Windows XP Hacks

Hack 52 Troubleshooting Network Connections with ping, tracert, and pathping

When you need help tracking down network connection problems, the command line is the place to go.

If you're having problems with your network and network connections and you need troubleshooting help, forget XP's GUI; it doesn't offer you enough help. To get to the root of the problems, you're going to have to get down and dirty with command-line tools. ping and tracert are familiar tools that you might have used on occasion, but you might not know the depth of their power or the switches available to use with them. And you probably haven't heard of pathping, a kind of combination of the two commands.

5.12.1 Troubleshoot TCP/IP Problems with ping

The quickest, most commonly used, and, frequently most helpful TCP/IP troubleshooting tool is the command-line tool ping. Use ping to find out whether the resource or server you're trying to connect to on your network or the Internet is active, and to see if there are any problems with the hops along the way to that resource or server. ping sends Internet Control Message Protocol (ICMP) Echo Request messages to the destination you're checking on, receives responses in return, and reports to you information about the connection path between you and the destination and how quickly the packets made their trip. For example, if you are having trouble getting email from a server, your first step in troubleshooting should be to ping the server to see whether the server is live, and to see how responsive it is. To use ping, get to a command prompt and type:

ping target

where target is either a hostname or an IP address—for example, pop3.catalog.com, zdnet.com, or 209.217.46.121. In response, you'll get information in this format:

Pinging zdnet.com [206.16.6.208] with 32 bytes of data:

Reply from 206.16.6.208: bytes=32 time=83ms TTL=242
Reply from 206.16.6.208: bytes=32 time=73ms TTL=242
Reply from 206.16.6.208: bytes=32 time=91ms TTL=242
Reply from 206.16.6.208: bytes=32 time=72ms TTL=242

Ping statistics for 206.16.6.208:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 72ms, Maximum = 91ms, Average = 79ms

If the host isn't active, instead of getting this report, you'll get the message "Request timed out."

If you enter a hostname, ping reports back with its IP address and then gives details about its four attempts to contact the host, a measurement of how long (in milliseconds) the packet took to make the round trip between your PC and the host, the Time To Live (TTL) information about each packet, and a summary of its findings.

The TTL field can tell you how many hops the packets took to get from your PC to its destination. TTL initially specified the amount of time a packet could live, in seconds, before it expires, as a way to make sure that packets didn't simply bounce around the Internet forever and create traffic jams. However, it has been reinterpreted to mean the maximum number of hops that a packet will be allowed to take before its destination. The default number is 255. Each time a packet takes another hop, its TTL is reduced by one. The TTL number that ping reports is the packet's final TTL when it reaches its destination. To find out the number of hops a packet takes, subtract its initial TTL (by default 255) from the TTL reported by ping. In our example, the packets took 13 hops to get to their destination.

You can use ping with switches, like so:

ping -a -l 45 208.201.239.237

This command changes the packet size sent from its default size of 32 bytes to 45 bites, and resolves the IP address to a hostname—in other words, it lists the IP address's hostname.

ping has a wide variety of useful switches that you can use for all kinds of troubleshooting. You use the basic ping command to check whether an Internet or network resource is live and to see if there are any delays in reaching it. But, as Table 5-4 shows, you can use ping and its switches for many other purposes as well—for example, to find out the IP address of a hostname and vice versa.

Table 5-4. Useful ping switches

Switch	What it does
-a	Resolves an IP address to a hostname.
-f	Turns on the "Don't Fragment" flag for a packet. This lets you send packets that don't get broken up and can be useful for when you want to test whether packets of a certain size are getting through.
-i value	Sets the value of the TTL field, using a number from 0 to 255. When you use this field, even though the field will be set to the number you specify, note that the ping report will report back as if it were set to 255. For example, if you set a TTL of 20 and the packet takes 15 hops, the TTL value that ping reports will be 240.
-l value	Pings using the value specified, in number of bytes.
-n count	Specifies the number of ICMP Echo Request messages sent, instead of the default number of 4.
-r count	Displays the IP addresses of the hops taken along the route to the destination. Specify a number between 1 and 9. If the number of actual hops exceeds the number you specify, you will get a "Request timed out" message.
-s count	Displays a timestamp for the Echo Request and the Echo Reply Request for hops along the route. Specify a number between 1 and 4. If the number of actual hops exceeds the number you specify, you will get a "Request timed out" message.
-t	Keeps sending the Echo Request message continually until stopped by pressing Ctrl-Break, Pause, or Ctrl-C.
-w value	The maximum amount of time (in milliseconds) to wait for an Echo Reply message for each Echo Request message before issuing a timeout message. The default is 4,000 (4 seconds) .

5.12.2 Trace Your Network and Internet Data Path with tracert

Frequently, you have a connection problem over your network or the Internet not because your final destination is down, but because there's a problem with a router somewhere between you and your final destination. For troubleshooting those kinds of problems, use tracert. It displays the path that data takes en route to the server or service that you're trying to reach, either on your network or across the Internet. As with ping, it does this by sending ICMP Echo Request messages to the destination you're checking on. To use it, type tracert destination at a command prompt, where destination can be either an IP address or a hostname. Following is a typical response from a tracert command:

Tracing route to redir-zdnet.zdnet.com [206.16.6.208]
over a maximum of 30 hops:

  1    9 ms  11 ms    10 ms  10.208.128.1
  2    8 ms   8 ms     7 ms  bar02-p0-1.cmbrhe1.ma.attbb.net [24.128.8.53]
  3    9 ms   *       32 ms  bar03-p7-0.wobnhe1.ma.attbb.net [24.147.0.193]
  4    8 ms  14 ms     9 ms  12.125.39.213
  5   12 ms  10 ms     9 ms  gbr2-p70.cb1ma.ip.att.net [12.123.40.102]
  6   25 ms  26 ms    24 ms  gbr4-p80.cb1ma.ip.att.net [12.122.5.65]
  7   36 ms  39 ms    64 ms  gbr4-p40.cgcil.ip.att.net [12.122.2.49]
  8   33 ms  33 ms    48 ms  gbr3-p60.cgcil.ip.att.net [12.122.1.125]
  9   72 ms  80 ms    78 ms  gbr3-p30.sffca.ip.att.net [12.122.2.150]
 10   72 ms  77 ms    73 ms  idf26-gsr12-1-pos-6-0.rwc1.attens.net [12.122.255.222]
 11   76 ms  78 ms    79 ms  mdf3-bi4k-2-eth-1-1.rwc1.attens.net [216.148.209.66]
 12   73 ms  72 ms    74 ms  63.241.72.150
 13   72 ms  74 ms    71 ms  redir-zdnet.zdnet.com [206.16.6.208]

If the destination can't be reached, you will get the message "Destination unreachable."

As you can see, tracert shows the IP address and hostname address of each hop, along with timing data for each hop. If you're having problems on your network, this can help you locate the source of the problem; if a hop has a particularly long delay, you know that's the cause.

You can use several switches with tracert, like this:

Tracert -d -h 45 zdnet.com

This command traces to zdnet.com, displaying only the IP addresses of each router and specifying a maximum number of 45 hops en route to the destination. Table 5-5 shows the most useful tracert switches.

Table 5-5. Useful tracert switches

Switch	What it does
-d	Does not display the hostname of each router.
-h value	Sets a maximum number of hops for the trace to the destination.
-w value	Sets the maximum amount of time in milliseconds to wait for a reply.

5.12.3 Troubleshoot Network Problems with pathping

The pathping command works like a combination of ping and tracert. Type pathping from the command line, like this:

pathping target

where target is either a hostname or an IP address—pop3.catalog.com or 209.217.46.121, for example. You then get a two-part report: first a list of every hop along the route to the destination, and then statistics about each hop, including the number of packets lost at each hop. It uses switches—for example:

pathping -n -w 1000 oreilly.com

This command tells pathping not to resolve the IP addresses of routers, and to wait one second (1,000 milliseconds) for an Echo Replay message. Table 5-6 lists the most important pathping switches.

Table 5-6. Useful pathping switches

Switch	What it does
-n	Does not display the hostname of each router.
-h value	Sets a maximum number of hops for the trace to the destination. The default is 30 hops.
-w value	Sets the maximum amount of time (in milliseconds) to wait for a reply.
-p	Sets the amount of time (in milliseconds) to wait before a new ping is issued. The default is 250.
-q value	Sets the number of ICMP Echo Request messages to transmit. The default is 100.

5.12.4 See Also

• [Hack #53]