Skip to main content

Pathping Tutorial


PathPing is probably the most useful tool for checking network connectivity , latency, data loss and reachability between different resources on IP networks. It combines features of Ping and Tracert but provides additional informatio
n that neither of those tools does. PathPing does this by sending multiple echo requests via ICMP and analyzes the results. 

In other words, it sends packets to each router on the way to it's final destination over a period of time and calculates results based on the number of packets returned from each hop. Since it shows the degree of packet loss at any given router or link, it can be used to easily discover which routers or links might be causing problems in network. 


ICMP packet structure














    Using PathPing to check network latency and data losses
Pathping can provide you with informations about all the steps along the path to the network resource you test. To find out all the optins that can be used with PathPing, on Windows simply Open a command prompt (go tostart -> run -> cmd -> pathping) and type "pathping"

C:\>pathping Usage: pathping [-g host-list] [-h maximum_hops] [-i address] [-n] [-p period] [-q num_queries] [-w timeout] [-4] [-6] target_name Options: -g host-list Loose source route along host-list. -h maximum_hops Maximum number of hops to search for target. -i address Use the specified source address. -n Do not resolve addresses to hostnames. -p period Wait period milliseconds between pings. -q num_queries Number of queries per hop. -w timeout Wait timeout milliseconds for each reply. -4 Force using IPv4. -6 Force using IPv6. C:\>


To use pathping, simply launch the "pathping" command from the source host to the destination and let pathping do its computation.: 

C:\>pathping -n google.com Tracing route to google.com [173.194.35.4] over a maximum of 30 hops: 0 192.168.10.102 1 192.168.10.1 2 85.114.33.42 3 85.114.32.149 4 80.239.160.205 5 80.91.250.66 6 80.91.246.140 7 80.91.254.253 8 80.239.193.138 9 72.14.238.44 10 72.14.239.60 11 72.14.232.79 12 209.85.241.65 13 173.194.35.4 Computing statistics for 325 seconds... Source to Here This Node/Link Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address 0 192.168.10.102 0/ 100 = 0% | 1 3ms 0/ 100 = 0% 0/ 100 = 0% 192.168.10.1 0/ 100 = 0% | 2 34ms 0/ 100 = 0% 0/ 100 = 0% 85.114.33.42 0/ 100 = 0% | 3 33ms 0/ 100 = 0% 0/ 100 = 0% 85.114.32.149 0/ 100 = 0% | 4 41ms 0/ 100 = 0% 0/ 100 = 0% 80.239.160.205 0/ 100 = 0% | 5 49ms 0/ 100 = 0% 0/ 100 = 0% 80.91.250.66 0/ 100 = 0% | 6 67ms 0/ 100 = 0% 0/ 100 = 0% 80.91.246.140 0/ 100 = 0% | 7 63ms 0/ 100 = 0% 0/ 100 = 0% 80.91.254.253 0/ 100 = 0% | 8 63ms 0/ 100 = 0% 0/ 100 = 0% 80.239.193.138 0/ 100 = 0% | 9 --- 100/ 100 =100% 100/ 100 =100% 72.14.238.44 0/ 100 = 0% | 10 --- 100/ 100 =100% 100/ 100 =100% 72.14.239.60 0/ 100 = 0% | 11 --- 100/ 100 =100% 100/ 100 =100% 72.14.232.79 0/ 100 = 0% | 12 --- 100/ 100 =100% 100/ 100 =100% 209.85.241.65 0/ 100 = 0% | 13 65ms 0/ 100 = 0% 0/ 100 = 0% 173.194.35.4 Trace complete.
(In the example above, "-n" option is used. It makes pathping not to resolve addresses to hostnames, which in the end runs pathping a little bit faster.) 

We can see that on 7th link to hop 80.91.254.253 and 13th link to hop 173.194.35.4 is a little latency. Althought if the phisical link is inside local network it should have latency smaller than 1ms (or in this case 3ms because our locar network connects to internet over wireless link), on a WAN links it is fine to get a little bit higher values. Hovever, if the milliseconds rate is at a higher number, like 500ms, this might indicate that there's a bandwidth issue which is a very common choke point. 


Another thing worth looking are the results for the Lost/Sent rates. If there's high drop rate, address in those columns show that those links may be overutilized. Also it might be that firewalls are blocking ICMP echo request (especially if "*" sign is showed) so for those nodes we can not get adequate results. 

Althought, more packets the pathping sends, more accurate statistic in result will be, waiting roughly 6 minutes for a report is a long period. To shorten the time needed for creating report, instead of sending 100 pings by default, with "-q 10″ option we can omit sending 10 packets per hop, which in the and if a lot faster: 

C:\>pathping -n google.com -q 10 Tracing route to google.com [208.117.229.182] over a maximum of 30 hops: 0 192.168.10.102 1 192.168.10.1 2 85.114.33.42 3 85.114.32.149 4 149.6.30.29 5 154.54.56.6 6 * * * Computing statistics for 12 seconds... Source to Here This Node/Link Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address 0 192.168.10.102 0/ 10 = 0% | 1 2ms 0/ 10 = 0% 0/ 10 = 0% 192.168.10.1 0/ 10 = 0% | 2 56ms 0/ 10 = 0% 0/ 10 = 0% 85.114.33.42 0/ 10 = 0% | 3 33ms 0/ 10 = 0% 0/ 10 = 0% 85.114.32.149 0/ 10 = 0% | 4 71ms 0/ 10 = 0% 0/ 10 = 0% 149.6.30.29 0/ 10 = 0% | 5 47ms 0/ 10 = 0% 0/ 10 = 0% 154.54.56.6 Trace complete.

Labels:

Comments

Post a Comment

Popular posts from this blog

Cisco three-layer hierarchical model

Because networks can be extremely complicated, with multiple protocols and diverse technologies, Cisco has developed a layered hierarchical model for designing a reliable network infrastructure. This three-layer model helps you design, implement, and maintain a scalable
Post a Comment
Read more

Debugging on Cisco ASA

Most of debuging on Cisco ASA can be done with simply entering  "debug"  in front of command for which we want to do debugging. For example if wanted to see/capture icmp traffic from user enter: 
Post a Comment
Read more

Classes of IP addresses

TCP/IP defines five classes of IP addresses: class A, B, C, D, and E. Each class has a range of valid IP addresses. The value of the first octet determines the class. IP addresses
Post a Comment
Read more