Ping & Traceroute Toolkit
Compare ping, traceroute, tracert, pathping, and mtr to choose the right tool for each scenario.
Use ICMP and TTL-based utilities to verify reachability, map network paths, and diagnose latency issues across platforms.
Tool Comparison
| Tool | Platforms | Primary Use | Notes |
|---|---|---|---|
| ping | Windows, Linux, macOS | ICMP Echo Request/Reply round-trip testing | Continuous by default on Linux (-c to limit); Windows sends four probes unless -t specified. |
| traceroute | Linux, macOS | Discovers hop path using incrementing TTL and UDP/ICMP probes | Default probes use UDP ports 33434+, `-I` for ICMP, `-T` for TCP SYN. |
| tracert | Windows | Windows implementation of traceroute (ICMP Echo Request probes) | Stops after 30 hops by default; `-d` disables reverse DNS lookups. |
| pathping | Windows | Combines ping + traceroute with per-hop packet loss statistics | Takes longer (defaults to 200 probes per hop); useful for chronic packet loss analysis. |
Common Commands
| Scenario | Command | Interpretation |
|---|---|---|
| Verify host reachability | ping -c 4 server1.lab.local | Four ICMP probes test latency and packet loss; review TTL and interface used. |
| Map internet egress path | traceroute -I www.example.com | Uses ICMP Echo probes to show carrier hops; identify where latency spikes or blocks appear. |
| Troubleshoot Windows client to SaaS app | tracert -d saas.vendor.com | Disables DNS lookups for speed; note private vs public hops and where timeouts appear. |
| Quantify per-hop packet loss | pathping 10.10.20.5 | After initial traceroute stage, waits ~250 seconds to collect loss stats for each hop. |
| Detect asymmetric routing | mtr -rw api.partner.net | `mtr` (Linux) provides real-time RTT/loss; look for differing forward/reverse paths using `--report-wide`. |
Interpretation Tips
- ICMP may be rate-limited or blocked; timeouts on a single hop do not necessarily indicate packet loss further downstream.
- High latency at the first hop usually indicates local network issues (Wi-Fi interference, overloaded gateway).
- Consistent increases at a specific hop that persist for subsequent hops point to congestion on that segment.
- Mixed private/public IP hops can highlight VPN or SD-WAN traversal; ensure expectations align with network design.
- Traceroute results are direction-specific; repeat from remote end to confirm reverse path.
Firewall & Policy Considerations
- Many organisations block incoming ICMP by default; coordinate with security teams when testing across firewalls.
- Traceroute UDP mode may require allowing high ephemeral destination ports (33434-33534).
- ICMP Time Exceeded responses must traverse back to the tester; outbound filters can break traceroute visibility.
- Rate limiting protects routers from ICMP floods; occasional `* * *` responses might be benign throttling.
Windows vs Linux Quick Reference
| Topic | Windows Tools | Linux/macOS Tools |
|---|---|---|
| Default Probe Type | tracert sends ICMP Echo Requests; | traceroute sends UDP by default (ICMP/TCP optional). |
| Continuous Mode | ping -t continues until interrupted; | ping runs continuously by default; use -c to limit. |
| Extended Stats | pathping provides per-hop latency/loss; | mtr merges ping + traceroute live statistics. |
| DNS Lookups | tracert resolves by default; `-d` skips lookups; | traceroute resolves unless `-n` provided. |
Best Practices
- Use fully qualified domain names to capture accurate DNS and avoid search suffix interference.
- When documenting incidents, capture output with timestamps and resolver details (`ping -c 10 host | tee ping.log`).
- Run tests from multiple network vantage points to isolate WAN vs LAN issues.
- Leverage `-A` (Linux traceroute) or `-4/-6` flags to force IPv4 vs IPv6 testing.
- Automate baseline captures (cron + `mtr --report`) to detect anomalies over time.