Ping and real time

Hello...

I set up a "ping" session in which I pinged Google using the -t switch.  I did this for about 21 hours capturing the results in a text file.

I'd like to now analyze this file and determine, as close as possible, what time Google could not be reached.

My file started at 7:16:05 AM in the morning.

The file out put look like:

Pinging www.google.com [74.125.21.105] with 32 bytes of data:
Reply from 74.125.21.105: bytes=32 time=44ms TTL=40
Reply from 74.125.21.105: bytes=32 time=42ms TTL=40
Reply from 74.125.21.105: bytes=32 time=34ms TTL=40
Reply from 74.125.21.105: bytes=32 time=36ms TTL=40
Reply from 74.125.21.105: bytes=32 time=43ms TTL=40
Reply from 74.125.21.105: bytes=32 time=37ms TTL=40
Reply from 74.125.21.105: bytes=32 time=40ms TTL=40
Reply from 74.125.21.105: bytes=32 time=37ms TTL=40
Reply from 74.125.21.105: bytes=32 time=49ms TTL=40

I actually sent 78,376 packets.  Is there a way, perhaps using the "ms", to calculate the time?

Thanks
Sheldon LivingstonConsultantAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

John TsioumprisSoftware & Systems EngineerCommented:
You could import them to Excel ,delimit them and filter them to get what you need.
0
Sheldon LivingstonConsultantAuthor Commented:
I've actually already have them in Excel, etc.  If I assume that 1,000 ms equals one second and I add up all the "ms" in my 78,376 packets I get a total of 8,813,724.  Dividing by 1.000 equals 8,813.724.  Dividing by 60 gives me 146.8954 minutes... this isn't correct as I ran this for 21 hours.

I also need to account for the 386 packets that resulted in "Request timed out." or "Destination host unreachable."  For these I was using 1 second, or 1,000 milliseconds.
0
JohnBusiness Consultant (Owner)Commented:
Excel is the tool I would use for this. Ping will tell you it succeeded or did not succeed and does not really tell you why.

See if you can sort by no connect and see there is a time frame where this occurs.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

JohnBusiness Consultant (Owner)Commented:
I get a total of 8,813,724.  ... this isn't correct   There is time taken to send ping out, get a response and some dead time in between pings. No connect takes longer, so I don't the time relationship as you expressed it is correct.

Look at WHEN the timeouts occurred to see if there is a pattern.

Nagios or Solar WInds are commercial tools that do this.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Sheldon LivingstonConsultantAuthor Commented:
John... are you basically saying that with the file/info I have there is not a way to do this?
0
John TsioumprisSoftware & Systems EngineerCommented:
Probably its easier to search for "timeout" keyword
0
JohnBusiness Consultant (Owner)Commented:
Ping will not tell you why you get the results you do. The only thing (I see) you could do is sift out the no connect timeouts, collect them together and see if there is a time frame common to the timeouts.

For one computer, for one long file, I use DU Meter set to graphical mode and look for dropouts.
0
Sheldon LivingstonConsultantAuthor Commented:
I don't care, in this case, why it is timing out.  I started this process at 7:16:05 AM.  I ended up with a file with 79,000 lines in it.  Can a time be calculated using the data in the file?

Reply from 74.125.21.105: bytes=32 time=36ms TTL=40
Reply from 74.125.21.105: bytes=32 time=43ms TTL=40
Reply from 74.125.21.105: bytes=32 time=37ms TTL=40
Reply from 74.125.21.105: bytes=32 time=40ms TTL=40
Reply from 74.125.21.105: bytes=32 time=37ms TTL=40
0
John TsioumprisSoftware & Systems EngineerCommented:
ping -t seems that it doesn't run continuosly...i just made a simple experiment...30 seconds actual time....ping -t to a known site....total packets send 31...avegare 32 ms...total 992 ms but the experiment lasted 30 seconds...
0
JohnBusiness Consultant (Owner)Commented:
As I mentioned, those times will not not add up to a total because of ping turnaround time or dead time.

I really would look for a network monitoring tool . Resource Monitor in Windows Admin tools will help you. Network tab.
0
masnrockCommented:
I would recommend getting a ping utility that actually does timestamping. Here's an article naming a few for you: https://www.raymond.cc/blog/timestamp-ping-with-hrping/
0
Sheldon LivingstonConsultantAuthor Commented:
Thanks folks... just trying to figure out if I have a useless file here.  Sounds like the consensus is yes.
0
JohnBusiness Consultant (Owner)Commented:
As you have it, the file will not likely provide any useful information.
0
Sheldon LivingstonConsultantAuthor Commented:
Thank you... how should I wrap this up?  Delete the question or award someone(s) points?  

The correct answer to the original question is "No".
0
JohnBusiness Consultant (Owner)Commented:
How you wrap up is your decision. I think we helped you to a conclusion but you may see it differently .
0
Dave BaldwinFixer of ProblemsCommented:
I'm curious what your purpose is.  'ping' (ICMP) will tell you whether you have a network connection.  It will Not tell you if any other services like a web server on port 80 is running.  In addition, I wouldn't be surprised if the destination started dropping your pings for using too much of their bandwidth.  'ping' is a low priority service in any case and will be dropped simply because the server is busy with other things.
0
JustInCaseCommented:
By default, on windows, ping is sent every second (when exactly icmp echo is received is irrelevant)...

So, basically
number of pings * 1 second = total time
Default timeout for ping is 4 seconds - if icmp echo is not received in 4 seconds ... you will get message - "Request timed out"

Again, just count numbers of pings without response - pings were still sent every second... make sum of all of those (timeout is irrelevant) although this is not relevant, ping was lost somewhere - the reason is not known (downtime was maybe just few milliseconds)... Consequent unresponded pings can be counted together as downtime...

On the other hand, even single lost packet can create problems in some circumstances (web page freeze, video stuck etc).
:)

From my experience, Google DNS never drops ping, but ... who knows...
0
Sheldon LivingstonConsultantAuthor Commented:
Dave... to answer your question.  We are experiencing some times when the Internet is lost.  So, I set up a computer to ping our server, firewall, cable modem and Google.

I pinged these things for 21 hours.

The server ended up losing 22 packets, the firewall 32, the cable modem 289 and Google 386.

My assumption is that the server and firewall are not the issue.
0
Sheldon LivingstonConsultantAuthor Commented:
Predrag... I had assumed one second per ping.  I know the time that I started all four pings (within seconds of each other).  I also ended them all at the same time.  If I start the start times and add the pings I end up to too staggered end times.  Doesn't work.

The server had 79,830 packets sent
Firewall had 78,681
Cable modem had 78,912
and Google had 78,376
0
masnrockCommented:
I would check with your cable company and see if there are any issues involving signal. Have you also checked the cables?
0
JustInCaseCommented:
Beside blaming ISP (might be the reason for your problems), did you check errors on your network devices interfaces (output and input errors)?
0
John TsioumprisSoftware & Systems EngineerCommented:
Some time ago we had issues with Vpn...we had some drops that caused file corruption during syncing....i tried several things but finally i switched modem and the situation was resolved...
0
JohnBusiness Consultant (Owner)Commented:
Your question was more about measuring network activity with Ping which is not a good way / tool to do this.

If you are having problem with your ISP and dropouts, connect your computer directly to the modem, turn on Resource Monitor (Network tab) and download a long file. Make a note of dropout time and length and ask your ISP.

Doing this also eliminates your router and cabling while you do the test.
0
JustInCaseCommented:
If you are having problem with your ISP and dropouts, connect your computer directly to the modem, turn on Resource Monitor (Network tab) and download a long file. Make a note of dropout time and length and ask your ISP.
Let's make assumption that Author works in company of 4k people and have this issue...
            "Sorry everyone, you can go home, I need to test WAN we have occasional drops..."
Testing like that can be done in home or home office, but not on production network.
The server ended up losing 22 packets, the firewall 32, the cable modem 289 and Google 386
With such small ping loses it is typically hard to find root cause. Even if everything is working perfectly with PC directly connected to WAN result will not eliminate WAN or LAN as root cause. It is just not the same type and amount of traffic.
0
Sheldon LivingstonConsultantAuthor Commented:
Predrag Jovic... not sure how to test network devices.  We have cable ISP and just put 200 wireless devices on the network (when we had 60 or so).  Now we are experiencing the issues.  Had a 5 up 70 down plan now have 20 up, 300 down.

I inherited this problem and am trying to determine if we simply have too many devices for our bandwidth.  There is nothing we can do about bandwidth... no fiber.

20/300 is best speed cable can provide.

The new devices are NOT hitting youtube, etc.  They are managed devices... we are not allowing FB, etc.

So, I was looking to determine issue via ping... like, perhaps, firewall bottleneck.  But, to me, it looks like the firewall isn't an issue.
0
Dave BaldwinFixer of ProblemsCommented:
Then where are the devices connecting to and what is the issue that you are seeing?
0
masnrockCommented:
Have you tried any tools to check for congestion internally? But also, have you tried something such as Speedtest to see if latency happens to be high at a given moment going out to the internet?

It sounds like this is a one location site, in which case does make John's suggestion of testing with a machine directly attached to the modem a practical one as long as it were to be off hours or something like that.

But if you absolutely want to use ping in your troubleshooting, you're going to need a ping tool that uses timestamps during operation. The build in one will not accomplish that, no matter how hard you try.

At this point, there isn't enough data to eliminate anything. You can test the things we've named, but you're also probably going to watch to get your modem and signal tested.
0
John TsioumprisSoftware & Systems EngineerCommented:
So its more a bandwidth problem than a dropout problem...can you please clarify this...
If its a bandwidth the 1st thing to do is to examine why and where your bandwidth is consumed...if for example all your devices are connected to cloud services probably you can't do anything and maybe you need to host some of these on your premises...
If its critical to have no dropout i guess you have to do some more checks with your equipment and your  ISP to short this out...Logically there should be one more ISP so you could add a 2nd line to give redundancy and stability
0
Sheldon LivingstonConsultantAuthor Commented:
This location is a school...  I did this same ping test over a weekend and packet loss was negligible.  Def an issue when school is in session.
0
JohnBusiness Consultant (Owner)Commented:
So then the likelihood is a bandwidth issue.

There is nothing we can do about bandwidth... no fiber. ....  20/300 is best speed cable can provide.

Can you add another supplier for student devices, leaving staff devices on the main network.
0
John TsioumprisSoftware & Systems EngineerCommented:
If its a school then probably you could benefit by a proxy with caching functionality so that the clients don't get to request the same thing over and over...take a look here  
0
masnrockCommented:
The problem MAY be bandwidth. Is the network divided into VLANs? If so, are there any bandwidth restrictions for the wireless side? Get a tool like PRTG or Wireshark to help internally. 200 devices is a lot to have on a network. What type of environment is this if you don't mind my asking, a school?
0
Sheldon LivingstonConsultantAuthor Commented:
This is a school... no vlans.
0
Sheldon LivingstonConsultantAuthor Commented:
John Tsioumpris... I'll check out Squid... thanks.
0
Sheldon LivingstonConsultantAuthor Commented:
We are getting off topic and I should close this.  Thanks all for helping.
0
masnrockCommented:
You'll definitely want to get VLANs into play. Then you'll be able to start restrict bandwidth utilized by each one. Otherwise you have no choice but to get an additional internet line.
0
masnrockCommented:
Well, you need a way to monitor how your traffic is getting used and what machines are using it. Proxy would help. Maybe even putting in something like packet shaping. If you're not going to up the bandwidth (I know you said it isn't an option), then you'll have to manage it.
0
JustInCaseCommented:
You can be surprised how people are creative to get what is forbidden.

The first step - check interfaces are there packets drop inbound or outbound. Errors will most likely mean bad cables and drops typically mean overloaded interfaces.
If you can implement network monitoring, that is the best chance that you have do find root cause.

If you don't have VLANs you can suffer from occasional broadcast storms (even bad network card can broadcast storm).
You should implement VLANs to limit broadcast (but that is future network design).
0
Sheldon LivingstonConsultantAuthor Commented:
Predrag Jovic... what would you use for network monitoring?  I installed Spiceworks on the server but I think it caused more issues.
0
JohnBusiness Consultant (Owner)Commented:
For your size, consider Nagios for network monitoring
0
Fred MarshallPrincipalCommented:
I have written a short .bat file that will ping away at a specified IP address and will keep track of the number of consecutive missed pings.  When the specified number of missed pings is reached, it runs a traceroute and logs the results.  
That way you can tell when it happened and where it happened.
Here is a version of the script that I'm currently using:
@ECHO OFF
:VARIABLES
SET drive_letter=%1
IF "%1"=="" (SET drive_letter=c:)
echo Drive letter = %drive_letter%
REM ***************************SETUP***********************
SET Machine=%2
IF "%2"=="" (SET Machine=207.108.182.1)
echo Machine = %Machine%
echo.
SET testname=QWEST
SET /a faillimit=3
SET pinginterval=600
SET pingtimeout=500
SET single_ping_delay=16.3
REM ***************No changes below*****
SET /a pings=%pinginterval%/%single_ping_delay%
@Echo pings = %pings%
SET fileloc=%drive_letter%\Users\public\probes\ping
SET pinglog=%fileloc%\%testname%_pinglog.txt
SET tracelog=%fileloc%\%testname%_tracelog.txt
SET pingtemp=%fileloc%\%testname%_pingtemp.txt
SET temptxt=%fileloc%\%testname%_temptxt.txt
REM **************************END SETUP********************
echo.
cd \
%drive_letter%
cd \
md users
cd users
md public
cd public
md probes
cd probes
md ping
cd ping
echo.

REM initialize counts and limits
SET /a pingcount=0
REM Zeros the contiguous ping failure count
SET /a failcount=0
ECHO %DATE%
ECHO %TIME%
REM Initializing TRACE then return to :PING
goto :TRACE

:PING
REM echo %time%
REM Delay between pings using ping -w [blank]
for /L %%a In (0 1 %pings%) do (
ping -n 1 -w 10.109.199.199 > nul
)
REM @ECHO add ping output to %pingtemp%
ping -w %pingtimeout% -n 1 %Machine% >%pingtemp%

REM @ECHO Find "reply" and reset fail counter
(find /I "reply"   %pingtemp%>%pinglog%) && (set /a failcount=0 & goto :PING)

REM @ECHO Finding "request timed out" and increment fail counter
(find /I "request" %pingtemp%>%pinglog%) && set /a failcount=%failcount%+1

REM @ECHO Finding "unreachable" and increment fail counter
(find /I "unreachable" %pingtemp%>%pinglog%) && set /a failcount=%failcount%+1

REM @ECHO Check failcount
if %failcount% geq 1 echo failcount %failcount% Pings have failed  %date% %time%
if %failcount% geq 2 echo failcount %failcount% Pings have failed  %date% %time%>>%tracelog%
if %failcount% geq %faillimit% goto :TRACE
goto :PING

:TRACE

REM @ECHO Reset failcount to zero
set /a failcount=0

ECHO.
ECHO Trace Started
ECHO %DATE%
ECHO %TIME%
@ECHO.
@ECHO.>>%tracelog%
@ECHO Trace Started>>%tracelog%
@ECHO %DATE%>>%tracelog%
@ECHO %TIME%>>%tracelog%
@ECHO.>>%tracelog%
TRACERT -d -h 30 %machine% >>%tracelog%
@ECHO.>>%tracelog%
@ECHO Trace ended >>%tracelog%
@ECHO %DATE% >>%tracelog
@ECHO %TIME% >>%tracelog
@ECHO Trace ended
@ECHO %DATE%
@ECHO %TIME%

GOTO PING
REM This GOTO cuts out the pathping

ECHO.
ECHO pathping
ECHO %DATE%
ECHO %TIME%
@ECHO %DATE%>>%tracelog%
@ECHO %TIME%>>%tracelog%
pathping %machine% >>%tracelog%
REM ECHO Trace ended >>%tracelog%
ECHO pathping ended
ECHO %DATE%
ECHO %TIME%
@ECHO %DATE%>>%tracelog%
@ECHO %TIME%>>%tracelog%
ECHO.

GOTO PING

:EOF

REM Program will loop until CTRL+C is pressed or window is closed.

end

Open in new window

1
JustInCaseCommented:
Typically it does not matter which monitoring you will use, it is just difference in how mush details it can analyze (what are supported options) and do you like output etc.... Monitoring should not make big increase in network traffic. If adding network monitoring is adding issues, most likely you have congestion in your network.
In monitoring you can see (depending on support on your device and monitoring tool) top talkers, how much interfaces are utilized, device health etc...
You are currently most interesting in interface utilization (WAN interface, links between devices) if interfaces are 100% utilized most likely traffic is dropped.
0
Shaun VermaakTechnical Specialist/DeveloperCommented:
Long thread so not sure if this was mentioned...

I would just press CTRL+BREAK to display the summary

ping.png
0
Sheldon LivingstonConsultantAuthor Commented:
Shaun Vermaak... the spirit of the tread was to try and determine at what time a break occurred given a known start time and file with ping information.
0
Shaun VermaakTechnical Specialist/DeveloperCommented:
Thanks classnet
0
Fred MarshallPrincipalCommented:
I might add re: the script I posted, the script command prompt window can be observed so you can see how many pings are missed and when recent traceroutes have occurred.  Then you can look at the trace log to see the results.  Date, time, servers at each hop.  It starts by logging a traceroute so you will know what's "normal" and can compare with abnormal traces to see which hop disappeared if any.

And, to use it, you may want to adjust the ping times as described here:
https://www.experts-exchange.com/articles/17805/Inserting-Delays-with-Millisecond-Resolution-in-Windows-Batch-bat-Files.html
0
Sheldon LivingstonConsultantAuthor Commented:
Using the ping file that I captured, for 8 hours, will not give me the data that I desire.  Although a few suggestions were posted for tools to help me get the info I desire, it is clear that my current file is of no use.

Thank you all.
0
JohnBusiness Consultant (Owner)Commented:
Thank you for following up.
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Networking

From novice to tech pro — start learning today.