Understanding Network troubleshooting tools

Network Troubleshooting tools help network administrators identify the root cause of a network issue to fix it. A few basic network troubleshooting tools  are discussed below:

Ping Tools

The Ping tool is used to test whether a particular host is reachable across anIP network. A Ping measures the time it takes for packets to be sent from the local host to a destination computer and back. The Ping tool measures and records the round-trip time of the packet and any losses along the way.   This tool tests the basic connectivity of domains and IP addresses. Use this tool for troubleshooting purposes and to test response times.

To ping a device, proceed as follows.

  • Open a Windows Command Prompt window.
  • At the command prompt, type, ping <IP address>, as shown below.

The Google DNS server IP address, 8.8.8.8, is commonly used as a ping destination to check outgoing connectivity.

Understanding Ping results

Ping operates by sending ICMP Echo Request packets to the target device and waiting for an ICMP Echo Reply. The program reports errors, packet loss, and a statistical summary of the results.

  A successful Ping

The above example shows the screen display after a successful ping attempt, where 18 packets were sent, and 18 packets received.

Target device not responding

A ping result, where the target device is not responding, or there is a connection issue, will look like this:

Although 11 packets were sent, none have been received, showing a 90% loss of packets, and indicating an issue with either the connection or the target device.

 NOTE:
A result like this does not always mean the device is not online or working correctly. Many devices have ICMP ping responses disabled for security or service reasons. So even if they are up and running it will appear as if they are unreachable.

2. Using Tracert/ Trace Route

Traceroute is a command that runs tools used for network diagnostics. These tools trace the paths data packets take from their source to their destinations, allowing administrators to better resolve connectivity issues.   When data is transmitted between two points, it must “hop” through several devices, like switches and routers. Traceroute maps each hop, provides the details and round-trip time (RTT), and gives the device name and IP address where possible.

While ping can tell you if there is a problem, traceroute can help you pinpoint where the problem exists. For an example of how you might use traceroute, imagine you’re visiting a website and its pages are taking a long time to load. In this instance, you can use Traceroute/tracert   to identify response delays (high latency), routing loops and points of failure or packet loss in a network.

This section shows how to run Traceroute, and how to interpret the results.

Running Traceroute

To run the Traceroute utility, proceed as follows.

  • Open a Windows Command Prompt window.
  • At the command prompt, type, tracert, a space, then the IP address or web address for the destination site.
  • Press Enter.

 

 

It may take a few seconds to respond, but this command will give a traceroute from your computer to the destination you selected.

How to read a traceroute/tracert

Hop Number – This is the first column and it simply display the number of the hops along the route

RTT Columns – The next three columns display the round trip time (RTT) for your packet to reach that point and return to your computer. This is listed in milliseconds. There are three columns because the traceroute sends three separate signal packets. This is to display consistency, or a lack thereof, in the route.

Domain/IP column – The last column has the IP address of the router. If it is available, the domain name will also be listed.

Checking the hop times

The times listed in the RTT columns are the main thing you want to look at when evaluating a traceroute. Consistent times are what you are looking for. There may be specific hops with increased latency times but they may not indicate that there is an issue. You need to look at a pattern over the whole report. Times above 150ms are considered to be long for a trip within your network.

Increasing latency towards the target

If you see a sudden increase in a hop and it keeps increasing to the destination (if it even gets there), then this indicates an issue starting at the hop with the increase. This may well cause packet loss where you will even see asterisks (*) in the report. Consider the bellow image

Timeouts at the end may occur for a number of reasons. Not all of them indicate an issue, however.

The target’s firewall may be blocking requests. The target is still most probably reachable with a normal HTTP request, however. This should not affect normal connection.
TRACERT Options

There are several command-line options that you can use with TRACERT

>tracert -d -h maximum_hops -j host-list -w timeout target_host

-d- Specifies to not resolve addresses to host names
-h maximum_hops
Specifies the maximum number of hops to search for the target
-j host-list
Specifies loose source route along the host-list
-w timeout
Waits the number of milliseconds specified by timeout for each
reply
target_host
Specifies the name or IP address of the target host

Using PathPing

Pathping sends packets to each router on its path to destination and then calculates results based on the packet returned from each hop. This way, it becomes easy to understand where the lost packets occur and pin-point the location of the problem.

To PathPing a device, proceed as follows.

  • Open a Windows Command Prompt window.
  • At the command prompt, type, pathping <IP address>, as shown below.PathPing Options.Pathping has few options but most often used are:
    • -n: does not resolve addresses to host names
    • -w: number of milliseconds to wait for each reply
    • -p: number of milliseconds  to wait between pings
    • -h: Maximum number of hops to search
    • -q: number of queries per hop

    When you run the command  Pathping <option> destination host or ip address it will first display the hops that it is going through, basically the same process as a ‘Tracert‘ command line. Once the trace is complete, Pathping displays a busy message for the next 275 seconds as shown above, variable depending on the numbers of hops, while it is computing the information previously gathered from the routers and the links between them. Above is an example of checking the connection between my PC and the server google.com   over a maximum of 11 hops.

    The columns (This node/link/lost/sent = Pct) and (Address) hold valuable information regarding your diagnostic. Per our example above, the link between 172.–.–.49 Hop (9) and 142.–.–.43 Hop (10) is dropping 100% of the packets.   The percentage displayed between these two hops   show the losses of packets sent along the path, which indicates a link congestion.

    Understanding MTR (MyTraceRoute)

    MTR   combines the functionality of the Traceroute and Ping programs in a single network diagnostic tool.

    MTR probes routers on the route path by limiting the number of hops that individual packets may traverse, and listening to responses of their expiry. It will regularly repeat this process, usually once per second, and keep track of the response times of the hops along the path.

    MTR reports, by default, display the following columns:
    Loss% = The percentage of packets for which an ICMP reply was not received.
    Snt = The number of packets sent to each hop.
    Last = The round trip time of the last traceroute probe, in milliseconds.
    Avg = The average round-trip time of all traceroute probes, in milliseconds.
    Best = The shortest round-trip time of all traceroute probes, in milliseconds.
    Wrst = The longest round-trip time of all traceroute probes, in milliseconds.
    StDev = The standard deviation probe results to each hop.

See the image below:

Page Visit Counter 296
Total Page Visits: 405 - Today Page Visits: 2

About the author

Violet

View all posts