[SOLVED] Help with WinMTR diagnosis

Toggle sidebar Toggle sidebar
L

lukev721

Reputable
Sep 5, 2018
26
0
4,540
I have been having some connection issues and I'm trying to figure out if the problem is me or my ISP. I have these winMTR reports and I don't know how to interpret them. The first line is my router and it seems fine, but starting from the 2nd line I start seeing some issues. That makes me want to say that it's some issue with my ISP but I want to be sure before I start considering an ISP change.

https://imgur.com/TKW4Ew9
View: https://imgur.com/TKW4Ew9


https://imgur.com/Z67ZIXd
View: https://imgur.com/Z67ZIXd
 
Solution
L
kanewolf said:
The WAN IP should be the same first 3 sets of digits. If the WAN address is not 10. ANYTHING, then you have a basic problem.

You need to run the same traceroute from another host. Laptop would be easiest. See if this strange routing is specific to one PC or your network.
Click to expand...

OK, I figured it out and the solution kind of frustrates me with how simple it was. Apparently Netgear routers tend to flag a lot of harmless things as DoS attacks, even things like google or Instagram. The router logs all of this in the event log, so in my log it was registering dozens and dozens of these flags a minute. This caused some sort of congestion in my router causing the small drops of connectivity I was experiencing. The reason my issue...
Sort by date Sort by votes
lukev721 said:
I have been having some connection issues and I'm trying to figure out if the problem is me or my ISP. I have these winMTR reports and I don't know how to interpret them. The first line is my router and it seems fine, but starting from the 2nd line I start seeing some issues. That makes me want to say that it's some issue with my ISP but I want to be sure before I start considering an ISP change.

https://imgur.com/TKW4Ew9
View: https://imgur.com/TKW4Ew9


https://imgur.com/Z67ZIXd
View: https://imgur.com/Z67ZIXd
Click to expand...
Trace route is useful to help you find the IP addresses of the routers along the way. To find out if one of the routers for your ISP is having a problem. Setup a separate PING to hops 2, 3, 4 those are most likely to be your ISP. Also setup a ping to hop 1, which should be your router.
The only thing you control is your router. The information about 2, 3, 4 can be provided to your ISP to identify a problem with them.
A problem far down the chain is not something you can do much about.
The hops with 100% drop is not uncommon. Many routers are configured to not respond to pings.
 
Upvote 0 Downvote
kanewolf said:
Trace route is useful to help you find the IP addresses of the routers along the way. To find out if one of the routers for your ISP is having a problem. Setup a separate PING to hops 2, 3, 4 those are most likely to be your ISP. Also setup a ping to hop 1, which should be your router.
The only thing you control is your router. The information about 2, 3, 4 can be provided to your ISP to identify a problem with them.
A problem far down the chain is not something you can do much about.
The hops with 100% drop is not uncommon. Many routers are configured to not respond to pings.
Click to expand...

The program I used does have the IP's I just left them out from the picture. So would you say this is an ISP issue? In that case I could just send a full screenshot of the report to my ISP and they could potentially correct it.
 
Upvote 0 Downvote
lukev721 said:
The program I used does have the IP's I just left them out from the picture. So would you say this is an ISP issue? In that case I could just send a full screenshot of the report to my ISP and they could potentially correct it.
Click to expand...
There is no way to determine that without knowing which hop is having an issue. That is why you have to look at individual hops and not the final address.
 
Upvote 0 Downvote
lukev721 said:
Ok, hop 2 seems to be a little high. Would you say that is where the problem lies? or is it within reason?

https://imgur.com/1YLW2rG
View: https://imgur.com/1YLW2rG
Click to expand...
You are trying to find the dropped packets. Ping timing is not something you have control of.
Maybe I misunderstood your original post. You didn't list any explicit problem. You had some dropped packets, but you have to setup several continuous pings to determine WHERE the drops happen.
Maybe you could provide a better description of the symptoms.
 
Upvote 0 Downvote
kanewolf said:
You are trying to find the dropped packets. Ping timing is not something you have control of.
Maybe I misunderstood your original post. You didn't list any explicit problem. You had some dropped packets, but you have to setup several continuous pings to determine WHERE the drops happen.
Maybe you could provide a better description of the symptoms.
Click to expand...

OK. I have been having connectivity issues for some time. It seems to me like its minor packet loss. My original question was what are your interpretations of the winMTR reports from my above post. To me it seems like there is an issue with hop 2 because that is where the loss in packets starts. You say I have to ping the specific IP to determine where the problem is, but is that not what my original post was?

I have done many things on my end, including getting a new router and modem. I have replaced all my ethernet cables and my ISP has checked the wiring from the street all the way to my modem. I have done many of the basic recommended steps like ipconfig flushdns, registerdns etc.

I am basically trying to figure out if the issue is my ISP and if I should just switch ISP's to fix my issue.
 
Upvote 0 Downvote
lukev721 said:
OK. I have been having connectivity issues for some time. It seems to me like its minor packet loss. My original question was what are your interpretations of the winMTR reports from my above post. To me it seems like there is an issue with hop 2 because that is where the loss in packets starts. You say I have to ping the specific IP to determine where the problem is, but is that not what my original post was?

I have done many things on my end, including getting a new router and modem. I have replaced all my ethernet cables and my ISP has checked the wiring from the street all the way to my modem. I have done many of the basic recommended steps like ipconfig flushdns, registerdns etc.

I am basically trying to figure out if the issue is my ISP and if I should just switch ISP's to fix my issue.
Click to expand...
That is the problem with those tools. They can give false positives. That is why you have to do explicit continuous pings in multiple windows to different hops. That is what I have repeatedly recommended you do.
In post #5 where you have some IP addresses, it is interesting that hop #2 is a 10.x.y.z address. Do you use cellular or some other wireless internet provider ?
 
Upvote 0 Downvote
I fully agree that you need to use simple ping commands to test this. The first level ISP tech you talk to might not even know what a ping command is. You show them something like winmtr and they will recommend you reboot your pc or reinstall windows to fix it :)

So if we believe what winmtr shows there is a issue with the connection coming to your house . This is good in many ways since the level 1 tech guys have magic buttons (ie tools they don't understand) that will check the line to your house and if they see errors they will send out a tech.
The main step is to get them past the steps in their scripts where they blame your equipment. You want to have 2 constant pings to show them. The first to your router and a second ping running at the same time to their router, likely 10.15.80.1

My complete guess is that you have some issue with physical wires going to your house. What you show is just data loss but you do not also have large latency spikes. If you have large latency spikes and loss it could be a overloaded connection but just loss tends to be some kind of hardware error.
 
Upvote 0 Downvote
kanewolf said:
That is the problem with those tools. They can give false positives. That is why you have to do explicit continuous pings in multiple windows to different hops. That is what I have repeatedly recommended you do.
In post #5 where you have some IP addresses, it is interesting that hop #2 is a 10.x.y.z address. Do you use cellular or some other wireless internet provider ?
Click to expand...

Can you give me a more specific tool I could use? You recommended trace route, is that not the "tracert" command in cmd prompt? or maybe the way I used it was incorrect?

As for your second question I use Cox cable, its not anything cellular.
 
Upvote 0 Downvote
bill001g said:
I fully agree that you need to use simple ping commands to test this. The first level ISP tech you talk to might not even know what a ping command is. You show them something like winmtr and they will recommend you reboot your pc or reinstall windows to fix it :)

So if we believe what winmtr shows there is a issue with the connection coming to your house . This is good in many ways since the level 1 tech guys have magic buttons (ie tools they don't understand) that will check the line to your house and if they see errors they will send out a tech.
The main step is to get them past the steps in their scripts where they blame your equipment. You want to have 2 constant pings to show them. The first to your router and a second ping running at the same time to their router, likely 10.15.80.1

My complete guess is that you have some issue with physical wires going to your house. What you show is just data loss but you do not also have large latency spikes. If you have large latency spikes and loss it could be a overloaded connection but just loss tends to be some kind of hardware error.
Click to expand...

What tool would you recommend? or is there some cmd prompt command that can do this? I thought winmtr was that tool. The wiring is fairly new, it was put in a little over a year ago. I also just replaced all my ethernet cables as well. It's also not the router or modem as I have replaced both.
 
Upvote 0 Downvote
kanewolf said:
The ping command, in a cmd.exe window --
From your post #5 list
In cmd.exe window 1 -- ping -t 10.15.80.1
In cmd.exe window 2 -- ping -t 100.127.40.62
etc
See which hop starts having packet loss.
Click to expand...

Ok, so like this:

https://imgur.com/I7njW7z
View: https://imgur.com/I7njW7z


So I should do this for the various IP's starting from my router and so forth. Do you see anything out of the ordinary? What should I look for that could be an issue?
 
Upvote 0 Downvote
kanewolf said:
You have VPN software installed. I wonder if that is part of the issue.
Your router address is 192.168.1.1 (which is typical). So where is that 10.x.y.z that is 5 to 7ms? My guess is that is the VPN endpoint.
Click to expand...

I never use that VPN its been off this entire time, just incase I went ahead and uninstalled it but I don't think its the issue.

As for the 10.x.y.z, I don't know what that is. I ran another winMTR and that IP still shows up, so it wasn't the VPN. I assume it belongs to my ISP and its some point outside my house along their network?
 
Upvote 0 Downvote
lukev721 said:
I never use that VPN its been off this entire time, just incase I went ahead and uninstalled it but I don't think its the issue.

As for the 10.x.y.z, I don't know what that is. I ran another winMTR and that IP still shows up, so it wasn't the VPN. I assume it belongs to my ISP and its some point outside my house along their network?
Click to expand...
You can verify that hypothesis by looking at the GUI of your router. Is the WAN address of the router a 10.x.y.z ? If not then you have much bigger problems. Like malware hijacking your network connection.
 
Upvote 0 Downvote
You must log in or register to reply here.

TRENDING THREADS

Latest posts

Moderators online

Share this page

COMPANY
RESOURCES
FOLLOW
Top Bottom