Path Analysis on Windows with pathping

Pathping is one of two network utilities I am aware of that produces network path-loss statistics. The other one is mtr which is available for both Windows and Linux. The two utilities are very similar, and here we’ll talk about pathping.

Pathping is developed and maintained by Microsoft, and it’s built into Windows. As the name implies, it’s a combination of tracepath (or traceroute) and ping. Both are based on ICMP packets. Tracerpath gives you the hop-by-hop information between two hosts. Ping gives you statistics when you send ICMP requests to a specific host. Pathping gives you the hop-by-hop information as well as statistics for each hop.


Pathping is preinstalled on Windows. I think this is a significant difference with mtr, that you’d need to compile under Cygwin, which is kind of a hassle. 

Here is the output of the help menu:

netbeez> pathping --help
--help is not a valid command option.

Usage: pathping [-g host-list] [-h maximum_hops] [-i address] [-n]
                [-p period] [-q num_queries] [-w timeout]
                [-4] [-6] target_name

    -g host-list     Loose source route along host-list.
    -h maximum_hops  Maximum number of hops to search for target.
    -i address       Use the specified source address.
    -n               Do not resolve addresses to hostnames.
    -p period        Wait period milliseconds between pings.
    -q num_queries   Number of queries per hop.
    -w timeout       Wait timeout milliseconds for each reply.
    -4               Force using IPv4.
    -6               Force using IPv6.

The options are pretty self explanatory.

Another significant different with mtr is that mtr is more feature rich if we judge from mtr’s available options:

netbeez> mtr.exe --help

 mtr [options] hostname

 -F, --filename FILE        read hostname(s) from a file
 -4                         use IPv4 only
 -6                         use IPv6 only
 -u, --udp                  use UDP instead of ICMP echo
 -T, --tcp                  use TCP instead of ICMP echo
 -I, --interface NAME       use named network interface
 -a, --address ADDRESS      bind the outgoing socket to ADDRESS
 -f, --first-ttl NUMBER     set what TTL to start
 -m, --max-ttl NUMBER       maximum number of hops
 -U, --max-unknown NUMBER   maximum unknown host
 -P, --port PORT            target port number for TCP, SCTP, or UDP
 -L, --localport LOCALPORT  source port number for UDP
 -s, --psize PACKETSIZE     set the packet size used for probing
 -B, --bitpattern NUMBER    set bit pattern to use in payload
 -i, --interval SECONDS     ICMP echo request interval
 -G, --gracetime SECONDS    number of seconds to wait for responses
 -Q, --tos NUMBER           type of service field in IP header
 -e, --mpls                 display information from ICMP extensions
 -Z, --timeout SECONDS      seconds to keep probe sockets open
 -r, --report               output using report mode
 -w, --report-wide          output wide report
 -c, --report-cycles COUNT  set the number of pings sent
 -j, --json                 output json
 -x, --xml                  output xml
 -C, --csv                  output comma separated values
 -l, --raw                  output raw format
 -p, --split                split output
 -t, --curses               use curses terminal interface
     --displaymode MODE     select initial display mode
 -n, --no-dns               do not resolve host names
 -b, --show-ips             show IP numbers and host names
 -o, --order FIELDS         select output fields
 -y, --ipinfo NUMBER        select IP information in output
 -z, --aslookup             display AS number
 -h, --help                 display this help and exit
 -v, --version              output version information and exit

A more rigorous comparison between the two might be a topic for another blog post…

Let’s look at an example of a pathping run:

netbeez> pathping

Tracing route to []
over a maximum of 30 hops:
  0  host.docker.internal []
  3     * []
  5 []
  6 []
 11 []

Computing statistics for 275 seconds...
            Source to Here   This Node/Link
Hop  RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
  0                                           host.docker.internal []
                                0/ 100 =  0%   |
  1    0ms     0/ 100 =  0%     0/ 100 =  0%
                                0/ 100 =  0%   |
  2    1ms     0/ 100 =  0%     0/ 100 =  0%
                                0/ 100 =  0%   |
  3    2ms    24/ 100 = 24%    24/ 100 = 24% []
                                0/ 100 =  0%   |
  4    2ms    24/ 100 = 24%    24/ 100 = 24%
                                0/ 100 =  0%   |
  5  ---     100/ 100 =100%   100/ 100 =100% []
                                0/ 100 =  0%   |
  6  ---     100/ 100 =100%   100/ 100 =100% []
                                0/ 100 =  0%   |
  7  ---     100/ 100 =100%   100/ 100 =100%
                                0/ 100 =  0%   |
  8  ---     100/ 100 =100%   100/ 100 =100%
                                0/ 100 =  0%   |
  9    7ms     0/ 100 =  0%     0/ 100 =  0%
                                5/ 100 =  5%   |
 10  ---     100/ 100 =100%    95/ 100 = 95%
                                0/ 100 =  0%   |
 11    6ms     5/ 100 =  5%     0/ 100 =  0% []

Trace complete.

Pathping first runs a tracepath to get the hop-by-hop IP information between my laptop and Then for each hop, it sends 100 packets with 250 milliseconds interval to calculate statistics. This amounts to 25 seconds per hop and a total of 275 seconds for 11 hops. As you can see, it might take a while for pathping to finish its run, but all these parameters are configurable (-p for period and -q for number of queries per hop), as you can see from the options in the help menu.

As you can see for each hop, you have statistics on latency and on how many packets were dropped out of the 100 that were sent. This can be very useful when troubleshooting performance issues, and can help identify specific hops along your route that might be causing the overall issue.

All in all, I think pathping is a very useful tool, it comes for free on Windows, and it’s on par with its Linux equivalent mtr.

decoration image

Get your free trial now

Monitor your network from the user perspective

You can share

Twitter Linkedin Facebook

Let's keep in touch

decoration image