Skip to content
English
Statseeker Technical Support
  • There are no suggestions because the search field is empty.

How can I Troubleshoot ping outages at the operating system level?

To check pings sent and received for a device at the system level go to the command line and first find the interface name being used by the Statseeker host.

e.g. In the example below it is vmx0:

statseeker$ ifconfig -a
vmx0: flags=8963<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=4e403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO,RXCSUM_IPV6,TXCSUM_IPV6,NOMAP>
        ether 00:50:56:a2:bd:4c
        inet 10.2.20.102 netmask 0xffffff00 broadcast 10.2.20.255
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>

Then use the tcpdump command to capture the ICMP protocol packets to and from the device.

tcpdump -i <interface> -w <filename.pcap> <protocol> and host <hostname_or_ip_address>

In the example below we are using nohup to keep the command active after we logout and the timeout command to send a SIGTERM signal after 1 day and send a SIGKILL signal 10 seconds later if the process refuses to stop:

nohup timeout -k 10s 1d tcpdump -i vmx0 -G 3600 -w /tmp/ping_capture_%Y_%m_%d_%H_%M_%S.pcap icmp and host 10.100.56.253 >/dev/null 2>&1 &

Also in this example we are creating new pcap output files every hour with a full time stamp in their name.

e.g.

statseeker$ pwd
/tmp

statseeker$ ls -lart

-rw-r--r--   1 statseeker  statseeker     171294 Aug 29 17:54 ping_capture_2025_08_29_16_54_35.pcap
-rw-r--r--   1 statseeker  statseeker      13312 Aug 29 17:59 ping_capture_2025_08_29_17_54_35.pcap

With tcpdump capturing only the pings to one host, which are small in size and sent every 15 seconds, there should be little risk in filling up /tmp, but please check that /tmp has sufficient space and that the files are not growing fast.

The files can be checked by downloading them and opening them in Wireshark which shows each ping request and it's reply with sequence numbers.

To stop this with the above parameters either wait a day or use the ps and kill commands.

e.g.

statseeker$ ps -auxw | grep tcpdump
statseeker 82584   0.0  0.1   19308   6256  -  Is   18:28        0:00.00 tcpdump: system.dns (tcpdump)
statseeker 82735   0.0  0.0   12892   2184  0  S+   18:29        0:00.00 grep tcpdump
statseeker 82580   0.0  0.0   12716   1876  2  I    18:28        0:00.00 timeout -k 10s 1d tcpdump -i vmx0 -G 3600 -w /tmp/ping_capture_%Y_%m_%d_%H_%M_%S.pcap icmp and host 10.100.56.253
statseeker 82581   0.0  0.1   19308   6776  2  SC   18:28        0:00.01 tcpdump -i vmx0 -G 3600 -w /tmp/ping_capture_%Y_%m_%d_%H_%M_%S.pcap icmp and host 10.100.56.253

statseeker$ kill 82584 82580 82581


statseeker$ ps -auxw | grep tcpdump
statseeker 82947   0.0  0.0     436    256  0  R+   18:30        0:00.00 grep tcpdump

Please be careful with the kill command as killing the wrong process could stop Statseeker.