Confirming DTTS functionality

How does one confirm DTTS is operating properly on a fresh install, or even periodically to confirm network security?

I notice in the guide to set up DTTS it is shown that if you ping a host, the IP is opened for a TTL period. Is this the proper way to confirm DTTS functionality?

A basic test is the ping, and it should fail. (assuming theres no rule to allow pings there)
Then ping and it should work.
Pinging IPs should fail, dns names pointing to the same IP should work. Maybe theres a more thorough way.

I usually do random tests from time to time to make sure say psiphon, protonvpn, etc., cannot have fun on our network.