Technique to apply when diagnosing why a server isn't reachable from ping?

2

1

Often at work, I need to ping a server to check if it is alive. Sometimes I get a message saying the host(name?) could not be found or other errors which result in a non-response.

What technique is there for diagnosing the cause of these problems? Should I look at the target machine first? Or my machine and its firewall? Does it matter if the machine pinging from and to are on different domains? (I assume yes only if there are firewall settings to adhere to).

Thanks

GurdeepS

Posted 2010-10-06T23:14:40.093

Reputation: 723

Answers

2

A failed ping means that either:

  1. A ping request is not making it to the target host
  2. A ping response is not making it to the host that sent the request

There are many reasons why either of these things may happen, the majority of these reasons can be split into either physical or software issues.

When debuging I start with the physical component of the transmission path, that is NICs, network cables and intermediary devices.

Physical Checks

  1. Network cable connects the two hosts. If the two hosts are not directly connected by a cable, make sure that the sending and recieving NICs are connected to the correct router and/or switch port as these can be configured to route traffic differently

Software Checks

  1. Make sure the NICs in each machine are recognized by the operating system. [1]
  2. Make sure both machines have a valid IP address, subnet mask, gateway and nameserver configuration. [2]
  3. Make sure the sending and receiving hosts have valid MAC addresses (yes, i've had this issue before) [3]
  4. Make sure the sending and receiving hosts have correct ARP cache information for their gateways [4]
  5. There is a possibility that the sending host will have an ARP cache entry for the recieving host or vice versa. If such entries exist, make sure these entries are correct by verifying that the IP address maps to the correct MAC address. If there are inconsistancies, remove those entries from the ARP cache
  6. Verify that ping packets (ICMP Echo Requests and ICMP Echo Responses) are not blocked by filters on local software firewalls, or filters running on devices between the sending and recieving host.
  7. If you are using a hostname to identify the receiving host, try using the IP address directly as this will remove issues that stem from the name resolution process.

The error message returned by the ping command should also be considered when troubleshooting, Error messages that I see commonly include:

Request Timed Out

This is a very generic message that indicates that a response was not recieved within the timeout period. This may occur because the host could not respond due to workload and time constraints, or because of connectivity or routing issues discussed above.

Reply from {host}: Destination network unreachable

Often {host} will be the NIC on the local machine, or the machines gateway. The message means that it couldn't find a route between {host} and receiving host (I may be wrong here)

This is by no means an exhaustive list of reasons why ping may fail, however it does cover many common issues. I hope that it can help someone the next time their network breaks

The footnotes below apply to Windows NT based systems as this is where I have experience,

[1] You can verify that the operating system has a valid driver for your network card by checking for the presence of any Network Controller items under the Unknown Devices node in Device Manager. If there is one you need to find a compatible driver for your card.

Check under the Network Adapter node for your card, assuming your card is listed double click it and check for any known errors listed under Device Status

[2] The TCP/IP configuration dialog can be accessed on Vista / Win 7 by opening Network and Sharing Centere -> Change adapter settings (left hand pane) -> right click the adapter you are interested in and choosing Properties (requires elevation) and then double clicking either TCP/IP Protocol Version 4 or 6 depending on what you use (most likely v4)

[3] running the ipconfig /all command will display the MAC address as well as the IP address, subnet mask, gateway and nameservers. The MAC address is labelled Physical Address in the output

[4] TheARP -a command displays the current ARP table for the host.

Crippledsmurf

Posted 2010-10-06T23:14:40.093

Reputation: 1 442

1

Just to add to the previous Answer :

Hostname not found: This points to a DNS issue rather than a routing issue, so you will need to check out your DNS server, and it's relationship to the device you are pinging from.

To trace how far your ping is getting, try using tracert rather than ping to see what device is being reached before the route fails (this only helps where the other device is not on the same subnet as the start device).

Jane T

Posted 2010-10-06T23:14:40.093

Reputation: 815

This should have been a comment to the answer and not a separate answer. Please note answers on Super User is not chronologically sorted by default. – BinaryMisfit – 2010-10-07T07:56:07.190

@Diago : It should read "the answer [http link]..." instead of "the answer above", but otherwise it is certainly a valid answer adding additional value. – Martin – 2010-10-07T08:20:32.503

@Martin. Not quite. Since the idea behind SE is to have one canonical answer, this should be a comment which is then incorporated into the above answer. The sole reason the moderators don't make these edits is to allow users to learn what is correct and what isn't. – BinaryMisfit – 2010-10-07T11:23:01.020

@Diago : Seems we disagree on what constitutes a valid separate answer on SE. So be it. – Martin – 2010-10-07T11:43:10.137

1

If you get pings sometimes, but not others, and can't prove/catch it... here are some tools that help identify networking issues:

Windows: http://www.pingplotter.com/freeware.html pathping

Linux: http://en.wikipedia.org/wiki/MTR_%28software%29

These tools might help you say that the 5th hop is the one where things go crazy, and then you can troubleshoot just that hop.

Sometimes across networks you need to find which device is causing slow responses, and you can't seem to find it during a single ping. These tools help identify it over a series of pings by keeping "score" and showing you a graph.

Note that pings are sometimes given lower priority too, so a slow ping doesn't always mean bad network.

Aside from the great and thorough answer above, verify that the NIC are using proper linkspeeds:

In windows you could poke around the gui in the networking properties, and in Linux you would use "ethtool". If the hosts on either side of a router/switch are set to 10MBs and Half Duplex, but the router/switch is set to 100MBs Full Duplex, it will spew odd errors (for example). This is more common on a new setup though than an established system.

You can see some of these errors by using netstat:

netstat -S

or by constantly monitoring it, if you are an uber nerd:

for /L %i in (0,0,0) do @cls && netstat -S|find /I "Error" && @ping -n 1 -w 2000 224.0.0.0 >NUL && @cls

If you have errors, that's not a big deal, however if you have more and more errors by the second, that's likely a hardware/cabling/speed/duplex issue.

James

Posted 2010-10-06T23:14:40.093

Reputation: 61

0

If ping does not work, here's what I do:

  • Check that the name resolves to the correct IP -- often a problem not with servers but with laptops of co-workers etc.
  • If I'm sure the IP is correct, I use tracert to check how far I get.
  • If I'm not sure that the server I try to ping is reacting to ICMP messages, I use telnet to open a port on the server and see what it tells me.
  • I check if a co-worker can reach the server from his PC

Martin

Posted 2010-10-06T23:14:40.093

Reputation: 2 055

Asked: 2010-10-06T23:14:40.093

Viewed: 359 times

Active: 2012-04-17T14:31:43.670