This article describes how Network Path Monitoring works and answers some FAQs about this capability.
Network Path Monitoring traces the network path between a client and a target as part of running a synthetic test. Much like traceroute, network path monitoring sends test packets from the client running the test to the target server with incrementing TTLs, starting from 1. As nodes along the network path receive these test packets with a TTL of 1, they respond with ICMP "time exceeded" messages.
How often are Network Path Monitoring tests run?
By default, 5 path traces are conducted for every 5 minute sample. So on average, 1 path trace is run per minute.
What is the difference between ICMP and TCP tests?
When using TCP, each test packet will be sent as a TCP SYN with an incrementing TTL starting from one. Nodes along the path will still respond with ICMP "time exceeded" and the target will usually respond with a SYN-ACK.
ICMP tests use "echo request" packets with an incrementing TTL starting from one. Nodes along the path respond with ICMP "time exceeded" and the target will usually respond with an "echo reply".
What is an Unknown Node?
An "Unknown Node" is a node that didn't reply with any ICMP "time exceeded" messages. These nodes may have ICMP "time exceeded" disabled.