Analyzing Networks Using Ping and Traceroute

Sometimes the web address that you visit often can not be accessed as fast as usual, on the internet this can happen due to several reasons, most often because the Internet is that we've been through it's full melambatatau or server from the web address being accessed by many people that takes time for the server to process our request.


It is difficult to detect existing problems on a remote server (a server located elsewhere), but there are some software that can help us to detect network conditions we've been through.

The two most common software writers use to detect the network is the ping and traceroute. Utility was originally created for the Unix operating system, but now also applies to DOS and Windows, called ping and tracert. There are also versions of this program that runs on Macintosh. To
This article, the author assumes the reader to use Unix or Linux, but the way the same can be applied to the DOS and Windows.

The author will begin with a ping. Ping works by sending a data packet called the Internet Control Message Protocol (ICMP) Echo Request. ICMP packets are normally used to send information about network conditions between the two hosts (computers). The information is sent approximately
"Do not do that", "send in smaller packages," "the data you are looking for does not exist", "do not come here, you should be there". If a host receives this Echo Request, he must respond by sending the Echo Reply, by placing the Echo Request to the data on the Echo Reply.

The use of ping is quite simple, we live typing: ping namahost, where namahost is the name or IP number of hosts that we are headed. Many versions of the ping time, but if you use the ping of Linux, then the output will be as follows:

$ Ping www.silvia.com
PING silvia.com (198.168.0.2): 56 data bytes
64 bytes from 198.168.0.2: icmp_seq = 0 ttl = 253 time = 0398 ms
64 bytes from 198.168.0.2: icmp_seq = 1 ttl = 253 time = 0552 ms
64 bytes from 198.168.0.2: icmp_seq = 2 ttl = 253 time = 0554 ms
64 bytes from 198.168.0.2: icmp_seq = 3 ttl = 253 time = 0553 ms
64 bytes from 198.168.0.2: icmp_seq = 4 ttl = 253 time = 0554 ms
64 bytes from 198.168.0.2: icmp_seq = 5 ttl = 253 time = 0551 ms
64 bytes from 198.168.0.2: icmp_seq = 6 ttl = 253 time = 0552 ms
64 bytes from 198.168.0.2: icmp_seq = 7 ttl = 253 time = 0554 ms
64 bytes from 198.168.0.2: icmp_seq = 8 ttl = 253 time = 0554 ms
64 bytes from 198.168.0.2: icmp_seq = 9 ttl = 253 time = 0553 ms
^ C
---- localhost PING Statistics ----
10 packets transmitted, 10 packets received, 0% packet loss
round-trip min / avg / max = ms $ 0.398/0.537/0.554

what happens when you ping is www.silvia.com we send an ICMP Echo Request packets, each second to the host. When we receive the ping program Echo Reply from the host we want to go (www.silvia.com), he will score the responses to the screen that indicates to us some information: the first is the IP number from which the ping obtain Echo Reply, this is usually IP IP from
hosts that we are headed (www.silvia.com), the second is the sequence number (ICMP Sequence), which starts from 0 and so on, the third is the Time To Live (TTL) and the last is how many milli seconds the time required for program balasan.Informasi-ping obtain such information will explain one by one author as follows.

Found serial number indicates keberapa ping packets are returned, if the number sequence is not obtained, then there is the drop packets, in other words either Echo Request or Echo Reply lost in the middle of the road. If the number of packets lost a little (less than one percent), it is still normal. But if the package is missing a lot, means there is a problem on our network connection.

The next information is the Time To Live, every data packet sent through the network have the information called TTL, TTL is usually filled with a relatively high number, (ping packets have TTL 255). Each time the packet passes through a router the TTL number will be reduced by one, if the TTL of a packet finally is 0, the packet will be dropped or discarded by the receiving router. According to the rules of RFC for IP, TTL should be worth 60 (and for the ping 255). The main use of this TTL so that data packets are sent is not 'live' forever in the network. Other uses, with this information we can find out approximately how many routers are bypassed by the package, in this case is reduced to 255 N, where N is the TTL that we see in the Echo Reply.

If the TTL we get when we do different ping, this indicates that the ping packets that we send to walk through the router different, it indicates a bad connection.

Time information provided by the ping is the commute time to the remote host is required by a single package. Unit used was milli-second, the smaller the number generated, meaning the better (read: faster) connections. The time it takes a packet to reach the destination host is called the latency. If the round trip time of a package of ping results show a large variation (over 100),
the so-called jitter, it means our connections to that host ugly. But if the difference occurs only in a small package, it can still be tolerated.

To stop the ping, press Ctrl + C, after which the ping will print information about how many packages had been sent, how many are accepted, the percentage of lost packets and maximum number, minimum and average time taken by a packet to travel round trip.

As you can see, ping is useful for testing network connectivity and to estimate the speed of the connection.

Next we will study the traceroute (or tracert in windows) that will show us the path traveled by the router that we send packets to a specific host. To further clarify, the following are examples of the results of traceroute to www.berkeley.edu:

$ Traceroute www.berkeley.edu
traceroute to amber.Berkeley.EDU (128.32.25.12), 30 hops max, 40 byte packets
1 203.130.216.2 (203.130.216.2) 137 ms 151 ms 151 ms
2 203.130.216.1 (203.130.216.1) 151 ms 137 ms 138 ms
3 192.168.8.49 (192.168.8.49) 137 ms 151 ms 151 ms
4 S12-0-11.kbl.surabaya.telkom.net.id (202.134.3.45) 192 ms 151 ms 151 ms
5 FE0-0-gw3.cibinong.telkom.net.id (202.134.3.134) 165 ms 151 ms 151 ms
6 hssi-gw3.hk.telkom.net.id (202.134.3.1) 659 ms 645 ms 659 ms
7 202.130.129.61 (202.130.129.61) 645 ms 659 ms 687 ms
8 321.ATM5-0-0.XR1.HKG2.ALTER.NET (210.80.3.1) 645 ms 645 ms 659 ms
9 POS1-0-0.TR1.HKG2.Alter.Net (210.80.48.21) 672 ms 645 ms 646 ms
10 384.ATM4-0.IR1.LAX12.Alter.Net (210.80.50.189) 838 ms 796 ms 796 ms
11 137.39.31.222 (137.39.31.222) 810 ms 810 ms 852 ms
12 122.at-5-1-0.TR1.LAX9.ALTER.NET (152.63.10.237) 824 ms 810 ms 810 ms
13 297.at-1-0-0.XR1.LAX9.ALTER.NET (152.63.112.237) 824 ms 824 ms 838 ms
14 191.ATM6-0.BR1.LAX9.ALTER.NET (152.63.113.9) 837 ms 810 ms 797 ms
Acr1-15 loopback.Anaheim.cw.net (208.172.34.61) 810 ms 782 ms 1071 ms
Acr1-16 loopback.SanFranciscosfd.cw.net (206.24.210.61) 783 ms 769 ms 810 ms
17 BERK-7507 - BERK.POS.calren2.net (198.32.249.69) 810 ms 796 ms 1126 ms
Pos1-18-000-0.inr eva.Berkeley.EDU (128.32.0.89) 796 ms 796 ms 824 ms
Pos5-19-0-001-0.inr eva.Berkeley.EDU (128.32.0.66) 796 ms 783 ms 783 ms
Fast1-20-0-007-0.inr eva.Berkeley.EDU (128.32.0.7) 810 ms 797 ms 810 ms
F8-21-100-0.inr eva.Berkeley.EDU (128.32.235.100) 797 ms 769 ms 782 ms
22 amber.Berkeley.EDU (128.32.25.12) 796 ms 810 ms 769 ms

Traceroute displays the intermediate points of the bridge you and your destination point, 'bridge' is commonly referred to as routers, data you submit will jump over these bridges. There are three time showing how much time it takes to run the package from your computer to be able to understand router.Untuk all data generated by the traceroute, we must understand how to traceroute works. Traceroute uses TTL and the principle of ICMP packets that we have seen above.

Traceroute sends a packet to UDP port is not used by other services on the destination computer (the default is port 33434). For the first three packages, sending traceroute TTL pake have one, then when he got the package on the first router (make that leap first) TTL will be reduced by one so that becomes 0 then the packet will be dropped. The next router will send ICMP packets to a computer that contains the notice that the TTL of the packets that we send is up and the packages we send in the drop. From these messages, traceroute can determine the name of the router where the data we jumped and how much time he needs. Next traceroute will send the packet with a TTL value is added one by one until the host achievable goal. Therefore
traceroute uses ports that are not used by other services so that the packet sent a response and not 'eaten' by the other services that may exist.

The following is a more complex example to perform traceroute to finland:

% Traceroute www.hut.fi
traceroute to info-e.hut.fi (130.233.224.28), 30 hops max, 40-byte packets
1 203.130.216.2 (203.130.216.2) 137 ms 124 ms 137 ms
2 203.130.216.1 (203.130.216.1) 137 ms 124 ms 124 ms
3 192.168.8.49 (192.168.8.49) 137 ms 151 ms 151 ms
4 S12-0-11.kbl.surabaya.telkom.net.id (202.134.3.45) 192 ms 151 ms 151 ms
5 FE0-0-gw3.cibinong.telkom.net.id (202.134.3.134) 164 ms 165 ms 151 ms
6 hssi-gw3.hk.telkom.net.id (202.134.3.1) 673 ms 645 ms 645 ms
7 202.130.129.61 (202.130.129.61) 659 ms 659 ms 646 ms
8 321.ATM5-0-0.XR1.HKG2.ALTER.NET (210.80.3.1) 659 ms 659 ms 645 ms
9 POS1-0-0.TR1.HKG2.Alter.Net (210.80.48.21) 659 ms 659 ms 632 ms
10 284.ATM6-0.IR1.SAC2.Alter.Net (210.80.50.1) 797 ms 797 ms 823 ms
11 POS2-0.IR1.SAC1.ALTER.NET (137.39.31.190) 796 ms 810 ms 1566 ms
12 122.at-6-1-0.TR1.LAX9.ALTER.NET (152.63.10.218) 838 ms 824 ms 823 ms
13 297.at-2-0-0.XR1.SAC1.ALTER.NET (152.63.50.133) 933 ms 838 ms 824 ms
14 185.ATM5-0.BR4.SAC1.ALTER.NET (152.63.52.201) 810 ms 851 ms 824 ms
15 137.39.52.86 (137.39.52.86) 810 ms 810 ms 1071 ms
16 sl-bb21-ana-15-0.sprintlink.net (144.232.1.173) 769 ms (ttl = 246!) 796 ms (ttl = 246!) 783 ms (ttl = 246!)
17 sl-bb20-pen-8-0.sprintlink.net (144.232.18.45) 893 ms 851 ms (ttl = 245!) 893 ms
18 sl-bb22-pen-11-0.sprintlink.net (144.232.18.78) 893 ms (ttl = 244!) 879 ms (ttl = 244!) 879 ms (ttl = 244!)
19 sl-bb10-nyc-9-0.sprintlink.net (144.232.7.1) 865 ms 879 ms 879 ms
20 sl-bb10-nyc-10-0.sprintlink.net (144.232.13.158) 879 ms 893 ms 892 ms
21 gblon505-tc-p6-3.ebone.net (195.158.229.46) 865 ms 920 ms 879 ms
22 bebru204-tc-p5-0.ebone.net (195.158.232.42) 961 ms 934 ms 948 ms
23 nlams303-tc-p1-0.ebone.net (195.158.225.86) 962 ms 934 ms 961 ms
24 dedus205-tc-p8-0.ebone.net (213.174.70.133) 934 ms 947 ms 961 ms
25 dkcop204-tb-p3-0.ebone.net (213.174.71.50) 975 ms 975 ms *
26 * * *
Ne-27 gw.nordu.net (195.158.226.86) 1002 ms 1016 ms 962 ms
Hutnet-28 gw.csc.fi (128.214.248.65) 1027 ms (ttl = 238!) 1040 ms (ttl = 238!) 1026 ms (ttl = 238!)
Hutnet-29 gw.hut.fi (193.166.43.253) 1020 ms 1023 ms 1037 ms
30 info-e.hut.fi (130.233.224.28) 1091 ms (ttl = 46!) 1027 ms (ttl = 46!) 1067 ms (ttl = 46!)

The first row shows just what he would do that is to trace traceroute to a host named info-e.hut.fi with a maximum of 30 and a big jump that sent the packet is 40 bytes.

The result, these packets through the router 30 or 30 times a springboard. The first stepping up to the fifth only takes about 100-200 milli-second is the springboard from the computer to the network's writers Telkomnet in Indonesia. On stepping into the sixth, increasing the time it takes a lot to about 650 milli seconds, is because the leap that it is far, namely the earth station Telkomnet
existing in the gateway's Cibinong Telkomnet in Hong Kong.

Sometimes it take up a lot because of long distances or network through which it was solid. You should suspect the points where the time it takes to be huge. If this happens, you can check by pinging the router a few times to see if the packages we send in a drop, or whether there are large variations in time.

Then the leap to 16 to 18 you see (ttl = 246!) In the field of time. This is an indication of the trceroute that TTL is not returned as shipped in accordance with this show of asymmetric paths, namely the packet passed the router off when not in accordance with the router when the packet is passed back. But that is normal.

Asterik sign in stepping into 25 and 26 indicates that the traceroute does not receive a response from the computer, the leap to the 26 possible because the router is not sending ICMP packets, while the possibility of stepping into 25 is the result of ICMP packets sent by the router is lost on the way for some reason. Combined with ping, traceroute to a network analysis tool is good to see the jumps which take a large or a package in the drop, we decide where dapt critical point. Then by pinging at that point and one point earlier, we can find problems in the network.