Built into Windows 2000, Pathping helps identify the source of slow connection problems between network hosts.

Microsoft’s Pathfinder

Built into Windows 2000, Pathping helps identify the source of slow connection problems between network hosts.

We’ve all been there. You’re connecting to a really slow server, and you’re wondering: Why is this one machine moving like molasses? Don’t you wish you had a way to diagnose the exact problem?

Why not just fire up Tracert (Traceroute, used to see the path a packet takes from your computer to a destination) or Ping (Packet Internet Groper, used to test connectivity and link speed between your computer and a destination) and see where the weak spots are? Well, the problem here is that these two tools don’t give you the complete picture. With Tracert, all you get is end-to-end ping times along each router. Ping tells you only the round-trip time for the test packet. Thankfully, though, Microsoft has provided a more powerful solution, Pathping, which is built into Windows 2000. In a nutshell, Pathping is an advanced diagnostic utility that helps identify the source of slow connection problems between hosts.

When Pathping performs a scan, the first part of the output is similar to Tracert in that it simply shows the path from your IP address to the destination. But with Pathping, after showing this path, a scanning time estimate is displayed while the utility sends large numbers of packets to the various routers along the path. After a delay, Pathping shows the detailed test results gleaned by statistically analyzing the returned packets. Let’s look at a sample of output and see what’s going on:

Pathping Scan:

c:\>pathping -n test

Tracing route to test [7.54.1.196] over a maximum of 30 hops:
0 172.16.87.35
1 172.16.87.218
2 192.68.52.1
3 192.68.80.1

Computing statistics for 100 seconds...
      Source to Here    This Node/Link
Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
0       172.16.87.35 0/ 100 = 0% |
1 41ms  0/ 100 = 0% 0/ 100 = 0% 172.16.87.218 13/ 100 = 13% |
2 22ms  16/ 100 = 16% 3/ 100 = 3% 192.68.52.1 0/ 100 = 0% |
3 24ms  0/ 100 = 16% 0/ 100 = 0% 192.68.80.1

Trace complete.

In this scan, the routers are represented by lines ending with an address and the paths between hops (a packet moving from router to router) are represented by the vertical bars ( | ). As shown, there’s 13 percent packet loss on the link between hops 1 and 2, as evidenced by the vertical bar signifying the link and not the endpoint of the connections between the two routers. Also, take note of hop 2 and observe that a router is dropping 3 percent of the direct requests. Yet, it seems to be forwarding packets without problem, as evidenced by the normal link below it. The column to watch, then, is “This Node/Link,” as it tells you the loss at that particular location. In this case, it appears that the router CPU at hop 2 is overloaded and is dropping packets directed at it.

For those who are QoS (Quality-of-Service) savvy, Pathping features some useful scanning options, including checking for Layer-2 priority tags (used to identify routers that don’t have Layer-2 priority configured properly) and RSVP-aware routers (Resource Reservation Protocol, allowing a host computer to reserve a certain amount of bandwidth for a data stream). Testing routers for this kind of functionality may help you diagnose issues by providing as much information as possible about router capabilities.

Pathping (included with Windows 2000 Server)
Looking to avoid that “network-servers-are-slower-than-molasses” feeling? Pathping can help. (Click image to view larger version.)

To speed up the first portion of a Pathping analysis, I recommend turning off name resolution using the –n switch. Now, get out there and use Pathping to analyze your link problems! I’d be interested in hearing some stories about how this utility saved the day.

About the Author

Chip Andrews, MCSE+I, MCDBA is a software security architect at (Clarus Corp.). Chip maintains the (sqlsecurity.com) Web site and speaks at security conferences on SQL Server security issues.

comments powered by Disqus

Reader Comments:

Wed, Oct 27, 2004 Anonymous Anonymous

Simple and Useful Tool

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.