Page 1 of 5

Ping explained

ping is perhaps the most commonly used tool to troubleshoot a network. Ping (Packet Internet Groper) is included with
most operating systems. It is invoked using a ping command and uses ICMP (Internet Control Message Protocol) to
reports errors and provides information related to IP packet processing. Ping works by sending an ICMP echo request
message to the specified IP address. If the computer with the destination IP address is reachable, it responds with an ICMP
echo reply message.
A ping command usually outputs some other information about a network performance, e.g. a round-trip time, a time to
send an ICMP request packetand receive an ICMP reply packet.
Here is an output of the ping command from Windows 7:

In the example above we have pinged the ip address 10.10.100.1. By default, ping on Windows sends four ICMP request
packets. As you can see from the output above, the host with the IP address of 10.10.100.1 is reachable and has replied with
four ICMP reply packets. You can also see that the remote host has replied within 1 ms (time<1ms), which indicates that the
network is not congested.

Traceroute explained

Traceroute is a command-line interface based tool used to identify the path used by a packet to reach its target. This tool
also uses ICMP messages, but unlike ping, it identifies every router in a path taken by the packets. Traceroute is useful when
troubleshooting network problems because it can help identify where exactly the problem is. You can figure out which
router in the path to an unreachable target should be examined more closely as the probable cause of the network’s failure.

Traceroute sends a series of ICMP echo request packets to a destination. First series of messages has a Time to Live (TTL)
parameter set to 1, which means that the first router in a path will discard the packet and send an ICMP Time Exceeded
message. TTL is then increased by one until the destination host is reached and an ICMP echo reply message is received.
Originating host can then use received ICMP messages to identify all routers in a path.

Here is an example of using the tracert command in Windows:

 Page 2 of 5

NOTE
The traceroute command on Windows is named tracert. On Unix and Cisco IOS traceroute it is invoked using
the traceroute command.

In the output above you can see that the traceroute command has listed the IP addresses of all of the routers in the path.

Traceroute on Unix-like operating systems

Traceroute command on Unix works slighty different than the Windows version. It uses UDP packets with a large destination
port number (33434 to 33534) that is unlikely to be used by any application at the destination host. Like the Windows version
of the command, traceroute on Unix uses TTL to get the IP addresses of the intermediary routers. When a destination host is
reached, it replies with an ICMP port unreachable message.

Traceroute in Network Layer

Consider a situation when you are not able to access a website and can access other websites. You would want to know if
this is a problem with your network, some intermediate network or with web server. How do you figure out?
You can use Traceroute.

What is traceroute?
Traceroute is a widely used command line utility available in almost all operating systems. It shows you the complete route
to a destination address. It also shows the time taken (or delays) between intermediate routers. Isn’t it great? Below is an
example on Windows operating System.

What does above output mean?

The first column is serial number for intermediate routers. In above output, three packets are sent to every hop to get good
estimate of delays for every router. The three columns show time taken by three different packets. The last column is
IP/Name of intermediate routers.
The output shows three delay for first hop, followed by delays for second hop and so on.

What is command in Linux and other Operating Systems?

In Windows, as shown above, command name is “tracert”, but in Linux, Unix and Apple MAC OS, command is “traceroute”.

How does traceroute work?

As shown in below diagram, there are intermediate routers between source and destination.

It sends many packets toward the destination.

The first set of packets (3 packets in above example) are sent in a way that they are dropped by first intermediate hop and a
control message is received from first intermediate node to get the time estimation for first hop.

The second set of packets (3 packets in above example) are sent in a way that they are dropped by second intermediate hop
and a control message is received from second intermediate node to get the time estimation for first hop.
 Page 3 of 5

How does traceroute make sure that a packet is dropped at i’th hop?
It uses TTL field for this purpose. TTL is set as 1 for first packet(s), then 2 and so on until destination is reached.
How is total time estimated?
When a packet is dropped, the router sends an ICMP Time Exceeded message back to the source. That is how source figures
out total time.
Traceroute is a widely used command line utility in networks.

Network Troubleshooting Methodology and Techniques

Another critical skill that a Network Engineer has to have is network troubleshooting. Network issues often arise wherein we
do not even have any idea of what caused it. Network problems are inevitable, and you should be equipped with various
network troubleshooting tools and skills to be able to address these issues once they happen.

The Cisco Troubleshooting Methodology

Cisco has developed a troubleshooting model to effectively address network issues that will arise and equip you in handling
such problems. An important part of troubleshooting is to know how to divide the tasks needed to resolve the issue in a
systematic process of elimination. Cisco has broken down the process into eight methodical steps:

1. Define the problem.

2. Gather detailed information.
3. Consider probable cause for the failure.
4. Devise a plan to solve the problem.
5. Implement the plan.
6. Observe the results of the implementation.
7. Repeat the process if the plan does not resolve the problem.
8. Document the changes made to solve the problem.

OSI Model Approach

Another method that a network administrator uses when troubleshooting a network problem is by referring to the OSI
Model. There are several ways to address a network issue using the OSI model, depending on the situation.
Top-Down
This technique is used by analyzing the problem starting from the top of the OSI model, which is the Application layer, and
going down the stack. This kind of network troubleshooting technique usually is chosen when you have reason to believe
that the issue is most likely on layer 7 based on your past experiences, new software installations, user interface revisions, or
security updates.

Bottom-Up
This OSI approach starts the network issue analysis from the Physical layer, then work your way up to eliminate more
potential causes of the issue that will help you isolate the most probable root cause of the problem. This is usually done
when we are experiencing a network-wide issue that affects more users.
The bottom-up approach is very useful because the troubleshooting takes place immediately on the network, so access to
clients, servers, or applications is not necessary until the later phase of the troubleshooting process. Most network issues
arise because of hardware problems, such as legacy devices used within the network having less priority for support and
maintenance. A disadvantage of this technique is that it can get time-consuming, especially on large networks with a lot of
end-users.
 Page 4 of 5

Divide and Conquer

This approach gives a balance between the two techniques above. This is usually used when you do not have a clear idea of
what may have caused the network outage. This is done by starting in the middle of the OSI stack, usually on the Transport
layer, and perform ping and traceroute tests to isolate the issue.
This method is considered a highly effective technique and arguably one of the most popular troubleshooting approaches
used today because regardless of the outcome of the initial tests, this technique is more likely to point what or where the
problem is by quickly eliminating the potential root cause.

Troubleshooting Methods
Here are some other troubleshooting methods that can be used to efficiently isolate the root cause of the network issue and
immediately implement the best solution to it.

Compare Configurations
A lot of network performance issues are usually caused by human errors, and the initial way to troubleshoot problems is to
check if there are configuration changes that have been made in the network. One way of knowing these changes is by
implementing the AAA mechanism because such changes are being logged by an AAA server, or you can locally access the
logs within the device.

Trace the Path

One of the most used troubleshooting tools is sending a ping to your destination device. There is another ICMP-based tool
that shows you where the ICMP packet stopped in the network, and that is the traceroute. Having to know where your ping
stops gives you an advantage in knowing where the issue is happening so you can easily isolate the problem and further
analyze the best approach to rectifying the issue.

Swap-out Components
Usually, network outages are caused by hardware failures ranging from a simple ethernet cable wear and tear to full-on
equipment failure. When this happens, we have no choice but to replace the defective hardware with a new one to keep the
network up and running. This approach is also used to check if there is a specific device that causes the issue in the network
and monitors what happens once the swap has been made.
Connectivity Troubleshooting Tools
There are various troubleshooting tools that are being used to analyze network connection outages or performance issues.
Below are some of the most effective tools that we utilize in troubleshooting and can be helpful if we understand how they
function.
arp — Address Resolution Protocol (ARP) is a protocol that connects an Internet Protocol (IP) address to a fixed physical
machine address, also known as a media access control (MAC) address, in a local-area network (LAN).
ping – is a tool that is used to test the reachability of the destination host by sending an Internet Control Message Protocol
(ICMP) packet towards the destination and providing the round-trip time of the packet, which shows how fast it traverses the
network.
 Page 5 of 5

traceroute – is a diagnostic command that is used to identify where the ICMP packet stops if ever ping tool was not
successful and did not reach the destination host. Traceroute shows where the packet travels, so it can easily help us identify
where the problem lies.
route — this command enables manual updating of the routing table. The route command can be used to troubleshoot
static routing problems in a network.
Telnet – is a protocol that provides a command-line interface for communication with a remote device or server,
sometimes employed for remote management but also for initial device setup like network hardware.

ICMP (Internet Control Message Protocol)

ICMP (Internet Control Message Protocol) is a network layer protocol that reports errors and provides information related
to IP packet processing. ICMP is used by network devices to send error messages indicating, for example, that a requested
service is not available or that a host isn’t reachable.
ICMP is commonly used by network tools such as ping or traceroute. Consider the following example that illustrates how
ping can be used to test the reachability of a host:

Host A wants to test whether it can reach Server over the network. Host A will start the ping utility that will send ICMP Echo
Request packets to Server. If Server is reachable, it will respond with ICMP Echo Reply packets. If Host A receives no
response from Server, there might be a problem on the network.

NOTE
ICMP messages are encapsulated in IP datagrams, which means that they don’t use higher level protocols (such as TCP or
UDP) for transmission.

One other common ICMP message is the Destination unreachable message. Here is an example:

Host A sends a packet to Host B. Because the Host B is down, the router will send an ICMP Destination
host unreachable message to Host A, informing it that the destination host is unreachable, e.g.:

C:\>ping 192.168.8.11

Pinging 192.168.8.11 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.8.11:

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss)