More ping goodness

Strange problems with the corporate WAN? Welcome to my world. I’m a big enthusiast of ICMP diagnostics with ping (see Let there be ping!), and traceroute and pathping as well. One particular issue is quickly identifiable with stock-standard ICMP ping. Look at this output, for example:


C:\Users\spadmin>ping -n 25 dc-0001.asia.example.net

Pinging dc-0001.asia.example.net [172.25.7.71] with 32 bytes of data:
Reply from 172.25.7.71: bytes=32 time=38ms TTL=115
Reply from 172.25.7.71: bytes=32 time=20ms TTL=115
Reply from 172.25.7.71: bytes=32 time=42ms TTL=115
Reply from 172.25.7.71: bytes=32 time=48ms TTL=115
Reply from 172.25.7.71: bytes=32 time=124ms TTL=115
Reply from 172.25.7.71: bytes=32 time=33ms TTL=115
Reply from 172.25.7.71: bytes=32 time=80ms TTL=115
Reply from 172.25.7.71: bytes=32 time=31ms TTL=115
Reply from 172.25.7.71: bytes=32 time=33ms TTL=115
Reply from 172.25.7.71: bytes=32 time=32ms TTL=115
Reply from 172.25.7.71: bytes=32 time=20ms TTL=115
Reply from 172.25.7.71: bytes=32 time=22ms TTL=114
Reply from 172.25.7.71: bytes=32 time=20ms TTL=115
Reply from 172.25.7.71: bytes=32 time=21ms TTL=115
Reply from 172.25.7.71: bytes=32 time=22ms TTL=115
Reply from 172.25.7.71: bytes=32 time=23ms TTL=115
Reply from 172.25.7.71: bytes=32 time=26ms TTL=115
Reply from 172.25.7.71: bytes=32 time=25ms TTL=115
Reply from 172.25.7.71: bytes=32 time=21ms TTL=115
Request timed out.
Reply from 172.25.7.71: bytes=32 time=21ms TTL=115
Reply from 172.25.7.71: bytes=32 time=20ms TTL=115
Reply from 172.25.7.71: bytes=32 time=35ms TTL=115
Reply from 172.25.7.71: bytes=32 time=36ms TTL=115
Reply from 172.25.7.71: bytes=32 time=26ms TTL=115


Obviously there’s packet loss, not a good sign ever. But the other line is out of ordinary and signifies not just congested link or faulty cable. That’s the line where the return TTL is different from any other TTL. That means that ICMP echo response took different route, not the same as the other 23 packets that were returned. Which, in turn, signifies a problem with WAN routing infrastructure. Although IP, the Internet Protocol, was designed to sustain full scale attack affecting communication lines and changing routes are standard, that shouldn’t occur on a normal day on your corporate network.


There’s one more thing. Check out Smokeping. It’s ping monitor on steroids – something you really need in very dynamic and partially stable environments. And it’s free, as in free beer.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>