NetTools


icon57
NetTools is an application with a collection of network tools. The first version released will do ping and traceroute, which are the two basic troubleshooting utilities that a network administrator or any network interested person needs.
For support, error reporting etc, contact me through the contact link below.
To buy the software from the Apple App Store, click this link.

Ping


Ping is the simple tool that will send an echo request to a server on the Internet or intranet, and see how quickly it gets an answer back. Slow response times means the server is busy, the server is a long distance away, or that the network connection is saturated.
A satellite connection will put you long away from the server, as it is typically in 36.000 km altitude, so for your signal to go up, down, hit the server, and come back, it will have travelled 4 * 36.000 km = 144.000 km. Since light and radio waves moves at just under 300.000 km/s, it will take around half a second or 500 ms to ping a host over a satellite connection
IMG_0020
To the left is an example of some abnormal traffic. I get response times going from 273 to 800+ ms. This is a good indication that the line is overloaded.
One more thing you can see is the TTL = Time-to-live. This is a counter that counts down everytime a router forwards the data. When it hits a value of 0, then the packet is assumed to be in a loop and will be discarded. TTL values are typically set at value: 32 (Windows 95/98), 64 (iPhone, Windows NT workstation), 128 (Windows Server, XP) or 255 (all sort of unix, including OS-X). So in the example above, we can guess that between www.google.com and me, there are 255-242 = 13 routers.
Back in the old times of Internet all hosts would reply to echo requests, so you could ping all machines. But in 1996 the socalled Ping-of-Death became a popular way to crash servers. A bad TCP/IP implementation in Windows was abused by many, and the tool to do so wisely available. Gamers used it to crash competitors machines during online gaming, and it was used to crash websites etc. It was a major problem, and it was fixed in the operating system in 1997. As a result of this, many places blocks ping packets from the Internet, but more still allows them, as it is an easy way to check if the host is responding, and what the response times are.
The implementation in NetTools uses ICMP echo messages towards the host. For every ping packet it sends it will either print a star * or the time taken for the package to go to the host and back again. So it can be used to check latency between your iPhone and some other host.
The pinging goes on forever, a new ping is sent 1 second after the last one timed out or was successfull, so you have to cancel it to make it stop.

Traceroute


Traceroute works like ping, in that it sends ICMP echo request messages towards a host. But, it tells the routers and hosts along the way, that this package has a short Time To Live, first it tries with TTL=1, then TTL=2 etc.
Each router on the way will subtract 1 from the TTL, and if the TTL is then 0, it will return a ICMP error telling the iPhone that the echo request message died. The routers address is then looked up and presented for the user, together with the time taken.
This allows you to see what way traffic goes to a destination. But since it also prints the time taken for each step on the route, it will give you an idea about where any delay is added.
IMG_0023
If you wonder why the times can go up and down, it is because the network may have different load at different times and since the probes are sent at different times, they might hit different load on the lines. Another reason could be, that some routers will pass data quickly, but take its time generating the ICMP error, which is basicly creating a new data packet and return.
The star in the listing above shows that there was a timeout on a host. It can mean a few things.
  • The host answered too slowly (the application does not want to wait forever)
  • The host did not answer
  • The data has been put into a tunnel (like VPN tunnel), and the router where the traffic times out can not break the tunnel open and inject the message.
Where the TTL you can see on the ping above is set by the server and counted down, allowing you to see the distance from the server to you, then the traceroute here allows you to see how the traffic flows from you to the server.
Pinging www.google.com, I get a TTL of 242, so there are 13 hosts/routers on the way from www.google.com to me. But a traceroute to the same host tells me it is number 17 host. So traffic from me to google goes a longer way than from google to me. This is because the Internet is built to be redundant, and it is normal to have assymetric routes to and from a host. Often an ISP will route traffic inside his own network as close as possible to the target, before sending it to a peering partner. And my ISP will use his own connection across the Atlantic to get to google, but google will probably use their ISP for the return traffic.

The important to learn here is that routing is assymetric, and ping and traceroute shows characteristics of each their route.