Ping and Traceroute: Essential Network Diagnostic Tools

Ping and traceroute are fundamental network diagnostic tools used to test connectivity, measure latency, and troubleshoot network issues. Understanding how to use these tools effectively is essential for anyone managing networks or troubleshooting connectivity problems. This comprehensive guide explains ping, traceroute, and their practical applications.

Ping

What is Ping?

Ping is a network utility that tests reachability of a host and measures round-trip time for packets sent to that host. It uses ICMP Echo Request and Echo Reply messages.

Purpose:

Test connectivity
Measure latency
Verify DNS resolution
Check packet loss
Diagnose network issues

Learn more about ICMP, DNS servers, and network troubleshooting.

How ping works:

1. Send ICMP Echo Request (Type 8)
2. Target receives request
3. Target sends Echo Reply (Type 0)
4. Source receives reply
5. Calculate round-trip time (RTT)
6. Display results
7. Repeat

Basic Ping Usage

Linux/macOS:

# Basic ping (runs until Ctrl+C)
ping google.com

# Specific count
ping -c 4 google.com

# Interval between pings
ping -i 2 google.com  # 2 seconds

# Packet size
ping -s 1000 google.com  # 1000 bytes

# Timeout
ping -W 2 google.com  # 2 second timeout

# Flood ping (requires root)
sudo ping -f google.com

# IPv6
ping6 google.com

Windows:

# Basic ping (4 packets default)
ping google.com

# Specific count
ping -n 10 google.com

# Continuous
ping -t google.com

# Packet size
ping -l 1000 google.com

# Timeout
ping -w 2000 google.com  # 2000 milliseconds

# IPv6
ping -6 google.com

Understanding Ping Output

Successful ping:

PING google.com (142.250.185.46) 56(84) bytes of data.
64 bytes from lhr25s34-in-f14.1e100.net (142.250.185.46): icmp_seq=1 ttl=117 time=12.3 ms
64 bytes from lhr25s34-in-f14.1e100.net (142.250.185.46): icmp_seq=2 ttl=117 time=11.8 ms
64 bytes from lhr25s34-in-f14.1e100.net (142.250.185.46): icmp_seq=3 ttl=117 time=12.1 ms
64 bytes from lhr25s34-in-f14.1e100.net (142.250.185.46): icmp_seq=4 ttl=117 time=11.9 ms

--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3005ms
rtt min/avg/max/mdev = 11.8/12.0/12.3/0.2 ms

Field explanations:

64 bytes: Packet size (56 data + 8 ICMP header)
from: Source of reply
icmp_seq: Sequence number
ttl: Time to Live (hops remaining)
time: Round-trip time in milliseconds

Statistics:
packets transmitted: Sent
received: Received replies
packet loss: Percentage lost
time: Total test duration
rtt: Round-trip time (min/avg/max/standard deviation)

Failed ping:

PING 192.168.1.100 (192.168.1.100) 56(84) bytes of data.
From 192.168.1.1 icmp_seq=1 Destination Host Unreachable
From 192.168.1.1 icmp_seq=2 Destination Host Unreachable
From 192.168.1.1 icmp_seq=3 Destination Host Unreachable

--- 192.168.1.100 ping statistics ---
3 packets transmitted, 0 received, +3 errors, 100% packet loss, time 2047ms

Common error messages:

Destination Host Unreachable: Host not responding
Destination Network Unreachable: No route to network
Request timeout: No reply received
Unknown host: DNS resolution failed
Network is unreachable: No network connectivity

Interpreting Ping Results

Good connectivity:

Low latency: <20ms excellent, <50ms good
No packet loss: 0%
Consistent times: Low standard deviation
Stable TTL: Same value

Poor connectivity:

High latency: >100ms
Packet loss: >1%
Variable times: High standard deviation
Intermittent: Some packets lost

Latency guidelines:

<10ms: Excellent (local network)
10-50ms: Good (regional)
50-100ms: Acceptable (national)
100-200ms: Noticeable (international)
>200ms: Poor (satellite, congestion)

Advanced Ping Options

Packet size testing:

# Test MTU
ping -s 1472 -M do google.com  # Linux (1472 + 28 = 1500)
ping -f -l 1472 google.com     # Windows

# If successful: MTU is at least 1500
# If failed: MTU is smaller, reduce size

Flood ping (stress test):

sudo ping -f google.com
# Sends packets as fast as possible
# Displays . for sent, backspace for received
# Tests maximum throughput
# Requires root/admin

Specific interface:

# Linux
ping -I eth0 google.com

# Windows
ping -S 192.168.1.100 google.com

Record route:

# Linux
ping -R google.com

# Shows route taken (limited to 9 hops)

Timestamp:

# Linux
ping -D google.com
# Prints timestamp with each reply

Ping Use Cases

1. Test connectivity:

ping 8.8.8.8
# Tests if internet is reachable
# Google's public DNS

2. Test DNS:

ping google.com
# If fails but ping 8.8.8.8 works: DNS issue
# If both fail: Network/internet issue

3. Test local network:

ping 192.168.1.1
# Tests connection to gateway
# Isolates local vs internet issues

4. Measure latency:

ping -c 100 server.example.com
# Large sample for accurate average
# Identify latency patterns

5. Monitor connectivity:

ping -i 60 google.com > ping_log.txt &
# Ping every 60 seconds
# Log to file
# Background process

Traceroute

What is Traceroute?

Traceroute maps the path packets take from source to destination, showing each hop (router) along the way and measuring latency to each hop.

Purpose:

Identify network path
Locate routing issues
Measure hop-by-hop latency
Diagnose slow connections
Find network bottlenecks

How traceroute works:

1. Send packet with TTL=1
2. First router decrements TTL to 0
3. Router sends ICMP Time Exceeded
4. Record first hop
5. Send packet with TTL=2
6. Second router sends Time Exceeded
7. Record second hop
8. Continue until destination reached
9. Destination sends final reply

Traceroute Variations

Linux (traceroute):

# Default (UDP)
traceroute google.com

# ICMP-based
traceroute -I google.com

# TCP-based
traceroute -T -p 80 google.com

# IPv6
traceroute6 google.com

Windows (tracert):

# ICMP-based (default)
tracert google.com

# Maximum hops
tracert -h 20 google.com

# Timeout
tracert -w 1000 google.com  # 1000ms

# IPv6
tracert -6 google.com

macOS:

# Default (UDP)
traceroute google.com

# ICMP-based
traceroute -I google.com

# TCP-based
traceroute -P TCP -p 80 google.com

Understanding Traceroute Output

Successful traceroute:

traceroute to google.com (142.250.185.46), 30 hops max, 60 byte packets
 1  router.local (192.168.1.1)  1.234 ms  1.123 ms  1.089 ms
 2  10.0.0.1 (10.0.0.1)  5.678 ms  5.432 ms  5.321 ms
 3  isp-gateway.net (203.0.113.1)  12.345 ms  12.234 ms  12.123 ms
 4  core1.isp.net (198.51.100.1)  15.678 ms  15.567 ms  15.456 ms
 5  peer.backbone.net (192.0.2.1)  18.901 ms  18.890 ms  18.789 ms
 6  lhr25s34-in-f14.1e100.net (142.250.185.46)  20.123 ms  20.012 ms  19.901 ms

Field explanations:

1, 2, 3...: Hop number
router.local: Hostname (if reverse DNS available)
(192.168.1.1): IP address
1.234 ms: Round-trip time for probe 1
1.123 ms: Round-trip time for probe 2
1.089 ms: Round-trip time for probe 3

Timeouts and asterisks:

 4  * * *
 5  router.example.com (203.0.113.5)  25.123 ms  25.012 ms  24.901 ms

* * * means:
- No response received
- Firewall blocking ICMP
- Router configured not to respond
- Packet loss at that hop

Asymmetric routing:

 4  router-a.net (203.0.113.1)  15.123 ms
    router-b.net (203.0.113.2)  15.234 ms
    router-a.net (203.0.113.1)  15.345 ms

Different routers for different probes
Load balancing
Multiple paths
Normal behavior

Interpreting Traceroute Results

Identifying issues:

High latency at specific hop:

 1  router.local (192.168.1.1)  1.2 ms  1.1 ms  1.0 ms
 2  isp-gateway (203.0.113.1)  5.3 ms  5.2 ms  5.1 ms
 3  slow-router (198.51.100.1)  150.5 ms  150.3 ms  150.2 ms  ← Problem
 4  next-router (192.0.2.1)  155.6 ms  155.4 ms  155.3 ms
 5  destination (142.250.185.46)  160.7 ms  160.5 ms  160.4 ms

Issue at hop 3: Congestion or slow link
All subsequent hops show increased latency

Packet loss at hop:

 1  router.local (192.168.1.1)  1.2 ms  1.1 ms  1.0 ms
 2  isp-gateway (203.0.113.1)  5.3 ms  5.2 ms  5.1 ms
 3  * * *  ← Possible issue
 4  next-router (192.0.2.1)  15.6 ms  15.4 ms  15.3 ms
 5  destination (142.250.185.46)  20.7 ms  20.5 ms  20.4 ms

If destination reachable: Hop 3 blocking ICMP (normal)
If destination unreachable: Hop 3 has issues

Routing loop:

 1  router.local (192.168.1.1)  1.2 ms  1.1 ms  1.0 ms
 2  router-a (203.0.113.1)  5.3 ms  5.2 ms  5.1 ms
 3  router-b (198.51.100.1)  10.5 ms  10.3 ms  10.2 ms
 4  router-a (203.0.113.1)  15.6 ms  15.4 ms  15.3 ms  ← Loop
 5  router-b (198.51.100.1)  20.7 ms  20.5 ms  20.4 ms  ← Loop
...

Packets cycling between routers
Routing misconfiguration
Eventually TTL expires

Advanced Traceroute Options

TCP traceroute (bypass firewalls):

# Linux
sudo traceroute -T -p 443 google.com

# Useful when ICMP/UDP blocked
# Uses TCP SYN packets
# Port 443 (HTTPS) often allowed

Specific number of probes:

# Linux
traceroute -q 5 google.com  # 5 probes per hop

# More probes = better accuracy
# Fewer probes = faster

Maximum hops:

# Linux
traceroute -m 15 google.com

# Windows
tracert -h 15 google.com

# Limits search depth
# Default usually 30

Wait time:

# Linux
traceroute -w 2 google.com  # 2 second wait

# Windows
tracert -w 2000 google.com  # 2000 milliseconds

# Adjust for slow networks

Packet size:

# Linux
traceroute google.com 1000  # 1000 byte packets

# Test MTU issues
# Larger packets may reveal problems

Don't resolve hostnames:

# Linux
traceroute -n google.com

# Windows
tracert -d google.com

# Faster (no DNS lookups)
# Shows only IP addresses

Traceroute Use Cases

1. Identify routing path:

traceroute google.com
# See which ISPs/networks traversed
# Understand traffic flow

2. Locate latency source:

traceroute slow-server.com
# Find which hop adds latency
# Identify bottlenecks

3. Diagnose connectivity issues:

traceroute unreachable-host.com
# See where packets stop
# Identify failing router/network

4. Verify routing changes:

# Before change
traceroute destination.com > before.txt

# After change
traceroute destination.com > after.txt

# Compare paths
diff before.txt after.txt

5. Geographic path analysis:

traceroute -I international-site.com
# See geographic routing
# Identify submarine cables
# Understand latency sources

MTR (My Traceroute)

What is MTR?

MTR combines ping and traceroute into a single tool, providing continuous monitoring of the path with real-time statistics.

Installation:

# Debian/Ubuntu
sudo apt install mtr

# RHEL/CentOS
sudo yum install mtr

# macOS
brew install mtr

Basic usage:

# Interactive mode
mtr google.com

# Report mode
mtr -r -c 100 google.com

# No DNS resolution
mtr -n google.com

# TCP mode
mtr -T -P 443 google.com

MTR output:

                             My traceroute  [v0.93]
host (192.168.1.100)                                    2024-03-07T14:00:00+0000
Keys:  Help   Display mode   Restart statistics   Order of fields   quit
                                       Packets               Pings
 Host                                Loss%   Snt   Last   Avg  Best  Wrst StDev
 1. router.local                      0.0%   100    1.2   1.2   1.0   1.5   0.1
 2. isp-gateway.net                   0.0%   100    5.3   5.3   5.0   5.8   0.2
 3. core1.isp.net                     0.0%   100   12.4  12.4  12.0  13.0   0.3
 4. peer.backbone.net                 0.0%   100   18.9  18.9  18.5  19.5   0.3
 5. google.com                        0.0%   100   20.1  20.1  19.8  20.8   0.3

Advantages over traceroute:

Continuous monitoring
Real-time statistics
Packet loss per hop
Latency statistics (min/avg/max/stddev)
Better for troubleshooting

Troubleshooting with Ping and Traceroute

Systematic Approach

Step 1: Test local connectivity

# Ping localhost
ping 127.0.0.1
# Should always work
# Tests TCP/IP stack

# Ping gateway
ping 192.168.1.1
# Tests local network
# If fails: Local network issue

Step 2: Test DNS

# Ping by IP
ping 8.8.8.8
# If works: Internet OK

# Ping by hostname
ping google.com
# If fails but IP works: DNS issue

Step 3: Trace path

traceroute google.com
# Identify where packets stop
# Locate latency sources

Step 4: Test specific service

# TCP traceroute to specific port
traceroute -T -p 443 website.com
# Tests path to specific service

Common Scenarios

Scenario 1: Can't reach website

# Test connectivity
ping website.com
# If fails: Continue

# Test DNS
ping 8.8.8.8
# If works: DNS issue
# If fails: Network issue

# Trace path
traceroute website.com
# See where it stops

Scenario 2: Slow connection

# Measure latency
ping -c 100 destination.com
# Check average and packet loss

# Identify bottleneck
mtr destination.com
# Find hop with high latency or loss

Scenario 3: Intermittent connectivity

# Continuous ping
ping -i 1 destination.com > ping_log.txt
# Monitor over time
# Identify patterns

# Analyze results
grep "time=" ping_log.txt | awk '{print $7}' | sed 's/time=//' | sort -n
# Statistical analysis

Scenario 4: High latency

# Traceroute to identify source
traceroute destination.com
# Look for sudden latency increase

# MTR for detailed stats
mtr -r -c 100 destination.com
# Identify problematic hop

Best Practices

Ping

1. Use appropriate count:

# Quick test: 4-10 packets
ping -c 4 google.com

# Accurate measurement: 100+ packets
ping -c 100 google.com

# Monitoring: Continuous with interval
ping -i 60 google.com

2. Test multiple targets:

# Local gateway
ping 192.168.1.1

# External DNS
ping 8.8.8.8

# Destination
ping destination.com

3. Consider packet size:

# Default (56 bytes data)
ping google.com

# Large packets (test MTU)
ping -s 1472 google.com

# Jumbo frames
ping -s 8972 google.com

Traceroute

1. Use appropriate method:

# Default (UDP) - fastest
traceroute google.com

# ICMP - more compatible
traceroute -I google.com

# TCP - bypass firewalls
traceroute -T -p 443 google.com

2. Interpret asterisks correctly:

* * * doesn't always mean problem
Check if destination is reachable
ICMP blocking is common
Focus on overall path

3. Run multiple times:

# Paths may change
traceroute google.com
# Wait a moment
traceroute google.com
# Compare results

General

1. Document baselines:

Normal ping times
Typical paths
Expected hop count
Packet loss norms

2. Consider time of day:

Network congestion varies
Peak hours vs off-peak
International time zones
Maintenance windows

3. Use appropriate tools:

Quick test: ping
Path analysis: traceroute
Detailed monitoring: mtr
Packet capture: tcpdump/Wireshark

Conclusion

Ping and traceroute are essential tools for network diagnostics and troubleshooting. Ping tests connectivity and measures latency, while traceroute maps the network path and identifies routing issues. Understanding how to use these tools effectively enables quick diagnosis of network problems and optimization of network performance.

Related Articles

Network Protocols

• ICMP - Protocol used by ping
• Routing - How traceroute works
• Default Gateway - First hop in traceroute
• DNS Servers - DNS resolution in ping

Troubleshooting

• Network Troubleshooting - Diagnostic techniques
• Connection Problems - Connectivity issues
• DNS Issues - DNS problems
• IP Conflict - Address conflicts

Network Tools

• What Is My IP? - Check your IP
• IP Lookup - IP information
• Reverse DNS - Hostname lookup
• Network Scanning - Network discovery

Explore More

• Tools & Utilities - Diagnostic tools hub
• Troubleshooting - Problem-solving hub

Key takeaways: - Ping tests reachability and measures RTT - Traceroute shows path and hop-by-hop latency - MTR combines both with continuous monitoring - Interpret results in context - Use systematic troubleshooting approach - Multiple tests provide better data - Different methods (ICMP/UDP/TCP) for different scenarios - Asterisks don't always indicate problems - Document baselines for comparison - Essential for network troubleshooting

Mastering ping and traceroute enables effective network troubleshooting, performance optimization, and understanding of network topology and behavior.