Internetworking Basics
  •  

     Chapter 1: Introduction to Networking

    Ping and Tracert

    These notes guide you through understanding the ping and tracert commands.

    Introduction
    The ping Command
    The tracert Command
    Troubleshooting
    Summary

    		 
     

    Introduction

    Tracert and ping are two command line utilities that are included in Windows and most other operating systems. Both utilities are useful in troubleshooting connectivity problems on a network. By combining ping and tracert it is usually possible to work out which part of a network is causing problems.

     

    The ping Command

    Ping is mainly used for testing that a connection to another device can be made, that the device is alive and well. Ping stands for Packet Internet Groper.

    In Windows, both ping and tracert run under MS-DOS. So to run them you have to open the command prompt. To find the command prompt, click the START menu, select Programs then Acessories, then the Command Prompt. The actual location of the command prompt can vary for different version of Windows but you should find it somewhere on the the START menu.

    Ping a host

    The basic ping command syntax is 'ping host'.

    For example, ping www.cisco.com should produce output similar to...

    C:\>ping www.cisco.com

    Pinging www.cisco.com [198.133.219.25] with 32 bytes of data

    Reply from 198.133.219.25: bytes=32 time=154ms TTL=238
    Reply from 198.133.219.25: bytes=32 time=155ms TTL=238
    Reply from 198.133.219.25: bytes=32 time=155ms TTL=238
    Reply from 198.133.219.25: bytes=32 time=154ms TTL=238

    Ping statistics for 198.133.219.25:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 154ms, Maximum = 155ms, Average = 154ms

    C:\>

    The ping command sends four ICMP packets to the target. ICMP stands for Internet Control Message Protocol. If the target sends a reply in response to the packets then you know that the target is alive. You should be aware that sometimes a firewall between you and the target may be configured to block the ICMP packets. This means you will not get a reply and although you may think that the target is down it is actually alive and well but hidden behind a firewall.

    Another use for ping is determining the connection speed between the sending computer and the target host. In the example above, the average round trip time is 154 milliseconds.

    Ping localhost

    What ping really does is test the targets NIC transmit/receive capability and the health of its TCP/IP stack. Network administrators frequently use ping to test the functionality of a host's NIC.

    If a host does not reply to a ping and you know it should then it is possible that the TCP/IP configuration is incorrect, or the NIC itself is malfunctioning.

    When an administrator installsand configures a network card you can be sure they will use ping to test the NIC is working properly. It is not necessary to ping the host from another computer, you can get a computer to ping itself.

    The command for a computer to ping itself is..

    ping localhost

    or

    ping 127.0.0.1

    Both localhost and 127.0.0.1 are ways for the computer to refer to itself.

     

    The tracert Command

    The tracert command is interesting in that it shows how many hops are necessary to connect from some-device to some-other-device.

    Like ping, tracert uses ICMP packets to provide you with information about the connection to your target. Specifically, tracert reports the route that your packets take in getting to the target you're trying to reach.

    The basic tracert command syntax is 'tracert host'.

    For example, tracert www.cisco.com should produce output similar to..

    C:\>tracert www.microsoft.com

    Tracing route to www.microsoft.com.nsatc.net [207.46.245.92]
    over a maximum of 30 hops:

    1      * * * Request timed out.
    2      18 ms        15 ms        17 ms        f2s3-hg1.ilford.broadband.bt.net [217.41.128.200
    3      18 ms        17 ms        15 ms        217.41.128.161
    4      18 ms        17 ms        19 ms        217.41.128.238
    5      19 ms        21 ms        19 ms        i-194-106-33-73.freedom2surf.net [194.106.33.73]
    6      19 ms        21 ms        19 ms        i-194-106-32-16.freedom2surf.net [[194.106.32.16]
    7      20 ms        21 ms        19 ms        213.232.64.50
    8      20 ms        19 ms        19 ms        sl-bb21-lon-8-0.sprintlink.net [213.206.128.45]
    9      88 ms        89 ms        89 ms        sl-bb21-tuk-10-0.sprintlink.net [144.232.19.69]
    10    88 ms        87 ms        89 ms        sl-bb20-tuk-15-0.sprintlink.net [144.232.20.132]
    11    94 ms        93 ms        93 ms        sl-bb21-rly-15-1.sprintlink.net [144.232.20.120]
    12    100 ms      101 ms     103ms       sl-bb22-rly-13-0.sprintlink.net [144.232.7.254]
    13    164 ms      163 ms     161 ms      sl-bb22-sj-10-0.sprintlink.net [144.232.20.186]
    14    163 ms      161 ms     163 ms      sl-bb20-sj-15-0.sprintlink.net [144.232.3.166]
    15    163 ms      163 ms     161 ms      sl-gw11-sj-9-0.sprintlink.net [144.232.3.138]
    16    164 ms      163 ms     163 ms      sl-ciscopsn2-11-0-0.sprintlink.net [144.228.44.1]
    17    156 ms      155 ms     155 ms      sjce-dmzbb-gw1.cisco.com [128.107.239.89
    18    156 ms      155 ms     155 ms      sjck-dmzdc-gw2.cisco.com [128.107.224.73]
    19   * * * Request timed out.

    Trace complete.

     

    The tracert command lists various devices, such as routers or gateways you have to pass through to get to the target and shows you three ping times to each of those devices. The distance between one device and the next is called a "hop." 

    The trace to www.cisco.com is interesting. The first hop times out. I.e.

    1      * * * Request timed out.

    This means the device at that hop did not respond to an ICMP packet. This is likely due to a firewall ignoring the packet. You might wonder how tracert knows there is a device at hop 1 if the device does not respond. Well, it uses the TTL value.

    All ICMP packets include a TTL value. The default value for Windows is 128. Every time a device forwards a packet, it decreases the TTL value by 1. Eventually, if the route is long enough, the TTL value may reach the value of 1 and the device that receives the packet with the TTL value of 1 sends back a 'TTL expired in transit'.

    Tracert exploits this 'TTL expired in transit' behaviour by sending the first packet with a TTL value of 1 (instead of 128), hoping for an expired message from the first device. Then it sends the next packet with a TTL value of 2, hoping the second device will send an expired message, then it sends the next packet with the TTL value increased to 3 and so on, until the destination is reached.

    Since the first device did not respond to the first ICMP packet but the second device sent an expired message, then tracert deduces there is a silent device at hop 1.

    The trace above showed 19 hops between my computer and cisco's web site. The trace did not make it all the way, again probably due to a firewall.

    There are plenty of utilities on the Internet, some free, some not, that do the same job as ping and tracert. Here is an example of software that traces a route and represents it visually.
     

    Troubleshooting

    The two utilities ping and tracert are extremely useful in troubleshooting connectivity problems with devices on a network. They are both useful but in different ways.

    Test the TCP/IP Configuration of a Host

    When a host has connection problems, one of the first steps to diagnosing the problem is to use the ping command. If you are at the console of the host with the connection problems you would follow these steps...

    • ping 127.0.0.1 - this is the internal loopback test. It verifies the NIC can transmit/receive and the health of the TCP/IP stack
         
    • ping the IP address of a host - this tests that the host has a valid IP address configuration
         
    • ping the IP address of the gateway - this tests that the host knows where the gateway is and that it can connect to it. Also, if you have any doubts about the gateway, it checks that the gateway itself is alive and functioning.
         
    • ping a remote target - this tests that you can connect to a remote host outside the gateway. Choosing a target on the Internet is common.

    Test devices on-route to the Host

    Sometimes, there is nothing wrong with the NIC or TCP/IP configuration of a host, but you still cannot connect to it and pinging the host remotely illicits no response. Assuming the ping command is not being blocked by a firewall between you and the target, then it is likely that a device between you and the target is malfunctioning.

    You can locate the malfunctioning device by using the tracert command.

    • tracert target IP address - any hop along the way to the target that illicits a time-out response is likely to be the malfunctioning device.
     

    Summary

    On completing these notes you should:-

    • be familiar with the ping command
    • be familiar with the tracert command
    • have an idea how troubleshoot network connectivity problems
     
     

    Site Home

    Top

    Unit Home


       


      

     

     
       
    This Unit 

    Unit Information

    Assessment

    Syllabus

    Scheme of Work
    Learning Resources

    Notes & Lessons

    Assignments

    Quizzes

    Activities

    Resources

    Books & Things

    Links