1
00:00:00,120 --> 00:00:02,009
In this video, we're going to cover the ping

2
00:00:02,009 --> 00:00:03,570
and traceroute command line tools,

3
00:00:03,570 --> 00:00:05,010
and how to use them in maintaining

4
00:00:05,010 --> 00:00:06,630
and troubleshooting our networks.

5
00:00:06,630 --> 00:00:08,220
First, we have Ping.

6
00:00:08,220 --> 00:00:09,900
Ping is used in checking the connectivity

7
00:00:09,900 --> 00:00:12,060
between two devices, and we often use this

8
00:00:12,060 --> 00:00:13,500
in network troubleshooting.

9
00:00:13,500 --> 00:00:15,390
There are a couple different ways to use Ping,

10
00:00:15,390 --> 00:00:17,640
but the most common way is to just type in "Ping,"

11
00:00:17,640 --> 00:00:19,500
and the domain name you want to test.

12
00:00:19,500 --> 00:00:21,570
For example, if you're on a Windows machine,

13
00:00:21,570 --> 00:00:25,770
you can enter ping www.jasondion.com and hit enter,

14
00:00:25,770 --> 00:00:28,500
and this is going to send out four pings and get four replies,

15
00:00:28,500 --> 00:00:31,170
and it tells you the site is either up or down.

16
00:00:31,170 --> 00:00:33,360
This is the default one that you're going to use.

17
00:00:33,360 --> 00:00:35,400
Now, if I wanted to get 10 or 20

18
00:00:35,400 --> 00:00:39,090
or 30 pings, I can do that by doing ping -n

19
00:00:39,090 --> 00:00:42,210
and then the number, so ping -n 10,

20
00:00:42,210 --> 00:00:45,810
jasondion.com will ping jasondion.com 10 times,

21
00:00:45,810 --> 00:00:47,220
and then it will stop.

22
00:00:47,220 --> 00:00:50,010
Now, you can also do this where it'll just keep pinging over

23
00:00:50,010 --> 00:00:51,660
and over and over again forever.

24
00:00:51,660 --> 00:00:55,350
To do this, you're going to use ping -t, and the domain name,

25
00:00:55,350 --> 00:00:58,417
so in this example, I would do ping -t jasondion.com,

26
00:00:59,880 --> 00:01:01,140
and it would go forever and ever,

27
00:01:01,140 --> 00:01:02,490
keep pinging that site.

28
00:01:02,490 --> 00:01:04,050
Now, why would I want to do that?

29
00:01:04,050 --> 00:01:05,129
Well, it might be useful

30
00:01:05,129 --> 00:01:07,350
to see if your WAN link is up all the time.

31
00:01:07,350 --> 00:01:08,670
In some places I've worked,

32
00:01:08,670 --> 00:01:11,130
we've had a ping constantly running on a distant end

33
00:01:11,130 --> 00:01:13,080
and we leave it up on a big screen monitor.

34
00:01:13,080 --> 00:01:14,340
Then we could just look up

35
00:01:14,340 --> 00:01:16,500
and we could see if that connection is working or not,

36
00:01:16,500 --> 00:01:18,360
or if it's having any issues.

37
00:01:18,360 --> 00:01:20,220
Now, in the examples I just gave you,

38
00:01:20,220 --> 00:01:22,050
I was working on a Windows client,

39
00:01:22,050 --> 00:01:24,090
but Ping does work a little differently

40
00:01:24,090 --> 00:01:26,880
if you're using Linux, Unix or OSX.

41
00:01:26,880 --> 00:01:29,490
One of the key differences is that on a Windows machine,

42
00:01:29,490 --> 00:01:32,550
it only sends four pings by default and then it stops.

43
00:01:32,550 --> 00:01:33,810
If we wanted it to run forever,

44
00:01:33,810 --> 00:01:36,600
we would use the "-t" option like I said.

45
00:01:36,600 --> 00:01:39,000
Now in Linux, Unix and OSX clients,

46
00:01:39,000 --> 00:01:41,490
ping is going to run continuously by default,

47
00:01:41,490 --> 00:01:43,590
just like that -t and Windows did.

48
00:01:43,590 --> 00:01:45,300
Now, if you only want to send four pings

49
00:01:45,300 --> 00:01:47,310
like we did in Windows, we would have to do that

50
00:01:47,310 --> 00:01:50,400
by doing the -c command, which stands for "count,"

51
00:01:50,400 --> 00:01:53,910
so I would say -c 4 after my ping command.

52
00:01:53,910 --> 00:01:57,990
So I would do ping -c 4 jasondion.com,

53
00:01:57,990 --> 00:01:59,430
or if I wanted to do 10,

54
00:01:59,430 --> 00:02:04,110
I could do ping -c 10 jasondion.com and then stop.

55
00:02:04,110 --> 00:02:06,120
Really, you can use any number of pings you want

56
00:02:06,120 --> 00:02:07,230
with the -c option,

57
00:02:07,230 --> 00:02:10,110
and it works like the -n option you had in Windows.

58
00:02:10,110 --> 00:02:12,990
If you're running ping continuously on any operating system

59
00:02:12,990 --> 00:02:14,640
and you want to stop it at any time,

60
00:02:14,640 --> 00:02:16,500
you can issue the brake command.

61
00:02:16,500 --> 00:02:19,440
To do this, you simply press the control key and see,

62
00:02:19,440 --> 00:02:20,730
and this will end up breaking

63
00:02:20,730 --> 00:02:23,400
or stopping that continuously running ping.

64
00:02:23,400 --> 00:02:26,670
The last option we need to cover is the -6 option.

65
00:02:26,670 --> 00:02:29,400
If you enter ping -6 and the domain name,

66
00:02:29,400 --> 00:02:30,720
this is going to force the ping

67
00:02:30,720 --> 00:02:33,780
to go over IPv6 instead of IPV4.

68
00:02:33,780 --> 00:02:35,790
This -6 option is going to work the same

69
00:02:35,790 --> 00:02:38,160
regardless of the operating system you're using.

70
00:02:38,160 --> 00:02:40,500
So what does all this look like in the real world?

71
00:02:40,500 --> 00:02:43,710
Well, here you can see I did a ping of jasondion.com

72
00:02:43,710 --> 00:02:44,730
from my Windows machine,

73
00:02:44,730 --> 00:02:47,640
and it sent out four pings and received four replies.

74
00:02:47,640 --> 00:02:50,280
Here you can see the time it took 74 milliseconds,

75
00:02:50,280 --> 00:02:54,720
74 milliseconds, 156 milliseconds, and 71 milliseconds.

76
00:02:54,720 --> 00:02:56,970
This gave me an average of 93 milliseconds

77
00:02:56,970 --> 00:02:59,970
across all four pings, and all pings were sent

78
00:02:59,970 --> 00:03:02,160
and all four packets were received back.

79
00:03:02,160 --> 00:03:03,840
This indicates that my web server is up

80
00:03:03,840 --> 00:03:06,270
and accepting traffic at this time.

81
00:03:06,270 --> 00:03:08,550
Now, next we have Traceroute,

82
00:03:08,550 --> 00:03:10,380
and this can be written as either Traceroute,

83
00:03:10,380 --> 00:03:12,600
all written out, or Tracert

84
00:03:12,600 --> 00:03:14,310
if you're on a Windows system.

85
00:03:14,310 --> 00:03:16,590
If you're on a Unix, Linux or OSX system,

86
00:03:16,590 --> 00:03:19,260
you're going to enter that command as Traceroute.

87
00:03:19,260 --> 00:03:21,420
Now, either way, we pronounce it the same way,

88
00:03:21,420 --> 00:03:23,070
we call it Traceroute.

89
00:03:23,070 --> 00:03:25,410
Now, traceroute is going to be used to display the path

90
00:03:25,410 --> 00:03:27,570
between your device and its destination,

91
00:03:27,570 --> 00:03:29,610
showing the source and destination IP address

92
00:03:29,610 --> 00:03:31,890
along every single hop as you go.

93
00:03:31,890 --> 00:03:34,290
Now, a hop is simply any router or firewall

94
00:03:34,290 --> 00:03:36,180
that's there as part of the layer three path

95
00:03:36,180 --> 00:03:38,310
in that transmission going from the client

96
00:03:38,310 --> 00:03:39,750
to the destination.

97
00:03:39,750 --> 00:03:42,210
To perform a traceroute, simply enter the traceroute

98
00:03:42,210 --> 00:03:43,860
and the IP address or domain name

99
00:03:43,860 --> 00:03:46,620
of the destination you want to reach from your client.

100
00:03:46,620 --> 00:03:49,230
Now, in response, you're going to get a list of all the routers

101
00:03:49,230 --> 00:03:51,630
between you and the computer you're trying to get to.

102
00:03:51,630 --> 00:03:54,870
If you want to do this using IPv6 instead of IPv4,

103
00:03:54,870 --> 00:03:57,990
you can add the -6 option to your traceroute command.

104
00:03:57,990 --> 00:03:59,640
Now, let's look at a quick example here

105
00:03:59,640 --> 00:04:03,270
by doing a traceroute to www.diontraining.com,

106
00:04:03,270 --> 00:04:04,650
from my workstation.

107
00:04:04,650 --> 00:04:05,940
Notice it's going to go out

108
00:04:05,940 --> 00:04:08,400
and resolve the IP address for us automatically.

109
00:04:08,400 --> 00:04:11,010
Then it starts tracing out the route from my computer

110
00:04:11,010 --> 00:04:15,150
with a source IP of 10.0.2.2 out to the destination IP

111
00:04:15,150 --> 00:04:18,990
of 54.221.229.100.

112
00:04:18,990 --> 00:04:21,000
Now, how does Traceroute work?

113
00:04:21,000 --> 00:04:22,920
Well, it's going to use the time to live field

114
00:04:22,920 --> 00:04:24,630
in the IP packet header.

115
00:04:24,630 --> 00:04:27,030
Normally, the TTL or Time to Live,

116
00:04:27,030 --> 00:04:29,070
is going to be used to prevent packets from being forwarded

117
00:04:29,070 --> 00:04:31,680
around the internet indefinitely by routers.

118
00:04:31,680 --> 00:04:33,060
This would create a routing loop, right?

119
00:04:33,060 --> 00:04:34,590
So we don't want that to happen.

120
00:04:34,590 --> 00:04:37,230
Instead, each time a packet is forwarded by a router,

121
00:04:37,230 --> 00:04:39,420
it takes one off of that time to live.

122
00:04:39,420 --> 00:04:41,670
So if the time to live reaches zero,

123
00:04:41,670 --> 00:04:43,830
that packet is dropped and discarded

124
00:04:43,830 --> 00:04:46,470
and response gets sent back with an error message.

125
00:04:46,470 --> 00:04:48,960
So Traceroute actually uses this to its advantage

126
00:04:48,960 --> 00:04:51,570
and it sends out a series of packets to the destination.

127
00:04:51,570 --> 00:04:53,100
The first packet is going to be sent out

128
00:04:53,100 --> 00:04:54,570
with a time to live of one.

129
00:04:54,570 --> 00:04:56,100
It's going to hit that first router,

130
00:04:56,100 --> 00:04:58,740
and then that's going to decrease its time to live to zero,

131
00:04:58,740 --> 00:05:01,200
because it hit zero, it's going to now drop the packet

132
00:05:01,200 --> 00:05:03,277
and send back an ICMP message that says,

133
00:05:03,277 --> 00:05:06,450
"time exceeded for that packet back to the source IP,"

134
00:05:06,450 --> 00:05:08,490
and informs it that that packet didn't make it

135
00:05:08,490 --> 00:05:10,530
to the final destination and it was dropped.

136
00:05:10,530 --> 00:05:12,690
Then Traceroute sends out another packet.

137
00:05:12,690 --> 00:05:14,820
This time it has a time to live of two.

138
00:05:14,820 --> 00:05:16,287
Again, it goes through the first router

139
00:05:16,287 --> 00:05:17,880
and it hits the second router.

140
00:05:17,880 --> 00:05:19,830
At that point, it's hit zero again,

141
00:05:19,830 --> 00:05:22,410
and so it's going to go back to the original sender.

142
00:05:22,410 --> 00:05:24,030
This continues over and over again

143
00:05:24,030 --> 00:05:25,320
until Traceroute finally gets

144
00:05:25,320 --> 00:05:27,210
to the final destination successfully,

145
00:05:27,210 --> 00:05:30,090
but the entire time, it keeps increment that time

146
00:05:30,090 --> 00:05:32,910
to live one every time it sends out a new packet.

147
00:05:32,910 --> 00:05:35,100
This way, it can identify each and every router

148
00:05:35,100 --> 00:05:38,040
or hop along the source to destination.

149
00:05:38,040 --> 00:05:40,110
Now, sometimes you're going to come across something

150
00:05:40,110 --> 00:05:42,840
that looks a bit strange in your trace routes output.

151
00:05:42,840 --> 00:05:45,450
For example, notice here around line 15,

152
00:05:45,450 --> 00:05:47,010
I have a bunch of timeout requests,

153
00:05:47,010 --> 00:05:49,020
even though my server is up and running.

154
00:05:49,020 --> 00:05:50,190
What does this mean?

155
00:05:50,190 --> 00:05:52,770
Well, this means you're seeing a firewall in our path

156
00:05:52,770 --> 00:05:54,960
or some other kind of device that's not responding

157
00:05:54,960 --> 00:05:57,120
to ICMP or Ping traffic.

158
00:05:57,120 --> 00:05:59,700
This is a security feature of a lot of firewalls,

159
00:05:59,700 --> 00:06:02,340
so my Traceroute command simply reports back

160
00:06:02,340 --> 00:06:04,050
that the response that it received

161
00:06:04,050 --> 00:06:07,680
or in this case didn't receive from that device at that hop.

162
00:06:07,680 --> 00:06:10,140
Now, this still tells me there's some kind of device there,

163
00:06:10,140 --> 00:06:11,880
but I know it's filtering that traffic,

164
00:06:11,880 --> 00:06:13,860
and so I'm now being able to fingerprint your network

165
00:06:13,860 --> 00:06:15,870
and figure out where your firewalls are.

166
00:06:15,870 --> 00:06:18,960
In this case, my service provider for diontraining.com

167
00:06:18,960 --> 00:06:21,180
does not respond to those types of requests,

168
00:06:21,180 --> 00:06:23,670
therefore, I can only trace the path as far out

169
00:06:23,670 --> 00:06:25,830
as the outermost layer of their network.

170
00:06:25,830 --> 00:06:27,750
Once I get to the outermost layer of their network,

171
00:06:27,750 --> 00:06:30,000
their border gateway, it's going to stop responding

172
00:06:30,000 --> 00:06:32,790
to my request and I'm going to receive timeout messages,

173
00:06:32,790 --> 00:06:34,740
but I won't be able to see all the information

174
00:06:34,740 --> 00:06:36,300
about the routers and firewalls there

175
00:06:36,300 --> 00:06:38,310
except to know there is something there,

176
00:06:38,310 --> 00:06:40,920
and I can see that by those stars that are existing.

177
00:06:40,920 --> 00:06:43,050
Now, when it comes to troubleshooting your network,

178
00:06:43,050 --> 00:06:44,400
you can use ping to determine

179
00:06:44,400 --> 00:06:46,080
if you have a network connection from your source

180
00:06:46,080 --> 00:06:48,270
to your destination without any issues.

181
00:06:48,270 --> 00:06:49,890
If someone's complaining that their network connection

182
00:06:49,890 --> 00:06:53,160
isn't working, I usually follow a simple four step process

183
00:06:53,160 --> 00:06:55,170
to determine where that issue is occurring.

184
00:06:55,170 --> 00:06:57,330
First, I'm going to try to ping google.com

185
00:06:57,330 --> 00:06:58,830
or some other really big website

186
00:06:58,830 --> 00:07:00,390
that's always up and available.

187
00:07:00,390 --> 00:07:02,790
If this works, I know my network connection is good,

188
00:07:02,790 --> 00:07:04,410
and the internet connection is good,

189
00:07:04,410 --> 00:07:06,270
and in this case, it would be a user issue

190
00:07:06,270 --> 00:07:08,880
that's specific to a website they're trying to access.

191
00:07:08,880 --> 00:07:11,040
If I can't ping google.com successfully,

192
00:07:11,040 --> 00:07:13,050
I'm going to switch to pinging an IP address,

193
00:07:13,050 --> 00:07:15,270
something like 8.8.8.8,

194
00:07:15,270 --> 00:07:16,650
and I'll see if that works.

195
00:07:16,650 --> 00:07:19,680
Now, 8.8.8.8 is a great IP address to use

196
00:07:19,680 --> 00:07:20,970
for a couple of reasons.

197
00:07:20,970 --> 00:07:24,150
First, it's really easy to remember it's just four eights.

198
00:07:24,150 --> 00:07:26,280
Second, it's the DNS server for Google,

199
00:07:26,280 --> 00:07:28,620
so it has an extremely high rate of availability

200
00:07:28,620 --> 00:07:31,200
and reliability, so it's almost always up,

201
00:07:31,200 --> 00:07:33,660
and it makes a great IP to use for your troubleshooting.

202
00:07:33,660 --> 00:07:36,720
Now, if you can ping 8.8.8.8 successfully,

203
00:07:36,720 --> 00:07:39,150
this indicates your inner connection is working,

204
00:07:39,150 --> 00:07:41,490
but I'm probably having DNS issues

205
00:07:41,490 --> 00:07:43,380
because I couldn't resolve google.com

206
00:07:43,380 --> 00:07:45,810
to its proper IP address and ping it.

207
00:07:45,810 --> 00:07:48,060
At this point, we would shift our troubleshooting efforts

208
00:07:48,060 --> 00:07:50,880
towards the DNS issue, either with our local DNS cache

209
00:07:50,880 --> 00:07:52,530
or our DNS server.

210
00:07:52,530 --> 00:07:54,930
Now, if you can't ping 8.8.8.8,

211
00:07:54,930 --> 00:07:57,270
this means you can't reach the internet successfully.

212
00:07:57,270 --> 00:07:59,568
So we need to go back and refocus our efforts

213
00:07:59,568 --> 00:08:01,920
by moving inwards by one step.

214
00:08:01,920 --> 00:08:04,050
Now, I'm going to ping my default gateway,

215
00:08:04,050 --> 00:08:05,700
my router or my modem.

216
00:08:05,700 --> 00:08:08,370
This way I can see what the internal IP address is

217
00:08:08,370 --> 00:08:11,220
of that border gateway or router, and see if I can reach it.

218
00:08:11,220 --> 00:08:13,110
For example, in my home office,

219
00:08:13,110 --> 00:08:14,610
we're using a private IP range

220
00:08:14,610 --> 00:08:18,540
of 192.168.1.0/24.

221
00:08:18,540 --> 00:08:22,740
So my default gateway is 192.168.1.1.

222
00:08:22,740 --> 00:08:24,450
If I can ping that IP address

223
00:08:24,450 --> 00:08:25,710
and it goes successfully,

224
00:08:25,710 --> 00:08:27,870
this means I have a good connection from my client

225
00:08:27,870 --> 00:08:29,700
all the way through my switches and routers

226
00:08:29,700 --> 00:08:31,830
up to that border gateway router.

227
00:08:31,830 --> 00:08:33,330
So now I can know the issues

228
00:08:33,330 --> 00:08:37,799
between my border gateway router and the 8.8.8.8 server,

229
00:08:37,799 --> 00:08:40,320
because something is wrong with our internet connection,

230
00:08:40,320 --> 00:08:42,539
maybe our modems offline or something like that,

231
00:08:42,539 --> 00:08:44,850
so we'll troubleshoot in that half of the network.

232
00:08:44,850 --> 00:08:46,980
Now, if I can't ping the default gateway,

233
00:08:46,980 --> 00:08:48,900
that means there's an issue between my client

234
00:08:48,900 --> 00:08:50,340
and my border gateway.

235
00:08:50,340 --> 00:08:53,010
This can be anything, it could be cabling or switches,

236
00:08:53,010 --> 00:08:55,260
or anything else in between those two devices,

237
00:08:55,260 --> 00:08:57,480
including my local workstation itself.

238
00:08:57,480 --> 00:08:59,250
So the next thing I want to ping

239
00:08:59,250 --> 00:09:01,320
is my local client's IP address.

240
00:09:01,320 --> 00:09:06,150
For example, if your IP address is 192.168.123,

241
00:09:06,150 --> 00:09:10,020
and your default gateway was 192.168.1.1,

242
00:09:10,020 --> 00:09:11,940
you are going to ping the local IP address

243
00:09:11,940 --> 00:09:16,440
of 192.168.1.23, and you'll see if that works.

244
00:09:16,440 --> 00:09:17,970
If pinging, that does work,

245
00:09:17,970 --> 00:09:19,290
this means that you have an issue

246
00:09:19,290 --> 00:09:22,080
between your network card and the default gateway,

247
00:09:22,080 --> 00:09:24,480
so you need to check your cabling and your switches,

248
00:09:24,480 --> 00:09:26,910
and all the things outside of your device.

249
00:09:26,910 --> 00:09:29,280
Now, if you can't ping your local IP address,

250
00:09:29,280 --> 00:09:31,740
that means you now need to ping your local host

251
00:09:31,740 --> 00:09:34,650
of 127.0.0.1.

252
00:09:34,650 --> 00:09:36,630
If you can, that means your network card

253
00:09:36,630 --> 00:09:38,490
and its drivers are properly installed.

254
00:09:38,490 --> 00:09:40,560
If you can't, that means you need to reinstall

255
00:09:40,560 --> 00:09:42,750
your network card drivers because there is most likely

256
00:09:42,750 --> 00:09:44,670
something being corrupted in there.

257
00:09:44,670 --> 00:09:47,160
As you can see, by just using my pin command,

258
00:09:47,160 --> 00:09:49,410
I can quickly identify where the issue is.

259
00:09:49,410 --> 00:09:50,790
Is it on the internet side?

260
00:09:50,790 --> 00:09:53,010
Is it a problem with my modem or my router,

261
00:09:53,010 --> 00:09:54,840
or is it a cabling or switch issue?

262
00:09:54,840 --> 00:09:56,850
Or maybe it's a client or driver issue.

263
00:09:56,850 --> 00:09:59,610
By doing these four steps, you can figure it out.

264
00:09:59,610 --> 00:10:01,560
Now, if the issue is between the router

265
00:10:01,560 --> 00:10:03,690
and the destination, this is where traceroute

266
00:10:03,690 --> 00:10:05,460
is going to become really helpful for you

267
00:10:05,460 --> 00:10:07,710
because I can identify all the routers are being used

268
00:10:07,710 --> 00:10:09,780
between my client and the destination,

269
00:10:09,780 --> 00:10:12,330
and then I can see where the data stops flowing.

270
00:10:12,330 --> 00:10:14,820
Then if I own that device, like an internal router

271
00:10:14,820 --> 00:10:17,040
or firewall, I can check its configuration

272
00:10:17,040 --> 00:10:18,790
and work to restore those services.