Test 6: The WAN Ping Test

Test 6: The WAN Ping Test

Test 6: The Handy-Dandy WAN Ping Test

If you are having trouble reaching services on the Internet (e.g., email, web sites, game servers), it's a good idea to first try at least one quick LAN ping test (from the computer to the router) as shown in Test 5: The Handy-Dandy LAN Ping Test. Once you have checked and passed the LAN ping test, a good approach is to first ping things relatively "close" from a network point of view and then ping IP addresses further and further away. This helps isolate if the problem is in your network, your ISP's network or even further out.

Baby Step 1: Ping Your Router's WAN Gateway Address

The first step is to ping the gateway address that your router is using to communicate with the rest of the Internet. If you have a fixed IP address, this is relatively simple because your ISP will have told you what your gateway address is when they assigned you your IP address. Open a command window and type ping followed by your WAN gateway address as in the screen below.

 Results of pinging the ISP's gateway address 

If you have a dynamically assigned IP address, determining your gateway address can be a bit trickier, but your router will likely give you a hand. First, you first need to find out if your router has successfully retrieved an IP address from your ISP's DHCP server. Your router's status page should list your current external IP address. The follow screen capture illustrates that case.

 Router status page 

Recall that for the purposes of demonstrating the various problems that can occur, I have set up a test network inside my real home network. This is why the IP address I received is another non-routable (private) IP address. The IP address retrieved was 192.168.3.41 in this case. (See Private IP Addresses for more details on private IP addresses.) When you look at the status page for your router, it will likely be a public IP address like 162.84.93.33. The gateway address was also retrieved at the same time, which is 192.168.3.1. Most routers will display the gateway address they received in the DHCP response. Substitute that IP address in the ping command shown above. If it doesn't display the gateway explicitly, try using the first three octets (e.g., 162.84.93) and end with a .1 (for a full IP address of 162.84.93.1). In the command window above, the ping to 162.84.93.1 is a ping to my ISP's WAN gateway for a real IP address. If your ping test is successful, skip to the next step, Baby Step 2: Ping Your ISP's DNS Server. If not, proceed into the following troubleshooting section.

Remember, if you have a dynamically assigned external IP address, your IP address and therefore, the address of the ISP's gateway may change periodically. Verify the addresses every time you wish to run this test.
Troubleshooting a WAN Gateway Ping Failure

If you aren't able to successfully ping your ISP's gateway address (or you aren't getting a valid IP address returned from a DHCP request), the problem is generally isolated to the connection between your router and DSL/cable modem or the modem's connection to the ISP. It's also possible your ISP may be having a temporary (planned or unplanned) outage.

Log into your router and browse to its status page. (If you are unable to log into your router, check to make sure it has power. Also, try to ping the router's LAN IP address as was done in Test 5: The Handy-Dandy LAN Ping Test.) If your router shows an Internet address that is not valid (like 0.0.0.0 in the screenshot below) most likely you've lost connectivity with your ISP. (That's assuming you had connectivity before. If your high-speed connection is a new installation, it may not be active yet.) The first thing to check is the power on the modem and Internet/WAN lights on the router and modem.

Router that failed to get valid external IP address


 Netgear router's power and status lights 

On the example router shown here, the Netgear WGT624, the power indicator is the light to the far left and the light that is second from the left, which is a lowercase letter "i" with a circle partway around the bottom, is the WAN/Internet port. They are green when the router has power and the connection to the DSL or cable modem is correct, respectively. If the power light is not lit, check your power adapter and power connection on the back of the unit to make sure they are plugged in. If it is, try moving it to another plug. (Use an extension cord if it's inconvenient to move the router.) I've have a number of those little power adapter "bricks" die, so don't be surprised to find out that the router won't power up even when you try a working outlet. (Radio shack has substitutes for these with variable DC voltage outputs and tips that will work with all sorts of devices. Check to make sure the amperage is sufficient.)

Next, check the corresponding lights on your Cable or DSL modem. On the example cable modem shown to the right, the power light is at the top and labeled "Power" and the LAN light is labeled PC/Activity and is the second light from the bottom. Finally, check that your connection to your ISP is established.

On most DSL modems I have used, there is a single light labeled "Internet," "Ethernet," "WAN Connection" or something similar. It should be lit and steady when the connection is established to your ISP but no traffic being sent or received. Typically, the light will blink or flicker when Internet network activity is occurring in either direction. Note the Ethernet light is on in the picture below.

 Westell DSL modem's power and status lights 

If the Ethernet light is not lit, it's time to start suspecting your service from your ISP is down. First, make sure that the telephone line from the DSL modem to the wall is secure. You may want to try another telephone wire just to be sure. Also, check to see if your regular phone service is working. If both your DSL and telephone service are out, your line may have been cut or disconnected. That's a problem for your phone company to deal with. If the problem lies just in your DSL connection, you should call your ISP's technical support and see if there is a general problem they are aware of, if they are doing some planned upgrades or maintenance they didn't notify you about, and if you are the only person with an outage and need to report it.

Netgear router's power and status lights

On the particular cable modem shown here, the Motorola SB5100, three lights are used to show you the status of your cable connection to your ISP. The first light (second from the top under the Power light) is labeled "Receive" and is the receive channel established light. It is lit when a downlink (incoming) connection from your ISP is established. The next light down is labeled "Send" and is lit when an uplink (outgoing) channel to your ISP has been established. If either the Send or Receive light is not lit, it's probable that your cable service is down or the cable is broken or disconnected. The next light is labeled "Online" and indicates all necessary negotiation such as DHCP address assignment has completed. When this light is not lit, it generally means that the DHCP negotiation failed either initially during power on or after a DHCP IP address lease has expired and a new IP address could not be retrieved from your ISP's DHCP server. If your cable appears to be in working order, you should call your cable Internet service provider to find out is a general problem they are aware of, if they are doing some planned upgrades or maintenance they didn't notify you about, and if you are the only person with an outage and need to report it.

When your network is working correctly, visiting www.whatismyip.com will display your current IP address.


 

Baby Step 2: Ping Your ISP's DNS Server

Once we've been able to ping our ISP's gateway, the first "network hop" outside of our own equipment, the next test is to see if we can reach our ISP's DNS servers. We will do this by pinging the IP address of one of those servers. Of course, before we can do that, we need to know what those IP addresses are. If you have fixed/static IP service, as part of your initial sign-up package or email, your ISP should have included the IP addresses of the DNS servers it wants you to use. They will generally give you two (or more) addresses. We need two so that our router can still have DNS services if one of the servers goes down. (Remember, the DNS service is used resolve the names of Internet sites like "www.godiva.com" to their respective IP addresses. Without the DNS service, we won't be able to reach any web sites other than by IP address.) If your ISP didn't supply those IP addresses, check their web site or call their technical support line and ask for them.

If you have dynamic IP address service using your ISP's DHCP server to get your Internet IP address, you may have to do a bit more hunting. You should be able to call your ISP and ask for the numbers, as was mentioned above, or your ISP may have listed them for you when you signed up. Like we did in the last section (to find out your currently assigned IP address), we can use your router's status page to find out your current DNS server IP addresses (if you have ever successfully used the service in the past). The Basic Settings screen of the Netgear WGT624 gives this right below the Internet IP address as demonstrated below.

 Using the router's status page to determine your DNS server's IP addresses 

The two IP addresses in this example are 151.197.0.38 and 199.45.32.38. Now that we know the IP addresses of our DNS servers, we can proceed with the ping test. Try both IP addresses to see if the ping test passes by reaching the DNS server. An example using the second of my example DNS servers is shown in the following screen capture. If you are successful with your ping test here, skip to Baby Step 3: Ping A Well-Known IP Address. Otherwise, continue on into the following troubleshooting section.

 Pinging one of the DNS servers 

If you are able to ping your ISP's DNS servers, write down their IP addresses. These address should rarely change, so you can save time by doing do. Also, if these servers are down, you won't be able to browse to your ISP's web site in order to find out what the addresses are. (Nice Catch-22 there.)
Troubleshooting a DNS Server Ping Failure

If the ping test to your gateway address for your ISP passes, but your ping test to your ISP's DNS servers fail, your ISP may be having a problem within their internal network or their DNS servers are down. Interestingly, if the DNS servers are down, we actually still have full connectivity to the Internet, but we've lost the capability to resolve names into their corresponding IP addresses. Without that capability, we won't be able to browse the Internet, fetch email, access game servers, or anything that else we try to access by name. Unfortunately, it also may be true that the DNS servers are fine, but your ISP does not allow pings to their DNS servers. If you suspect that this is the case after following the procedures in this section, try the tests in Test 7: Testing for DNS Functionality. (Note to ISPs: It's perfectly acceptable to reject or drop ping requests originating from the Internet at large, but you should accept ping requests from your own clients. Note to others: I have yet to have an ISP that blocks ping requests to DNS servers from their clients.)

Another possibility is that the IP addresses for the DNS servers have changed, but your ISP didn't inform you. (This is usually only a problem with static IP address accounts as dynamic IP addresses will get the new DNS server IP addresses the next time your router retrieves an IP address from your ISP's DHCP server. If you do start having this problem and you are using dynamic IP addressing with your ISP, try rebooting or power cycling your router to force it to get the new information.) One of my previous ISPs liked to move their DNS services from one IP address to another without informing anyone. They didn't do it often; the IPs changed maybe once or twice a year at most. First, they would move one and some time later they would move the other. Also, if your ISP gets bought out by another ISP or your ISP buys another ISP in the same geographic area, they may decide to consolidate DNS servers and other resources, which may change the IP addresses you need to use.

As a final check, try pinging one or more of the IP addresses in the following list: 198.41.0.4, 192.228.79.201, 192.33.4.12, 128.8.10.90, 192.203.230.10, 192.5.5.241, 192.112.36.4, 128.63.2.53, 192.36.148.17, 192.58.128.30, 193.0.14.129, 199.7.83.42, & 202.12.27.33. These are the IP addresses of the Internet's root DNS servers (current as of December 12, 2008). These occasionally do change, but only one or two and even then only over a period of years. When you try to browse to an address that your ISP's DNS server doesn't have, it consults a DNS server ranked above it. If that DNS server doesn't know the address, it contacts a DNS server higher up the chain of DNS servers until one of the root servers is reached. These are the addresses of those root servers. They may know the answer directly. They may know which DNS server to contact as the primary DNS server responsible for that domain name. If they don't know the address for a name and can't find a server that does know, the name doesn't exist as far as the Internet is concerned. Not all of these DNS servers allow themselves to be pinged, but most do.

If you try four or five of the IP addresses in that list and none of them respond, the problem is in your ISP's internal network or their connection to the rest of the Internet. You aren't able to reach IP addresses outside of your network, but you can reach the gateway. This is a problem for your ISP to solve, so you need to call their technical support line. If the problem is this big, they're almost certainly going to be already aware of it, but they should be able to give you the scope of the problem and when they think it will be fixed.

On the other hand, if at least one of those root DNS server IP addresses responds to a ping, your ISP's DNS servers are down, they don't respond to ping requests, their addresses have changed an you weren't notified or your ISP is having problems with loosing DNS requests (because of faulty equipment or an overloaded, congested network). The problem may clear up after a short while in the case of congestion, but this is still a problem you should contact your ISP about. Not all of the network problems you'll encounter on the Internet are yours. When you call your ISP's technical support line, verify that the DNS servers are up, and if they are, what their IP addresses are.

Baby Step 3: Ping A Well-Known IP Address

If you are not able to ping your DNS servers (See the previous step.), it's a sure bet that you won't be able to complete this step. However, even if you are able to ping something at the IP address your ISP's DNS servers are supposed to be at, all you really know is that some device at that address responds to a ping. The next test, Test 7: Testing for DNS Functionality, will help us determine if that machine is really a DNS server.

This test is to ping a well-known site like www.google.com or www.ebay.com or your ISP's web server (e.g., www.verizon.com, www.xfinity.com). The successful results of such a ping are shown below. If you get a successful ping to one of these sites, but you can't reach a particular site like www.joes-small-insignificant-web-site-is-down.com, your connection is probably just fine. Poor Joe, however, has got a problem with his/her site. If one well-known site doesn't answer the ping, try another. Every site goes down occasionally. They might just be doing routing maintenance or upgrading. If pinging Google and one or two other well-known sites all fail, go to the trouble shooting section below.

 Pinging Google.com as a well-known site 

Troubleshooting a Well-Known Site Ping Failure

Assuming you've gone through the previous (baby) steps, troubleshooting here means we were able to ping our gateway and beyond that to some device(s) that we believe to be our ISP's DNS server(s). Unfortunately, pinging a system beyond that failed. This might be because our ISP's DNS servers are not working correctly or your ISP's connections beyond its own network are experiencing problems. Now, we'll try to determine which.

If pinging a well-known site like www.google.com returned "Unknown host" then it is likely your ISP's DNS servers are down. This is because sites like Google and Ebay are highly redundant and at least one of their machines should respond. You may again want to try pinging the root DNS servers (using their IP addresses) given in the list in the previous section. If you can reach two or three of them, it's even more likely dealing with a DNS server failure at your ISP. If we cannot reach the root DNS servers either, the ISP's network connection to the rest of the world is in question. It's time to call your ISP's friendly technical support line in either case.

If pinging www.google.com returned "Destination host unreachable" or "Request timed out," the DNS servers are probably working fine, but the ISP is having connection problems to the rest of the Internet. It's still time to call your ISP. If you have success pinging the well-known sites, but you try this same test for www.joes-small-insignificant-web-site-is-down.com and get either of these responses, it's most likely Joe's site that is down, not your ISP. Joe's site may also have moved to a new IP address, but your ISP's DNS servers haven't been updated yet. In either case, wait a while and try again. Don't call your ISP about Joe's site being down (unless you are Joe and your ISP is hosting your web site). They don't care about Joe. They don't care if you can't reach Joe, because they probably can do a thing about it. On the other hand, if you can't reach Google, that might spark their interest.

 Ping returning 'Request Timed Out' messages 

Craig Prall