- Author and member of the year 2019 – Why DevOps still doesn't rule the IT world - Wed, Jan 1 2020
- Results of the 4sysops member and author competition in 2018 - Tue, Jan 8 2019
- Why Microsoft is using Windows customers as guinea pigs - Reply to Tim Warner - Tue, Dec 18 2018
You probably know the route tracing command-line tools tracert and pathping, which can be helpful to troubleshoot network connection issues quickly. For a more professional analysis of route traces, you need a GUI that gives you a visual overview of the different routes that Internet packets take to their destination.
TCP and UDP ^
Another major drawback of tracert and pathping is that they only support ICMP. Many firewalls block or drop ICMP packets, which means that you often can’t use these tools if you want to find out where a network connection is having a problem. Sometimes TCP and UDP packets can take a different route than ICMP packets. Because your Internet application most likely uses TCP or UDP, an ICMP route might not give you the information you need to troubleshoot network connection problems.
WhatsUp Visual Traceroute supports ICMP, UDP, and TCP and allows you to configure the source and destination ports for the latter two protocols. TCP and destination port 80 are your best bet if you want to measure response times from every router along the path to your destination. However, if you are not troubleshooting a web application, the ability to use another port can be helpful. Note that you have to install the WinPcap packet capture library if you want to work with UDP and TCP.
Visual Traceroute also allows you to decide whether the SYN flag or the FIN flag is set in the TCP packet. If the SYN flag is set to 1, the TCP connection is initiated; a set FIN flag initiates the termination phase of a TCP connection. In most cases, you will want to set the SYN flag because this is how Internet applications start a network connection. The FIN flag option can be helpful if you want to find out more about the behavior of firewalls between source and destination. Most stateful firewalls drop such packets that don’t belong to a previously initiated TCP connection; thus, you probably won’t get any responses with this setting on the public Internet because stateless firewalls are rare nowadays.
In addition, you can configure the packet length for UDP and TCP connections, the timeout (for each reply), the maximum TTL, and pings per TTL. You might want to play with the timeout settings if you are troubleshooting a very slow connection. The pings per TTL setting is important for the latency deviation visualization (see below).
The latency thresholds of Visual Traceroute are perhaps more interesting. The two sliders allow you to define which latency performance is displayed as good (green), marginal (yellow), and red (bad) on the Results tab.
The Results tab gives you a graphical overview of the trace statistics. The y-axis represents the latency in milliseconds, and the x-axis stands for the hops (routers) along the network path. If you move the first latency threshold slider to the right, you change your definition of good vs. marginal latency and, therefore, the colored areas in the diagram. The second slider represents the marginal vs. bad latency. Note that you can also change these settings after the trace is complete.
Latency thresholds and maximum latency difference
The circles around each hop represent the maximum latency deviations between separate measurements for a particular hop. By default, Visual Traceroute sends three pings in a trace. A big circle indicates that the performance of a router changes significantly over time. If you see many big circles in a trace, you can expect a high network jitter between source and target. This is the kind of information you easily miss with a command-line tool.
A broken line between two hops indicates that the hop didn’t respond to the ping request. You can also define your acceptable loss thresholds, as a percent. If you move this slider from left to right, entries in the loss column change color if the packet loss exceeds the setting of the slider.
The Topology tab gives you an overview of alternate routes to the destination. On the Results tab, hops with multiple possible routers have a + sign in front of the hop number. Clicking the sign reveals the data for the corresponding routers.
Visual Traceroute - Topology tab
Visual Traceroute tries to combine network providers in the topology. However, in my test, the assignment was often wrong if an alternate route went to a different provider’s network.
In addition to the Topology tab, Visual Traceroute also offers a Topology map that you access through the link in the upper right corner of the application. The Topology map shows a combined view of all traces.
You can add a trace by adding a new destination tab.
Logs and Whois ^
If this is all too colorful for your taste and you prefer the spartan output of a command-line tool, simply click the Logs tab. The Target Information tab offers Whois information about the destination host.
Overall, I like Visual Traceroute. For a free tool, it has quite a few nice features. One thing I really missed is a world map in the topology map. I find it interesting to see which countries a packet travels to until it reaches its target. The only problem I had with the tool was that, when I tried it in a VirtualBox machine with NAT enabled, it only displayed one hop to every destination. The tool only worked properly when I changed the VirtualBox network settings to “bridged.”
Do you know another good traceroute tool?