Troubleshooting Connectivity with ping
ping is a valuable command to check connectivity with other computers. It uses Internet Control Message Protocol (ICMP), which is the messenger service of the networking world.
You can ping an IP address or a host name. However, if you do use a host name, the first step in the process is that the ping will resolve the host name to an IP address. Listing-3 shows a basic ping command used to check connectivity with a server named DC1 in a network.
Listing 14-3: Successfullying pinging a computerC:\>ping dc1 Pinging dc1 [192.168.1.112] with 32 bytes of data: Reply from 192.168.1.112: bytes=32 time=1ms TTL=128 Reply from 192.168.1.112: bytes=32 time=1ms TTL=128 Reply from 192.168.1.112: bytes=32 time=1ms TTL=128 Reply from 192.168.1.112: bytes=32 time=1ms TTL=128 Ping statistics for 192.168.1.112: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms
Two very important point things occurred here, and both provide you with valuable information.
First, the computer named dc1 was resolved to the IP address of 192.168.1.112. You can see that in the first line after the ping dc1 command. If name resolution did not work, you would instead see this error:
Ping request could not find host dc1. Please check the name and try again.
Second, the ping command sent four packets to the server named dc1 and received four packets back. This reply verifies that the computer named dc1 is operational and able to respond to the ping request. If the server was not operational or not able to respond to the ping request, you would instead see a response similar to Listing-4.
Listing-4: Unsuccessfully pinging a computerC:\>ping dc1 Pinging dc1 [192.168.1.112] with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.1.112: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Notice that even though the requests timed out, name resolution still worked. The ping command provides a reliable method to test name resolution. ping assumes the name (dc1 in the example) is a host name so attempts host name resolution methods first (such as DNS).
It's also important to realize that just because you receive a "Request timed out" response doesn't necessarily mean that the other computer is not operational. Secure networks and secure computers often have firewall rules blocking ICMP. If ICMP is blocked, the ping will fail even when the computer is operational.
It's common for Windows 7 and Windows Server 2008 firewalls to block incoming ICMP traffic.
The following are some other error messages you may see from the ping command:
Destination Host Unreachable This usually indicates a problem with routing. The local computer may not be configured with the correct default gateway, the remote computer may not be configured with the correct default gateway, or a router between the two may be misconfigured or faulty.
TTL Expired in Transit The time to live (TTL) value starts at 128 on Windows Server 2008 and 64 on Windows 7. It is decremented each time the ping passes through a router (also called a hop). If the TTL value is lower than the number of routers the ping must pass through to reach its destination, the ping packet is discarded. However, it's very rare that a ping will need to go through 64 or 128 routers, unless there is a problem with routing.
It shows several systems on two subnetworks separated by a router. Imagine that Joe is unable to connect with the server named FS1 and she asks you for help. You can use the ping command to check for several different situations.
The following steps show how you can troubleshoot the problem with ping:
You don't have to use the same order shown in these steps. You can use any order desired as long as you are able to identify the problem.
- Enter ping localhost or ping 127.0.0.1.
By pinging the localhost or the loopback address (127.0.0.1), you can verify that TCP/IP is functioning correctly on Joe's local system. You should get four successful replies. You can also use ping -4 localhost or ping -6 localhost to check IPv4 or IPv6, respectively. - Enter ping 192.168.1.5.
This checks connectivity through a switch (or a hub) but not the router. You can also ping any other computer with the same network ID. If these pings fail, the problem is on this side of the router. - Enter ping 192.168.1.1.
This pings the default gateway. Remember, you can use ipconfig to determine the IP address of the default gateway.
You may choose to do step 3 first to reduce troubleshooting steps. If it fails, the problem is on Joe's side of the router (or the router itself). - Enter ping 192.168.3.1.
This is the far side of the router. If successful, it indicates the router is successfully routing traffic. If it fails but you can ping 192.168.1.1 (the default gateway for 192.168.1.1), it indicates the router is causing the connectivity problem and may be misconfigured or faulty. - Enter ping 192.168.3.10.
This pings the IP address of the server named FS1. If this succeeds, it indicates that the server is up and operational. Remember, though, if it fails, it could be because the server is blocking ICMP traffic. - Enter ping fs1.
The first step of the ping should be to resolve the name fs1 to the IP address of 192.168.3.10. If it can't resolve the name, the problem is with name resolution. The primary name resolution methods to check are DNS, the host cache, and the hosts file.
You can use other switches with ping as outlined in Table-3.
Table-3 Some ping switchesSwitch | Comments |
---|---|
-4 Ping fs1 -4 | Forces the use of an IPv4 address instead of IPv6. |
-6 Ping fs1 -6 | Forces the use of an IPv6 address instead of IPv4. |
-t Ping fs1 -t | Continuing pinging until stopped. You can press Ctrl+C to stop the pings. |
-a Ping -a 192.168.1.5 | Resolves IP addresses to host names. This requires that DNS has reverse lookup zones and associated pointer records, which are both optional. In other words, it may not work but doesn't indicate a problem. |
-w Ping 192.168.1.5 -w 5000 | This changes the timeout from the default of one second to five seconds (5,000 milliseconds). In cases when a computer is heavily loaded or under an attack, ping may fail with a timeout even when it is operational and ICMP is not blocked. |