[lug] How does ping work? How to diagnose firewall problem?
David L. Anselmi
anselmi at anselmi.us
Wed Jul 26 21:18:37 MDT 2006
> I went to a friend's house and thought I opened up port 22 and 1194 on his
> router. Since he does not have a fixed IP address, I went to
> http://www.grc.com/x/ne.dll?rh1dkyd2 and wrote down the IP address while it
> did a port scan on us.
> Unfortunately, the port scan stopped at 1056 and I never could verify that
> port 1194 was open.
> So now I am home and I'm trying to ping his IP address. I suppose I could
> have become very unlucky and he got a new IP address from his DHCP server
> while I was driving home.
> What is required for ping to work? Does it need a port open? Which port?
It needs the remote host to accept and reply to ICMP. ICMP is IP
protocol 1 (cf. TCP is 6 and UDP is 17) so it operates at layer 3 rather
than 4 which is where ports are designated.
You can check port 22 with telnet (or ssh, obviously). If you opened
port 1194 for TCP you can check that with telnet too:
telnet foo.example.com 1194
If telnet connects the port is open and all is well. If you get a
connection refused the network is ok but the host isn't listening. If
you get nothing (telnet times out) the network is blocking your traffic.
If you're using UDP port 1194 (openvpn) then you have to send a "ping"
(not ICMP) that openvpn understands:
echo 38d2 774b 0ece 782f fa00 0000 0000 | xxd -r -p \
| nc -uw2 foo.example.com 1194
If you get gibberish back the port is open and all is well. If you get
a quick return the network is ok but the host isn't listening. If you
get a slow return then the network is blocking your traffic. (Quick and
slow are relative, better to watch for the ICMP port unreachable with
"Network is blocking your traffic" means that some router, firewall, or
the remote host is dropping your packets without sending anything back.
More information about the LUG