Networking

Troubleshoot network problems with PingPlotter

PingPlotter is a lightweight network monitoring and troubleshooting tool. It can run in the background collecting data while you continue to run applications and then allow you to quickly look at the data in an intuitive graphical format when you experience network problems. PingPlotter is great at allowing you to collect data over time to see trends.
This article is also available as a TechRepublic download and as a TechRepublic gallery.

PingPlotter is a lightweight network monitoring and troubleshooting tool. It can run in the background collecting data while you continue to run applications and then allow you to quickly look at the data in an intuitive graphical format when you experience problems (reduced call quality for VoIP, slowdowns or disconnects with applications).

Ping Plotter is available from the TechRepublic Software Library.

PingPlotter is great at allowing you to collect data over time to see trends. Version 2.6 features support for TCP traceroute and significant improvements in the ability to run as a non-administrative user. PingPlotter includes an all-new options dialog and alert e-mail body text that can be customized. You can now enter a time as a "Samples to Include" and PingPlotter will try to calculate how many samples will equal that time period.

The PingPlotter main window (Figure A) starts out with some default addresses you can trace. Take note of the Sampling and Statistics sections of the screen. The items are fairly self-explanatory and can be adjusted to modify how often PingPlotter performs traceroutes and to limit how long PingPlotter runs.

Figure A

PingPlotter main window

When you select an address and click on the Trace button shown in the previous screen, PingPlotter starts performing traceroutes and pings to determine the health of the route between the system on which PingPlotter is installed and the selected address.

The entire route is shown in the right-hand side of the window. A number of headings appear in this display:

  • Hop: The route hop
  • PL%: The percentage of packet loss on a particular hop
  • IP: The IP address of the device at the hop
  • DNSName: The results of a reverse DNS lookup on the IP address
  • Avg: The average ping time for a particular hop
  • Cur: The most recent ping results

The graph displays a plethora of information (Figure B). The red line is the map of the current set of pings. The black line shows the whole range, from minimum to maximum, of pings that have been returned since monitoring began. The blue "X" is the average ping for a hop.

Figure B

Traceroutes

If you right-click on a device in the list, you get the shortcut menu shown in Figure C.

Figure C

Right-click for the options menu

One of the shortcut menu options is the IP Block Lookup (ARIN). PingPlotter polls the ARIN (American Registry for Internet Numbers) database and returns information about the block of network addresses in use by a particular device. You can manually specify a different IP address or WhoIs server by changing the values at the top of the window shown in Figure D.

Figure D

The IP Block Lookup

Another shortcut option allows you to query the WhoIs database for a device somewhere along your ping route. As is the case with the IP address block lookup, you can manually change the query information at the top of the screen to get information for other domains.

In Figure B, you saw a single graph at the bottom of the screen. This initial graph corresponds to the last device along the route. However, you can add graphs for as many hops as you like. Right-click on the device/hop and then choose Show This Timeline Graph from the shortcut menu. This view (Figure E) can be useful if you need to watch interactions between more than one hop.

Figure E

Timeline graph

By default, PingPlotter displays graphing information on a 10-minute scale. Whether you have very little information or whether you have a whole lot of information, PingPlotter gives you a way to change the graph scale so you can get a look at the information in a way that makes sense for you.

When you're troubleshooting a problem, you sometimes need to make note of a particular anomaly so you can check up on it later. By right-clicking on the graph at the time of a particularly interesting event and choosing Create Comment, you can add a comment to your graph.

Take a look at the graphs at the bottom of Figure F. Each graph has a little red triangle pointing to a spot along the timeline. By hovering the mouse over that triangle, you can reveal any added comments.

Figure F

Reading comments

You can stop and start the plotting process at any time for any of your addresses. When you do stop plotting for an address and then start it back up, a gap appears in the graph.

One area that can get tricky when it comes to troubleshooting is a seemingly random change to the route. When I pointed PingPlotter at my personal Web server, which is hosted, I started to see a huge number of routing changes. As you might expect, constant changes to the route being used can pretty much kill the process of gathering useful statistical information. PingPlotter lets you know every time a route change takes place(Figure G). According to the PingPlotter site:

"Route changes are a pretty normal fact of life with the Internet. It sometimes happens for load balancing reasons, sometimes to route your data around problem areas, or a number of other possible reasons."

Figure G

Route changes

Adjust settings

From Edit | Options, choose Display to see and modify PingPlotter's display settings. From here, you can, for example, change the graph scales to get a different look at your data. Or if you want to use different default lookup servers or configure a proxy server, visit the Internet settings page on the Options screen instead (Figure H).

Figure H

Internet settings

From the Edit menu, choose the E-mail Setup option to open the window shown in Figure I. Here, specify the pertinent information for your SMTP server to receive e-mail alerts when your plotted services go outside of defined bounds.

Figure I

E-mail Setup options

With your SMTP server configured, you can configure one or more alerts that notify you in a variety of ways that the results of a plotted address have exceeded a specified boundary (Figure J). The possible event options are:

  • Send an email
  • Launch an executable
  • Play a sound
  • Log to a file
  • Tray icon change

You can configure multiple events to take place. In addition to defining a condition and event, you will also need to select a target. Click the Show Targets button and provide the IP address for the device that is to be monitored.

Figure J

Configure alerts

Of course, sometimes you just don't have the time to sit and analyze the results of your work. That's why PingPlotter provides you with a way to export all of the raw data into a CSV file that you can import into Excel.

Review

PingPlotter is an interesting product. The company provides three versions of the software:

  • The freeware version is pretty limited but has no cost attached to it.
  • The Standard version is a little beefier, but still supports tracing to only a single target per instance.
  • Only the Pro version can handle multiple traces simultaneously. It has features to specifically watch for problems that could affect VoIP quality. The Pro version also allows remote administration via a Web management interface and a whole lot more.

The Standard edition starts at $24.95 for a single license, while the Pro edition runs $199.95 for a single user. However, quantity discounts are available.

For a free troubleshooting tool, I can definitely see the upside of using PingPlotter to track down network problems. The examples I used here were all Internet-based, but the value of this tool in a local network environment could be significant if it helps to nail down network performance problems. At $199.95 for a single Pro license, PingPlotter isn't exactly inexpensive, but the Pro edition does support running as a Windows service, performing multiple target tracing, gathering Jitter/Standard Deviation/MOS data, and a lot more.

10 comments
mdhealy
mdhealy

The standard library that comes with Perl includes modules such as LWP::Simple (which makes it easy to grab the text of any webpage given the URL) and Net::Ping (which does the classic ping) that make it very easy to write network-monitoring scripts in Perl, or one can call traceroute from Perl and parse its output, anyway there's more than one way to do it and one can easily make a tab-delimited file that can be loaded into Excel for further analysis and reporting. A MAJOR advantage of using LWP::Simple is that many sites refuse to reply to pings nowadays, and many firewalls block pings, but just about every firewall permits http requests (possibly via a proxy, however, which may complicate interpreting the results, but if you're behind a proxy then you cannot do any real network monitoring anyway, all you can do is call the IT folks when things don't work!). Also with LWP::Simple one can do things like check for specific strings that should be found in some web page if it's working OK.

laman
laman

Free version is just a traceroute with GUI.

DRiv
DRiv

Company Info would be helpful; Where to get. Thx

fryque
fryque

Why wait until the last paragraph to mention cost? Why not mention where to obtain the program? Pro version for several computers on a network is cost prohibitive [over $160 per computer.]

IT cowgirl
IT cowgirl

Excellent Article! This seems like a great program. I will definately give this one a try.

jeff
jeff

From the Help file: Basically, PingPlotter is a trace route program - but adds some graphs, plus some serious performance upgrades. It uses the multi-threading capabilities of Windows to check performance on all hops in the route at the same time. This has several advantages: 1) It's a lot faster. 2) All hops are tested at the same time - rather than many seconds apart - so the comparison is better. Another advantage of PingPlotter is that you can set it to a continuous mode - where it will test the same route over and over again - forever if you want. That way you can watch the performance over a period of time without having to re-run the program over and over again. The graph is where things get really interesting, though. Being able to visually see where the problem lies is a great help.

jriggen
jriggen

Best practices in my business tells me to block ping requests due to certain ping attacks. I am sure some providers also limit or block ping requests. This would make this type of management very flaky ?

jeff
jeff

For those that don't require the feature set contained within the Pro version, there is also a freeware version and a Standard version which is distributed under the Shareware license model with *nothing* crippled after the trial period has expired. A feature comparison page is at http://www.pingplotter.com/featurecomp.html . --Jeff Murri, Nessoft (www.nessoft.com)

Editor's Picks