|
The command format for Windows is:
ping <ipaddress> -f -l 1472 -n 4
- <ipaddress>: The target destination IP address.
- -f (Don't Fragment): This sets the 'Don't Fragment' (DF) bit in the IP header of the ICMP echo request packet. This prevents any device along the path from fragmenting the packet if it's larger than the device's MTU.
- -l (Length): Specifies the size of the data payload in bytes. A value of 1472 bytes is used because: 1472 (ICMP Data) + 20 (IP Header) + 8 (ICMP Header) = 1500 bytes (Total IP Packet Size).
This tests the standard 1500-byte Ethernet MTU.
- -n (Count): Specifies the number of echo requests to send (e.g., 4) (optional).
Analyze the results:
Success (Replies Received): If the ping is successful (like the below example), it means all devices on the path have an MTU of 1500 bytes or greater, allowing the 1500-byte packet to pass without fragmentation.
C:\Windows\System32>ping 104.26.10.240 -f -l 1472 -n 4
Pinging 104.26.10.240 with 1472 bytes of data:
Reply from 104.26.10.240: bytes=1472 time=64ms TTL=50
Reply from 104.26.10.240: bytes=1472 time=64ms TTL=50
Reply from 104.26.10.240: bytes=1472 time=72ms TTL=50
Reply from 104.26.10.240: bytes=1472 time=59ms TTL=50
Ping statistics for 104.26.10.240:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 59ms, Maximum = 72ms, Average = 64ms
Failure (Request Timed Out): If the ping fails (like the below example), it indicates that a device along the path has an MTU less than 1500 bytes. When this device receives the 1500-byte packet with the DF bit set, it drops the packet instead of fragmenting it. On a healthy path, this device should ideally send an 'ICMP Destination Unreachable (Fragmentation Needed and DF set)' message back, but this message is often blocked by firewalls, resulting in a timeout.
C:\Windows\System32>ping 96.45.36.241 -f -l 1472 -n 4
Pinging 96.45.36.241 with 1472 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 96.45.36.241:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
Isolating the Low-MTU Device:
Step 1: If the initial ping fails, use tracert and map the device in the network path.
tracert <destination ip>
This shows the hop-by-hop path, listing the IP addresses of the routers/devices in the network path.
Step 2: Ping intermediate hops:
Start pinging the devices listed in the tracert output, beginning from the one closest to the destination or from the one where performance issues are suspected, using the same -f and -l 1472 options.
Step 3: Identify the failing hop:
The last hop that successfully responds to the ping is located before the low-MTU device. The first hop that fails to respond is likely the device with the lesser MTU, or the device immediately following it is dropping the packet sent from that hop.
Finding the Actual Lower MTU Value:
To determine the actual lower MTU, employ a binary search method by reducing the payload size incrementally until the ping succeeds.
Decrease the payload size: Start with a value less than 1472, for example, 1400.
ping <destination ip> -f -l 1400 -n 4
- (Total IP Packet Size: 1400 + 20 + 8 = 1428 bytes).
Iterate:
- If the ping fails, reduce the payload size further (e.g., to 1350).
- If the ping succeeds, increase the payload size (e.g., to 1436).
Keep adjusting the value until the largest payload size that successfully receives a reply is found.
|
