How to tell if it's your problem or your ISP's problem

networking internet

A handy test site is: http://downforeveryoneorjustme.com/

Pings and traceroutes are some of the first and best tests when beginning this sort of investigation. Firewalls may block this traffic however.

Don't just stop at normal pings. Try ping <ip address> -l 2048 to send some big packets and make sure it's not a fragmentation/MTU issue.

Check your utilization -- your tubes may be full.


Things I check when troubleshooting a network issue with a provider. Note here that 'ping' means 'do an extended ping, sweeping a range of sizes, and sending at least 1000 packets at each size, looking for latency, loss and errors'.

  1. Ping your ISP's hand-off from a device on the same subnet. (Confirms that there are no L2 problems between you and your ISP).
  2. Ping your ISP's hand-off from a device on one of your internal subnets. (Confirms that you have no routing/security issues between your internal network and your ISP)
  3. Ping an IP in your provider's network. If you can't find one that's publicly listed, or the helpdesk won't give you one, do a traceroute to something in the internet, and use the second or third hop. This confirms that routing between you and your ISP is configured correctly.
  4. Ping an internet IP. I normally use 4.2.2.1, one of Level3's DNS servers that is easily remembered. This confirms that routing from your ISP to the specific IP you've pinged is correctly configured.
  5. Ping an internet domain name. This verifies your/your provider's DNS configuration is correct.

If steps 1 or 2 fail, it's most likely a problem on your internal network.

If step 3 fails, there would appear to be a problem in your provider's network. Note, though, that if you get no response at all then your ISP may have simply blocked ICMP to/from their infrastructure addresses.

Step 4 failing indicates a potential problem between your ISP and one of their upstream providers.

Step 5 failing indicates issues with name resolution.

Hope that helps.


It's also good to check TCP connection count with for example

  • netstat -a (linux/windows)
  • lsof -i tcp (linux)
  • Sysinternals TCP View (windows).

Some applications might spawn a lot of TCP connection simultaneously and this causes that you cannot create new connections but existing connections like SSH still keeps going.

DSL modem can also choke on lots of connections.

This usually only affects Windows machines.


We had an issue with our ISP and the tool Ping Plotter came in very helpful. You can set it to ping a router at the ISP's internet gateway, or in our example we told it to ping from a regional office back to the corporate office. In this example, it was going through a couple different ISPs. Best of all you can set it up on an old desktop or a virtual machine, and let is sit there pinging away collecting data until you need it.

Because it shows each router in the path, and the time it takes each one of those routers to return a response it is very useful to spotting trouble spots further downstream.

Related

EC2 drive not EBS volume size
Free service for checking for DNS errors on your domain?
For an intranet server would you buy a ssl cert or use a self signed cert?
What is preventing you from deploying desktop Linux in your environment?
How can I use HAproxy with SSL and get X-Forwarded-For headers AND tell PHP that SSL is in use?
How to set up strongswan or openswan for pure IPSEC with iPhone client?
SSH authorized_keys command option: multiple commands?
I just did a chmod -x chmod
RSA certificate configured for SERVER does NOT include an ID which matches the server name
Windows serial console
The strange case of Mr. Time To First Byte
choosing the right SSL certificate