Lesson Learned #423:Distinguishing Between PING and TNC: The Advantage of Identifying Source IPs
Published Sep 07 2023 12:22 AM 1,893 Views

Yesterday, our customer reported that they have a routing path using a VPN client and always identify the public IP instead of the private IP of the VPN. Besides of VPN client configuration, I would like to share my lesson learned how is possible to identify the IP source that the connection is using in a simply way. 

 

PING

 

Definition: PING (Packet INternet Groper) is a computer network diagnostic tool used to test the reachability of a host on an Internet Protocol (IP) network. It also measures the round-trip time for messages sent from the originating host to a destination computer.

How it works: PING operates by sending Internet Control Message Protocol (ICMP) Echo Request messages to the destination host and waits for an Echo Reply. The time taken between sending the request and receiving the reply is termed the Round Trip Time (RTT).

 

Main advantages:

  1. Quickly diagnose network connectivity issues.
  2. Measure the delay (latency) between the source and destination.
  3. Identify packet loss in the network.

 

TNC (Traceroute with Network Cognition)

 

Definition: TNC/Test-NetConnection is an enhanced version of the standard traceroute tool. Its principal advantage is its ability to identify and display the source IP (origin IP) based on routing rules, especially useful in multi-path networks and VPN scenarios.

How it works: Like traditional traceroute, TNC tracks the path that packets take from the source to the destination. However, TNC goes a step further. For each hop, it also identifies the source IP from which the probe packet is coming. This becomes particularly useful when trying to decipher complex network topologies or when routing changes dynamically.

 

Main advantages:

  1. Detailed path analysis: Understand each hop's source and destination IPs.
  2. Enhanced troubleshooting: Quickly identify where packets are coming from, particularly useful in cases of asymmetric routing.
  3. VPN clarity: Especially when using VPNs, TNC can show which IP is actually initiating the connection, providing more transparency in network connections.

 

Example Scenario: VPN Connection

 

Imagine you're connected to a corporate network via a VPN from a remote location. When using a PING test, you might find that the latency is higher than expected. The PING will give you the RTT but won't provide much insight into the route your packets are taking.

Using TNC, you'd be able to see the entire path of the packets, hop by hop. More importantly, for each hop, you'd identify the source IP. This can be instrumental in understanding if, for instance, your packets are being routed through an unexpected or inefficient path due to VPN misconfigurations or other routing anomalies.

 

Conclusion

 

While PING remains an essential tool for quick network diagnostics, TNC offers a deeper dive into network pathways, particularly beneficial when clarity on source IPs is required. For organizations relying heavily on VPNs or those with complex network topologies, the added visibility provided by TNC can be a game-changer in network diagnostics and troubleshooting.

 

Of course that we have other tools like tcpPing, telnet, etc.. but, in this specific scenario tnc was very useful to see if the trace route are working without taking a network trace.

 

Enjoy!

2 Comments
Version history
Last update:
‎Sep 07 2023 05:48 AM
Updated by: