Tip for pathping

This lesser known command line utility, introduced on Windows 2000, is something of a hybrid between ping and tracert.

Instead of just determining the path, pathping also sends a barrage of pings to each host along the route. After pathping completes (which can take 5 minutes) it generates statistics for failed pings at each node making it easy to indentify hosts in the route where packet loss is occurring. It also shows averaged round trip times (RTT) to each node, allowing you to identify slow hops, and visualize a packet's journey.

If you are anything like me though, you may never have paid close attention to pathping’s (somewhat confusing) output...

image

If you look carefully (ok, not that carefully – I’ve circled the section in red) you will see the ASCII art bars “connecting” each host. What’s interesting is pathping shows you both the packet loss* between yourself and the host*, as well as packet loss on the links between hosts (the bars). As you can see in the screen shot above its perfectly possible to have a host (telstra310) that is not directly reachable, yet is perfectly able to forward on packets. There is an example in the the full pathping documentation that describes such a result like this:

The routers [snip] are dropping packets addressed to them, but this loss does not affect their ability to forward traffic that is not addressed to them.
One thing I still haven’t figured out is what the value in the “This Node/Link” means in a row that has a “Source to Here” entry. I am assuming it means routed packets that entered the host but never left. Answers on a postcard.
blog comments powered by Disqus