Examining PING Results

[molecul3]

Hi all,

I am having this frequent problem at my office. Today, when everyone in my office tries to access a site (e.g.

http://www.thesitename.com)

it won't work. When i try to access that same site without "

http://www",

it won't work either. But sometimes, i try to access that site with "www" it works and without "www" it doesn't. Note that I am talking about the same URL in all cases.

What could be causing this?? When i try to ping that site with "www" 1 or 2 out of 4 pings will time out but when i run ping again without "

http://www",

i will get successful replies on all attempts. I repeated this a few times and got the same results. When i return to my office tomorrow, everything works fine again, with and without the "www" i am able to access that site. This problem occurs occassionally and i would REALLY like to know what is the problem or how do i go about finding out what is causing the problem. Thanks everyone. Hope someone can help me out.

Regards,
George

 

[pansophic]

It may be that

http://www.domain.com

is not the same IP address as domain.com. And it could just be luck of the draw and you are only dropping packets (by pure luck) when you are using the www.

Try using tracert (I am assuming that you are a Windows user) rather than ping. You are much more likely do discover the source of your problems.


pansophic

 

[molecul3]

Hi pansophic,

Both sites are the same IP. I also tried to use tracert. What i got were some dropouts at certain hops but other than that...nothing that could hint to me as to what the problem was. I just want to identify the source of the problem so that I could troubleshoot it in future or avoid it from happening again. Thank you for your reply.

 

[pansophic]

Are the dropouts at the same hop every time? Or are they at different points?


pansophic

 

[molecul3]

Hi pansophic,

Thanks for your prompt reply. Unfortunately, I did not manage to examine at which hop the dropouts occured each time but am pretty sure that it was at different hops. I couldn't run that test again today as everything is working fine again. . However, it always occurs every once in a while and almost always seem to affect one or two particular sites. I called up the hosting company and they said that everything was fine. ISP would be fine as well since some others in the building can access those websites. What do you reckon could be the problem?

George

 

[pansophic]

Ping is a good test tool, but because it is ICMP, and not TCP, it is more likely to be dropped than your TCP packets are. However it is an indication of either congestion or a host that is down. If the packets go through sometimes, it generally indicates congestion (it may also indicate a lossy link or other things).

Unfortunately, unless you can document a pattern of congestion on a certain link or series of links, your ISP probably won't help you. You may want to start documenting the failures and use them as a starting place to work with the ISP. They probably get a lot of queries like this that have happened 1 time, and the condition is long since gone. Then they end up chasing their tails for a problem that they cannot recreate.


pansophic

 

[technome]

Run pathping, basically the same as tracert, but will give you more info on the lost packets. Adjust your routers MTU setting with TCP Optimizer.

http://www.speedguide.net/downloads.php

........................................
Chernobyl disaster..a must see pictorial

http://www.kiddofspeed.com/default.htm

 

[molecul3]

Hi everyone,

The problem came up again. But this time, when I ran traceroute for the site i wanted to go to...it didn't even manage to get the first hop to my router....but for other sites...it worked fine...only for a particular two sites...this would happen... I have a feeling it has to do with my computer's DNS cache or some internal problem and not others as other (outsiders) are able to access the site just fine. Any suggestions?

 

[Zen37]

Hi there.

Listen, this sounds like a very parculiar problem. But i doubt the DNS is at fault.
To make sure, when you do your test pings, do them with the name (you could already be doing this, i just wanted to make sure). When you do a ping to a name, the first thing it shows it the resolution of the name. If it gets a different IP at different attempts, then it is a name resolution issue. Also if it takes a long time to resolve the name the second or third time you ping. But my guess is that you would of picked up on that already.

What is your segment configuration (LAN)? What is your routing configuration (WAN)? Do you have any Internet access load balancing? Firewall load balancing? What about failover, you have any of that for your Internet or Firewall configuration.

Also, it could be that the site in question is having difficulties. I don't know what site you are trying to access, but they may be having link, firewall or web access issues of their own.

 

[pansophic]

It sounds as if you may have DNS issues. Are you at all familiar with Ethereal? I would try the same thing, with Ethereal running and see if the DNS A requests are being answered, or if you are being forced to your secondary or tertiary DNS servers (I hope that you have them defined).

If the DNS requests are timing out and you don't have backup DNS defined, you will get anomalous behavior like this. You can pick any DNS servers as your secondary and tertiary servers, but I would recommend that you use something that is a relatively short hop count, and belongs to a large-scale ISP. That way it will be unlikely that your secondary or tertiary requests fail.

Unfortunately with Windows, you don't have the option of disabling name resolution when you are doing tracert like you do with a *nix implementation.

You may want to download KNOPPIX and run it on a machine that will allow you to do some testing when the problem occurs. It has Ethereal installed and compiled, and it will allow you to do ping and traceroute with the -n option, disabling name resolution and eliminating that as a potential area of error. You should write down the IP address of the server that is giving you the trouble so that you can ping and traceroute by IP rather than name.


pansophic

 

[molecul3]

Hi,

All computers in my office are of subnet 192.168.... the router WAN configuration is configured with a static IP and a DNS gateway of 10.1.1.1. The entire building uses this configuration and when I am experiencing the problem, it only seems to affect my office and its computers and not the others. Thus, I am assuming that the problem may be on my end. If others are able to access the site, it means (in my opinion), that the problem is not on that end as well. What configurations could be causing this? either on the router or our individual PCs? Or is there another cause to this problem.

 

[DTracy]

smyap3-

Check the third octet of your subnet ie:xx.xx.3.xx

Also, do the same with subnets of the others that do not have the problem.

Post results.

Thanks
David

 

[pansophic]

Do you have a hub or second switch in your office that is only attached to your computers? It is beginning to sound as if you have a faulty component that is dropping packets. When those packets are your DNS packets, you aren't supporting secondary or tertiary DNS, so the connection simply fails. The same thing happens with PING, except that if either DNS, the ICMP request or ICMP reply packets are dropped, you don't get a PING response.

I would still research additional DNS servers. You will only be querying them when your Primary DNS is not responding, or not responding quickly enough. It will make your network more robust, even if it isn't the problem in this case.


pansophic

 

[technome]

Symap3
What OS is your DNS server running on ?

........................................
Chernobyl disaster..a must see pictorial

http://www.kiddofspeed.com/default.htm

 

[molecul3]

DTracy,

How do i go about checking the third octet of my subnet?

Pansophic,

There is a router in the office that everyone is connected.

hey technome,

not very sure about the OS. Will find out. I reckon its win2000