Using the pathping command to trace network traffic
When building or troubleshooting a network connection, it is often very beneficial to be able to watch the path that your packets take as they make their way from source to destination. Or perhaps they never make it to the destination, and you want to figure out how far they travel before stopping so that you can focus your work efforts in that area.
One command that has been used by network admins for years is traceroute (tracert), but the output contains some information that is often unnecessary, and the output is missing one large key ingredient. Namely, traceroute shows the first hop as the first router that you traverse and does not show you what physical NIC the packets are flowing out of. Granted, many times, you only have one NIC, so this is obvious information. But what if you are working with a multi-homed server and you are simply checking to make sure packets for a destination are flowing out the correct NIC? What if we just want to double-check that some route statements we added are working properly? Cue pathping. This command has been around for a long time but is virtually unknown. It shows the same information that tracert does, except it saves the information about the time between hops and some other details until the end of the output. This allows you to focus on the physical hops themselves in a clear, concise manner. More importantly, it shows you our key ingredient right away – the NIC that your packets are flowing out of! Once I discovered this, I left tracert behind and have never looked back. pathping is the way to go.
Getting ready
There's not much to get ready for this recipe. All we need is a server with a network connection and a Command Prompt window. pathping is a command that is already available to any Windows Server; we just need to start using it.
How to do it…
The following two steps get you started with pathping:
- Open a prompt on your server.
- Type pathping <servername or IP>. Your output will be as follows:
Figure 3.15 – The output of using the pathping command
How it works…
pathping is a networking tool that allows you to watch the path that your packets are taking as they make their way to the destination. Like traceroute, it is much less commonly known but can give a better layout of the same data. It is a command that should be added to your regular toolbox and vocabulary, right alongside ping and telnet. There is no PowerShell equivalent of this tool yet.