9. PathPing
Perhaps the most
useful tool for isolating connectivity problems from the client,
PathPing (PathPing.exe) can help diagnose problems with name resolution,
network connectivity, routing, and network performance. For this
reason, PathPing should be one of the first tools you use to
troubleshoot network problems. PathPing is a command-line tool whose
syntax is similar to that of the Tracert and Ping tools.
Note:
Ping's usefulness has
become very limited in recent years, and it is no longer an effective
tool for determining the state of network services. Ping often reports
that it cannot reach an available server because a firewall, such as
Windows Firewall, is configured to drop Internet Control Message
Protocol (ICMP) requests. If a host is still capable of responding to
ICMP requests, Ping might report that the remote host is available even
if critical services on the remote host have failed. To determine
whether a remote host is responding, use the PortQry support tool
instead of Ping.
To test connectivity to an endpoint, open a command prompt and run the following command.
pathping destination
The destination can be a host name, a computer name, or an IP address.
9.1. PathPing Output
PathPing displays its output in
two sections. The first section is immediately displayed and shows a
numbered list of all devices that responded between the source and the
destination. The first device, numbered 0, is the host on which PathPing
is running. PathPing will attempt to look up the name of each device,
as shown here.
Tracing route to support.go.microsoft.contoso.com [10.46.196.103]over a maximum of
30 hops: 0 contoso-test [192.168.1.207] 1 10.211.240.1 2 10.128.191.245
3 10.128.191.73 4 10.125.39.213 5 gbr1-p70.cb1ma.ip.contoso.com [10.123.40.98]
6 tbr2-p013501.cb1ma.ip.contoso.com [10.122.11.201]
7 tbr2-p012101.cgcil.ip.contoso.com [10.122.10.106]
8 gbr4-p50.st6wa.ip.contoso.com [10.122.2.54]
9 gar1-p370.stwwa.ip.contoso.com [10.123.203.177]
10 10.127.70.6 11 10.46.33.225 12 10.46.36.210
13 10.46.155.17 14 10.46.129.51 15 10.46.196.103
To speed up the display of PathPing, use the –d command option to keep PathPing from attempting to resolve the name of each intermediate router address.
The second section of the PathPing output begins with the message "Computing statistics for xxx
seconds." The amount of time for which PathPing computes statistics
will vary from a few seconds to a few minutes, depending on the number
of devices that PathPing found. During this time, PathPing is querying
each of the devices and calculating performance statistics based on
whether—and how quickly—each device responds. This section will resemble
the following.
Computing statistics for 375 seconds... Source to Here
This Node/LinkHop RTT Lost/Sent = Pct Lost/Sent = Pct Address 0
contoso-test [192.168.1.207]
0/ 100 = 0% | 1 50ms
1/ 100 = 1% 1/ 100 = 1% 10.211.24.1
0/ 100 = 0% | 2 50ms
0/ 100 = 0% 0/ 100 = 0% 10.128.19.245
0/ 100 = 0% | 3 50ms
2/ 100 = 2% 2/ 100 = 2% 10.128.19.73
0/ 100 = 0% | 4 44ms
0/ 100 = 0% 0/ 100 = 0% 10.12.39.213
0/ 100 = 0% | 5 46ms
0/ 100 = 0% 0/ 100 = 0% gbr1-p70.cb1ma.ip.contoso.com [10.12.40.98]
0/ 100 = 0% | 6 40ms
2/ 100 = 2% 2/ 100 = 2% tbr2-p013501.cb1ma.ip.contoso.com [10.12.11.201]
0/ 100 = 0% | 7 62ms
1/ 100 = 1% 1/ 100 = 1% tbr2-p012101.cgcil.ip.contoso.com [10.12.10.106]
0/ 100 = 0% | 8 107ms
2/ 100 = 2% 2/ 100 = 2% gbr4-p50.st6wa.ip.contoso.com [10.12.2.54]
0/ 100 = 0% | 9 111ms
0/ 100 = 0% 0/ 100 = 0% gar1-p370.stwwa.ip.contoso.com [10.12.203.177]
0/ 100 = 0% | 10 118ms
0/ 100 = 0% 0/ 100 = 0% 10.12.70.6
0/ 100 = 0% | 11 ---
100/ 100 =100% 100/ 100 =100% 10.46.33.225
0/ 100 = 0% | 12 ---
100/ 100 =100% 100/ 100 =100% 10.46.36.210
0/ 100 = 0% | 13 123ms
0/ 100 = 0% 0/ 100 = 0% 10.46.155.17
0/ 100 = 0% | 14 127ms
0/ 100 = 0% 0/ 100 = 0% 10.46.129.51
1/ 100 = 1% | 15 125ms
1/ 100 = 1% 0/ 100 = 0% 10.46.196.103 Trace complete.
Based on PathPing's output,
you can often quickly identify the source of your connectivity problems
as a name resolution problem, a routing problem, a performance problem,
or a possible connectivity issue. By using PathPing, you can also rule out active connectivity issues at the network layer or below.
9.2. Routing Loops
You can use PathPing to detect
routing loops. Routing loops—a situation in which traffic is forwarded
back to a router that has already forwarded a particular packet—are
evident because the output from PathPing will show a set of routers
repeated multiple times. For example, the following output indicates a
routing loop between the routers at 10.128.191.245, 10.128.191.73, and
10.125.39.213.
Tracing route to support.go.microsoft.contoso.com [10.46.196.103]over a maximum of 30
hops: 0 contoso-test [192.168.1.207] 1 10.211.240.1 2 10.128.191.245
3 10.128.191.73 4 10.125.39.213 5 10.128.191.245
6 10.128.191.73 7 10.125.39.213 8 10.128.191.245 9 10.128.191.73
10 10.125.39.213 (...continued...)
Routing loops are
generally caused by router or routing protocol misconfiguration, and
further troubleshooting must be performed on the network routing
equipment.
9.3. Performance Problems
The RTT column of the
Performance section of the PathPing output might identify a performance
problem. This column shows round-trip time (RTT) in milliseconds, which
is the two-way latency
of communications with that particular device. Although all networks
will show gradually increasing latency as the hop count increases, a
large latency increase from one hop to the next identifies performance
problems.
Performance problems might
also be evident from a high percentage shown in the Lost/Sent = Pct
column. This column measures packet loss. Although packet loss in the
single digits generally does not indicate a problem that would cause
performance or connectivity problems, packet loss of greater than 30
percent generally indicates that the network node is experiencing
problems.
Note:
If a network device shows
packet loss of 100 percent but packets are processed at later hops, the
network device has been configured to not answer PathPing queries, which does not necessarily indicate a problem.
9.4. Possible Connectivity Issues
If the last item shown in the first section of PathPing output resembles the following example, PathPing was unable to communicate directly to the destination.
14 * * *
This might or
might not indicate a possible connectivity problem, however. Although
the device might be offline or unreachable, it is also likely that the
destination—or a network node in the path to the destination—has been
configured to drop the ICMP packets that PathPing uses to query devices.
ICMP is disabled by default in many modern operating systems.
Additionally, administrators often manually disable ICMP on other
operating systems as a security measure to make it more difficult for
malicious attackers to identify nodes on the network and to reduce the
effects of some denial-of-service attacks.
Note:
Windows Firewall drops
ICMP packets by default on public networks. Therefore, unless you
connect to a domain controller or configure a network as private,
Windows will not respond to ICMP requests by default.
If PathPing is unable to
reach the destination, you should attempt to communicate directly with
the application by using Telnet.
9.5. No Connectivity Issues
If the PathPing output
indicates that PathPing was able to communicate successfully with the
destination and the RTT time shown for the destination is less than
1,000 milliseconds, there are probably no name resolution or IP
connectivity problems
between the source and destination. However, PathPing will not show
problems with a specific service or application. For example, PathPing
might successfully communicate with a Web server even if the Web server
services are stopped.
