[PJUG Javamail] ICMP Echo in Java

Rob Tanner rtanner at linfield.edu
Sun Jun 7 11:51:19 EDT 2009 

Vincent,

InetAddress.isReachable() has two modes.  According to the JavaDocs, it send
and ICMP ECHO REQUEST is the privilege can be obtained.  That means that it
will send a real PING packet.  PING is IP based, not TCP or UDP specific.
That means it uses raw sockets which do not have port numbers.  When PINGs
are being blocked by a switch, it¹s being blocked not by port number but by
packet type.  Your network admins know that and so what you need to request
is that they allow PING packets through.

But if InetAddress.isReachable() can not obtain the privilege to send an
ECHO REQUEST, it will send a TCP packet to the standard ECHO port which is
TCP port 7.  That means that you will need to know which mechanism
InetAddress.isReachable() is using before you talk to your admins.

If I were writing your program, I wouldn¹t use InetAddress.isReachable() in
the first place.  I would simply open a connection to the remote host¹s ECHO
port, send some text and make sure it gets echoed back.  That solves two
issues. In the first place, I know what mechanism is being used since I¹m
explicitly doing a TCP connect.  But secondly, PING is a very low level
function of the IP stack.  The Linux or Solaris could have crashed (meaning
the box is down) but still respond to pings.  Establishing a TCP connection
to the remote host¹s ECHO port is a higher level function and if the kernel
has crashed, the remote host will not respond whereas it might still respond
to a PING.

Hope that¹s helpful

-- Rob


On 6/6/09 10:43 PM, "VY" <vyau5678 at gmail.com> wrote:

> Dear All:
> 
> I have written a Java program that performs various duties.  One of them is to
> use InetAddress.isReachable() to
> ping remote IPs. 
> 
> We have a portion of our network that is very secure.  When I test my program,
> I had it on run on a Linux box and a Solaris box.  Both of them are *NOT* part
> of this secure network and the program works fine.
> When I placed the program under a Solaris box that is part of that very secure
> network, ALL IPs (even bogus ones) are reported to be
> up by that method.  I then discovered that I lack some sort of permission (to
> some port on the network) to truly perform an ICMP echo.
> The Solaris ping program is setuid to root which fixes this problem.    If I
> make the java executable setuid to root, all other java programs will have
> root privilege during runtime which will make a lot of people unhappy (e.g.
> sys admins).  I have tried doing Runtime.exec() and called the local Solaris
> ping but the performance is very poor (which is understandable). 
> 
> Does anyone know what port(s) should be opened for this isReachable() to
> function properly?  I can convince the sys admins to open up just those ports
> much easier than convincing them to setuid java to root.   I am also open to
> other suggestions.
> 
> Thanks in advance for any tips.
> 
> --Vincent
> 
> 
> 
> _______________________________________________
> Web Site - http://www.pjug.org/
> Javamail mailing list
> Javamail at pjug.org
> http://www.pjug.org/mailman/listinfo/javamail

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.pjug.org/pipermail/javamail/attachments/20090607/ecca55f4/attachment.html

More information about the Javamail mailing list