issue. As you can see, pathping doesn’t only ‘verify’ connectivity to a destination host, but also, it shows you how your traffic is getting there, and how fast its going, how much resistance its encountering over the wide area network – which is a very common choke point.
Here is another example, but here, I am on a production network machine using pathping to test within a production LAN out to the Internet to a Web server.
When you run pathping, you will also have to be a little patient. Pathping will first display your results as if you were using tracert or traceroute, which is a similar utility to be covered in a separate article. Tracert will show you the ‘path’ through the network as well as verify connectivity but will not show you how the packet is traversing in relation to speed, bandwidth usage and latency. Next (and this is where patience sets in), depending on the hop count (how many router hops that need to be analyzed), check pathping’s results for the Lost/Sent = Pct and Address columns show that the links may either be over utilized (if you have a high drop rate) and so on. The loss rates displayed for the links, identified as a vertical bar (|) in the Address column, indicate link congestion that is causing the loss of packets that are being forwarded on the path. The loss rates displayed for routers (identified by their IP addresses) indicate that these routers may have a problem with overloading or saturation.
If you see the ‘*’ sign, don’t fret immediately – there may be a firewall blocking ICMP, so you may not get the response although the site is up and responsive. ACL (access control lists) and firewall rule-sets commonly throw off network testers because of this fact. Make sure you know the layout of your network if you are going to troubleshoot it and take this into consideration as it is commonly seen.
In this article we covered the basics of using pathping. Make sure you visit the links section to learn more about ICMP and how to use pathping. Stay tuned for more articles about how to troubleshoot your production networks!
Links and Reference Material
ICMP RFC 792
Sniffer Pro Network Optimization and Troubleshooting Handbook:
To learn how to master troubleshooting not only ICMP, but also the network in general, check out the ultimate guide to troubleshooting and repairing any network…