Pathping Tutorial

PathPing is probably the most useful tool for checking network connectivity , latency, data loss and reachability between different resources on IP networks. It combines features of Ping and Tracert but provides additional informatio
n that neither of those tools does. PathPing does this by sending multiple echo requests via ICMP and analyzes the results. 

In other words, it sends packets to each router on the way to it's final destination over a period of time and calculates results based on the number of packets returned from each hop. Since it shows the degree of packet loss at any given router or link, it can be used to easily discover which routers or links might be causing problems in network. 

Using PathPing to check network latency and data losses

Pathping can provide you with informations about all the steps along the path to the network resource you test. To find out all the optins that can be used with PathPing, on Windows simply Open a command prompt (go tostart -> run -> cmd -> pathping) and type "pathping": 

C:\>pathping Usage: pathping [-g host-list] [-h maximum_hops] [-i address] [-n] [-p period] [-q num_queries] [-w timeout] [-4] [-6] target_name Options: -g host-list Loose source route along host-list. -h maximum_hops Maximum number of hops to search for target. -i address Use the specified source address. -n Do not resolve addresses to hostnames. -p period Wait period milliseconds between pings. -q num_queries Number of queries per hop. -w timeout Wait timeout milliseconds for each reply. -4 Force using IPv4. -6 Force using IPv6. C:\>

To use pathping, simply launch the "pathping" command from the source host to the destination and let pathping do its computation.: 

C:\>pathping -n google.com Tracing route to google.com [173.194.35.4] over a maximum of 30 hops: 0 192.168.10.102 1 192.168.10.1 2 85.114.33.42 3 85.114.32.149 4 80.239.160.205 5 80.91.250.66 6 80.91.246.140 7 80.91.254.253 8 80.239.193.138 9 72.14.238.44 10 72.14.239.60 11 72.14.232.79 12 209.85.241.65 13 173.194.35.4 Computing statistics for 325 seconds... Source to Here This Node/Link Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address 0 192.168.10.102 0/ 100 = 0% | 1 3ms 0/ 100 = 0% 0/ 100 = 0% 192.168.10.1 0/ 100 = 0% | 2 34ms 0/ 100 = 0% 0/ 100 = 0% 85.114.33.42 0/ 100 = 0% | 3 33ms 0/ 100 = 0% 0/ 100 = 0% 85.114.32.149 0/ 100 = 0% | 4 41ms 0/ 100 = 0% 0/ 100 = 0% 80.239.160.205 0/ 100 = 0% | 5 49ms 0/ 100 = 0% 0/ 100 = 0% 80.91.250.66 0/ 100 = 0% | 6 67ms 0/ 100 = 0% 0/ 100 = 0% 80.91.246.140 0/ 100 = 0% | 7 63ms 0/ 100 = 0% 0/ 100 = 0% 80.91.254.253 0/ 100 = 0% | 8 63ms 0/ 100 = 0% 0/ 100 = 0% 80.239.193.138 0/ 100 = 0% | 9 --- 100/ 100 =100% 100/ 100 =100% 72.14.238.44 0/ 100 = 0% | 10 --- 100/ 100 =100% 100/ 100 =100% 72.14.239.60 0/ 100 = 0% | 11 --- 100/ 100 =100% 100/ 100 =100% 72.14.232.79 0/ 100 = 0% | 12 --- 100/ 100 =100% 100/ 100 =100% 209.85.241.65 0/ 100 = 0% | 13 65ms 0/ 100 = 0% 0/ 100 = 0% 173.194.35.4 Trace complete.

(In the example above, "-n" option is used. It makes pathping not to resolve addresses to hostnames, which in the end runs pathping a little bit faster.) 

We can see that on 7th link to hop 80.91.254.253 and 13th link to hop 173.194.35.4 is a little latency. Althought if the phisical link is inside local network it should have latency smaller than 1ms (or in this case 3ms because our locar network connects to internet over wireless link), on a WAN links it is fine to get a little bit higher values. Hovever, if the milliseconds rate is at a higher number, like 500ms, this might indicate that there's a bandwidth issue which is a very common choke point. 


Another thing worth looking are the results for the Lost/Sent rates. If there's high drop rate, address in those columns show that those links may be overutilized. Also it might be that firewalls are blocking ICMP echo request (especially if "*" sign is showed) so for those nodes we can not get adequate results. 

Althought, more packets the pathping sends, more accurate statistic in result will be, waiting roughly 6 minutes for a report is a long period. To shorten the time needed for creating report, instead of sending 100 pings by default, with "-q 10″ option we can omit sending 10 packets per hop, which in the and if a lot faster: 

C:\>pathping -n google.com -q 10 Tracing route to google.com [208.117.229.182] over a maximum of 30 hops: 0 192.168.10.102 1 192.168.10.1 2 85.114.33.42 3 85.114.32.149 4 149.6.30.29 5 154.54.56.6 6 * * * Computing statistics for 12 seconds... Source to Here This Node/Link Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address 0 192.168.10.102 0/ 10 = 0% | 1 2ms 0/ 10 = 0% 0/ 10 = 0% 192.168.10.1 0/ 10 = 0% | 2 56ms 0/ 10 = 0% 0/ 10 = 0% 85.114.33.42 0/ 10 = 0% | 3 33ms 0/ 10 = 0% 0/ 10 = 0% 85.114.32.149 0/ 10 = 0% | 4 71ms 0/ 10 = 0% 0/ 10 = 0% 149.6.30.29 0/ 10 = 0% | 5 47ms 0/ 10 = 0% 0/ 10 = 0% 154.54.56.6 Trace complete.