Internet/network diagnostics: what am I doing wrong?

[#Michael]

Visiting my parents in Arizona and my dad mentions that their internet connection is rather slow. The ISP is CableOne and it is a 5/1 connection....not fast but not exactly slow. A quick speedtest shows a 5/1 result with 80-100 ms ping depending on the test (that is high).

So I did a couple of quick and dirty tests to see where things might be slowing down and here is what I don't understand:

1. From a terminal window/command line I cannot ping any site. I have tried cnn, msnbc, sky news, northwestern university, neowin, united airlines. They all time out with 100% packet loss. But I can ping google, yahoo, bing.

2. Every trace route to gets to the 12th hop and then time out. Example of cnn: the 12th hop is ae-21-52.car1.atlanta1.level3.net (4.69.150.67) 55.996 ms.

2a. It does look like I can do a full traceroute to google. Appearently google ends in California.

At first I thought it might be CableOne's DNS so I manually set my laptop to OpenDNS but I am getting the same results. For kicks here are my laptop specs:

Late 2009 macbook pro

8 GB ram

250 gb hd

wireless n

EDIT: It looks like I am having an issue with anything that is east of the Rockies. Why would that be?

[sc302 Veteran]

they may have turned off icmp.

I get replies on neowin.net. but cnn.com, msnbc.com both do not work.

if they turn off icmp, you won't get info on those hops in the trace route.

icmp is not a dns issue, it is a off or on issue on the firewall at that particular hop...not a snowballs chance in hell that you can change a firewall config on someone elses firewall to allow ping traffic.

[+BudMan MVC]

"I cannot ping any site"

:blink: In the same sentence as your saying this you list 3 sites that you can ping ;)

So that statement is clearly not correct..

There are plenty of sites that do not respond to icmp -- they are breaking the RFCs and turning off icmp echo is pointless. But hey their are a lot of sites that do not respond. Nothing you can do about it.

As to traceroutes all ending at the 12 hop -- again nothing you can do about hops that do not respond, but I find it highly unlikely that you would take the exact path through 12 hops.. That makes no sense at all.. Unless your going to sites that are all in the same region of the world, etc.

So for example

C:\Windows\System32>tracert neowin.net

Tracing route to neowin.net [74.204.71.245]
over a maximum of 30 hops:

  1	<1 ms	<1 ms	<1 ms  pfsense.local.lan [192.168.1.253]
  2	41 ms	38 ms	39 ms  c-24-13-xx-xx.hsd1.il.comcast.net [24.13.xx.xx]
  3	10 ms	 9 ms	 8 ms  te-1-2-ur07.mtprospect.il.chicago.comcast.net [68.85.131.149]
  4	13 ms	10 ms	11 ms  te-1-2-0-5-ar01.elmhurst.il.chicago.comcast.net [68.87.230.45]
  5	13 ms	11 ms	11 ms  pos-2-1-0-0-ar01.area4.il.chicago.comcast.net [68.86.189.153]
  6	14 ms	11 ms	11 ms  pos-3-5-0-0-cr01.350ecermak.il.ibone.comcast.net [68.86.95.237]
  7	14 ms	43 ms	14 ms  pos-1-8-0-0-cr01.chicago.il.ibone.comcast.net [68.86.88.49]
  8	12 ms	11 ms	10 ms  xe-9-2-0.edge1.Chicago2.Level3.net [4.71.248.25]
  9	22 ms	11 ms	13 ms  vlan52.ebr2.Chicago2.Level3.net [4.69.138.190]
10	12 ms	21 ms	24 ms  ae-5-5.ebr2.Chicago1.Level3.net [4.69.140.193]
11	16 ms	 *	   16 ms  ae-8-8.car1.Detroit1.Level3.net [4.69.133.241]
12	 *	   18 ms	18 ms  ae-11-11.car2.Detroit1.Level3.net [4.69.133.246]
13	20 ms	21 ms	20 ms  US-SIGNAL-C.car2.Detroit1.Level3.net [4.79.12.10]
14	24 ms	27 ms	27 ms  host-51-131-141-64.ussignalcom.net [64.141.131.51]
15	21 ms	21 ms	24 ms  245.71.204.74.in-addr.arpa [74.204.71.245]

Trace complete.

C:\Windows\System32>tracert cnn.com

Tracing route to cnn.com [157.166.255.18]
over a maximum of 30 hops:

  1	<1 ms	<1 ms	<1 ms  pfsense.local.lan [192.168.1.253]
  2	38 ms	20 ms	10 ms  c-24-13-xx-xx.hsd1.il.comcast.net [24.13.xx.xx]
  3	17 ms	 7 ms	 9 ms  te-1-2-ur07.mtprospect.il.chicago.comcast.net [68.85.131.149]
  4	 8 ms	 8 ms	 9 ms  te-8-3-ur08.mtprospect.il.chicago.comcast.net [68.87.231.70]
  5	14 ms	15 ms	15 ms  te-1-9-0-3-ar01.area4.il.chicago.comcast.net [68.86.187.197]
  6	14 ms	23 ms	11 ms  pos-3-12-0-0-cr01.350ecermak.il.ibone.comcast.net [68.86.91.233]
  7	14 ms	14 ms	15 ms  pos-1-5-0-0-cr01.chicago.il.ibone.comcast.net [68.86.88.37]
  8	11 ms	11 ms	21 ms  xe-10-1-0.edge1.Chicago2.Level3.net [4.71.248.17]
  9	19 ms	12 ms	12 ms  vlan52.ebr2.Chicago2.Level3.net [4.69.138.190]
10	12 ms	10 ms	11 ms  ae-5-5.ebr2.Chicago1.Level3.net [4.69.140.193]
11	32 ms	30 ms	32 ms  ae-3-3.ebr2.Atlanta2.Level3.net [4.69.132.74]
12	30 ms	37 ms	30 ms  ae-21-52.car1.Atlanta1.Level3.net [4.69.150.67]
13	 *		*		*	 Request timed out.
14	 *		*		*	 Request timed out.
^C
C:\Windows\System32>tracert he.net

Tracing route to he.net [216.218.186.2]
over a maximum of 30 hops:

  1	<1 ms	<1 ms	<1 ms  pfsense.local.lan [192.168.1.253]
  2	29 ms	28 ms	34 ms  c-24-13-xx-xx.hsd1.il.comcast.net [24.13.xx.xx]
  3	10 ms	11 ms	50 ms  te-1-2-ur07.mtprospect.il.chicago.comcast.net [68.85.131.149]
  4	10 ms	 8 ms	 8 ms  te-8-3-ur08.mtprospect.il.chicago.comcast.net [68.87.231.70]
  5	12 ms	11 ms	11 ms  te-1-2-0-7-ar01.area4.il.chicago.comcast.net [68.86.187.193]
  6	19 ms	15 ms	15 ms  pos-3-6-0-0-cr01.350ecermak.il.ibone.comcast.net [68.86.95.9]
  7	36 ms	19 ms	11 ms  pos-1-4-0-0-pe01.350ecermak.il.ibone.comcast.net [68.86.86.162]
  8	25 ms	11 ms	11 ms  208.178.58.61
  9	71 ms	71 ms	73 ms  Hurrican-Electric-LLC.Port-channel100.ar3.SJC2.gblx.net [64.214.174.246]
10	83 ms	74 ms	79 ms  10gigabitethernet1-1.core1.fmt1.he.net [72.52.92.109]
11	73 ms	71 ms	71 ms  he.net [216.218.186.2]

Trace complete.

In the above 3 there are clearly common paths through my ISP network and then out of the comcast network, etc.. But they they split depending on what network the site actually resides.

At a loss to what icmp responses have to do with dns??

"80-100 ms ping depending on the test (that is high)."

Depends on to where ;) what is your ping time to your ISP gateway? Normally behind a nat router it would be your second hop in your traceroute..

1 <1 ms <1 ms <1 ms pfsense.local.lan [192.168.1.253]

2 38 ms 20 ms 10 ms c-24-13-xx-xx.hsd1.il.comcast.net [24.13.xx.xx]

Ping that IP and what response do you get -- if your seeing 80 to 100 then yeah I would say you need to contact your ISP.. Because that does suck to your gateway!

C:\Windows\System32>ping 24.13.xxx.xxx -t

Pinging 24.13.xxx.xxx with 32 bytes of data:

Reply from 24.13.xxx.xxx: bytes=32 time=9ms TTL=254

Reply from 24.13.xxx.xxx: bytes=32 time=8ms TTL=254

Reply from 24.13.xxx.xxx: bytes=32 time=7ms TTL=254

snipped

Ping statistics for 24.13.xxx.xxx:

Packets: Sent = 28, Received = 28, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

Minimum = 7ms, Maximum = 21ms, Average = 9ms

[#Michael]

here is the ping stats for the isp gateway:

112 packets transmitted, 110 packets received, 1.8% packet loss

round-trip min/avg/max/stddev = 7.869/32.575/621.020/85.983 ms

This is what I am seeing when I do a traceroute to neowin at the moment:

$ traceroute neowin.net

traceroute: Warning: neowin.net has multiple addresses; using 74.204.71.247

traceroute to neowin.net (74.204.71.247), 64 hops max, 52 byte packets

1 10.105.196.1 (10.105.196.1) 15.240 ms 12.407 ms 11.581 ms

2 192.168.42.73 (192.168.42.73) 11.989 ms 16.414 ms 13.046 ms

3 192.168.103.37 (192.168.103.37) 16.110 ms 15.451 ms 19.646 ms

4 ge-6-8-129.car1.phoenix1.level3.net (4.53.104.9) 17.292 ms 18.625 ms 17.308 ms

5 ae-2-5.bar1.phoenix1.level3.net (4.69.148.118) 16.753 ms 16.322 ms 25.278 ms

6 ae-8-8.ebr1.dallas1.level3.net (4.69.133.30) 40.890 ms 41.489 ms 53.229 ms

7 ae-14-14.ebr2.chicago2.level3.net (4.69.151.117) 61.729 ms 60.793 ms 58.005 ms

8 ae-5-5.ebr2.chicago1.level3.net (4.69.140.193) 60.519 ms 59.462 ms 70.922 ms

9 ae-8-8.car1.detroit1.level3.net (4.69.133.241) 67.242 ms 65.198 ms 65.560 ms

10 ae-11-11.car2.detroit1.level3.net (4.69.133.246) 67.936 ms 65.254 ms 65.815 ms

11 us-signal-c.car2.detroit1.level3.net (4.79.12.10) 66.427 ms 65.206 ms 67.017 ms

12 host-51-131-141-64.ussignalcom.net (64.141.131.51) 73.257 ms 67.423 ms 68.374 ms

13 * * *

14 * * *

And it dies after the 12th hop.

[JaredFrost]

The ping test to the gateway is more telling than a trace route in this situation.

Before you go harrassing the ISP, you may want to try from a wired connection to the router, if it still happens bypass the router all together if you can.

[+BudMan MVC]

Yeah those pings to your gateway are terrible amount of swing and 621ms max? Avg 32 ms is your gateway half way across the us?

But sure these sorts of tests should be done with a wire, and yeah you would want to rule out your router as well if you can remove it.

As to hops not responding in a trace - yeah can happen like I said. I can duplicate your issue with 74.204.71.247 if I traceroute from my ubuntu box. But then it works if I change to -I (icmp echo) or use -T (tcp syn) in the trace vs default.

linux traceroute normally defaults to sending UDP packets as the probe -- what OS are you running the command from, its clearly not windows.

So see from my linux box

traceroute neowin.net

traceroute to neowin.net (74.204.71.247), 30 hops max, 60 byte packets

1 pfsense.local.lan (192.168.1.253) 0.000 ms 0.000 ms 0.000 ms

snipped

13 US-SIGNAL-C.car2.Detroit1.Level3.net (4.79.12.10) 24.002 ms 48.003 ms 48.003 ms

14 host-51-131-141-64.ussignalcom.net (64.141.131.51) 44.002 ms 44.002 ms 44.002 ms

15 * * *

16 * * *

Now I use -I so it used icmp echo vs udp and shazam ;)

traceroute -I neowin.net

traceroute to neowin.net (74.204.71.247), 30 hops max, 60 byte packets

1 pfsense.local.lan (192.168.1.253) 0.000 ms 4.000 ms 4.000 ms

snipped

14 host-51-131-141-64.ussignalcom.net (64.141.131.51) 28.002 ms 40.002 ms 32.001 ms

15 247.71.204.74.in-addr.arpa (74.204.71.247) 32.001 ms 32.001 ms 28.001 ms

So host not responding to your traceroutes mean they just don't like the way your doing the tracing ;)

[#Michael]

Yeah those pings to your gateway are terrible amount of swing and 621ms max? Avg 32 ms is your gateway half way across the us?

But sure these sorts of tests should be done with a wire, and yeah you would want to rule out your router as well if you can remove it.

As to hops not responding in a trace - yeah can happen like I said. I can duplicate your issue with 74.204.71.247 if I traceroute from my ubuntu box. But then it works if I change to -I (icmp echo) or use -T (tcp syn) in the trace vs default.

linux traceroute normally defaults to sending UDP packets as the probe -- what OS are you running the command from, its clearly not windows.

Sorry about taking so long to get back...but like I said I am visiting my parents in Arizona (They live just outside of Sedona which is about 2 hours north of Phenoix) so this is a side thing. I got off the wireless and connected directly to the RG. Here is the latest results when I ping the ISP gateway:

17 packets transmitted, 17 packets received, 0.0% packet loss

round-trip min/avg/max/stddev = 6.234/9.315/16.590/3.302 ms

[+BudMan MVC]

That is much better!!! So you have a wireless or just router with wireless issue it seems.

So you have lots of other clients on the wireless? Do you have other wireless in the area? Could it be possible someone was using up all the wireless, ie is the network open?

[#Michael]

That is much better!!! So you have a wireless or just router with wireless issue it seems.

So you have lots of other clients on the wireless? Do you have other wireless in the area? Could it be possible someone was using up all the wireless, ie is the network open?

Here is the best that I can determine. My parents had a new alarm system installed recently by ADT. That system included a glass breakage system with multiple monitors around the house hooked up wirelessly via rf. The best that I can determine through ADT's user guides is that the monitors transit in the 2.4 ghz range and seem to interfer with the wireless on the RG. If the glass detector is temporarly turned off the wireless on the RG seems to work better. Obviously, they don't want to remove that part of the alarm system so I am thinking that it may be time for a new router. Their ISP, CableOne, has a couple of new wireless routers that are authorized to be used on their network and can be purchased outright instead of being rented. I gave them my best advice but it's really up to them what they want to do.