Does it Ping???

Problem: (This one was handled by a colleague while I watched over his shoulder. I'll change his name to protect the innocent). Harry got a call about a slow computer. No need for details; we like to start from ground zero; they say it builds character. Anyhow, Harry found that the machine was relatively new, containing 1 GB of RAM and a 2+ Ghz processor. Initial testing showed that it was responding very slowly, especially while opening web pages. Harry checked for viruses, spyware, adware, space on the C: drive, all the usual suspects. The only thing that looked suspicious was some adware (79 objects discovered by Ad-Aware). He deleted the objects but saw no improvement in response time. Further investigation showed that the slow response was definitely isolated to network operations. Local tasks were screaming.

Harry opened a web page and watched it slowly paint the screen. While it struggled, he opened Task Manager and noted that CPU, memory and network activity were almost bottomed out. The page finally painted; Harry was just waking up when I got back with the coffee. Not sure how long it took. Harry even checked the TCP/IP settings in the registry but found nothing out of order for this machine (I won't go into detail on this because I'm not sure what he did). Anyhow, we suspected a network problem but couldn't prove it. This is the kind of problem we like to throw over the wall, but we knew our Networking friends would throw it right back. After all, it did Ping and it did eventually paint the web page.

Solution: Harry wanted to know if the network packets were being fragmented, causing the transmissions to take longer. He used 2 flags on the Ping command, -f meaning don't fragment this packet, and -l nnnn to specify a packet size. The max packet size he could use was 1500 (actually 1472, excluding the 28-byte header). The -f flag shows an error if the packet breaks up. Well, it didn't, but he did find something very interesting. By sending the larger packet size, he could see very erractic responses times to the Ping. Some of the responses would come back within a "normal" time, interspersed with responses that timed out. This is something we didn't see with the default 32-byte packet. The Ping responses were consistently inconsistent. Well, we know that this isn't true and complete network analysis but we felt that it helped our case. It did; our Networking guys investigated further and found a bad port on the router. Once plugged into a different port, the machine was fine.