4

I working with web servers that ICMP is disabled on them. On the other hand they answer to some https requests. I'm basically looking for http like ping capabilities in order to check if another server can reach that machine, and get some data about it

I have explored the following options:

  1. Writing a web page that analyzes the connection between the two machines. Meaning one machine will try and browse to that web page. It will supply some information regarding the connection speed etc. This was taken out of the table because this web page will need to basically run some kind of web application of some sort. I don't have time to develop that. - If you know of an existing technologies let me know.

  2. Hosting a file on the web server and trying to download. Will not supply all the data I would like to have. Browsers usually obfuscate all the "fun" stuff.

  3. using some kind of ping utility like this www.coretechnologies.com/products/http-ping/ but for some reason it can't handle redirection of the cooperate LAN and hence I can't use it. (I send out a request but the answer is 0 bytes with the 302 redirect reply). Do you know of others?

Please advise if you can make one of the solution work, or my use in the utility suggested in section 3 is faulty, or you have some other idea in mind.

Update:

All systems are windows based.

qballer
  • 153
  • 1
  • 1
  • 9

5 Answers5

3

You can use openssl to try to see if you can open aSSL session:

[joeuser@host ~]$ openssl s_client -quiet -status -connect google.com:443
depth=2 C = US, O = "VeriSign, Inc.", OU = Class 3 Public Primary Certification Authority
verify return:1
depth=1 C = ZA, O = Thawte Consulting (Pty) Ltd., CN = Thawte SGC CA
verify return:1
depth=0 C = US, ST = California, L = Mountain View, O = Google Inc, CN = www.google.com
verify return:1

If it is unable to get a SSL session, it will return with the following:

[joeuser@host ~]$ openssl s_client -quiet -status -connect google.com:80
3078973148:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:s23_clnt.c:699:

On windows:

C:\OpenSSL-Win32\bin>
C:\OpenSSL-Win32\bin>openssl.exe s_client -quiet -status -connect www.google.com
:443
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
depth=1 C = ZA, O = Thawte Consulting (Pty) Ltd., CN = Thawte SGC CA
verify error:num=20:unable to get local issuer certificate
verify return:0

C:\OpenSSL-Win32\bin>openssl.exe s_client -quiet -status -connect www.google.com
:80
WARNING: can't open config file: /usr/local/ssl/openssl.cnf
Loading 'screen' into random state - done
2096:error:140770FC:SSL routines:SSL23_GET_SERVER_HELLO:unknown protocol:.\ssl\s
23_clnt.c:683:
Rilindo
  • 5,078
  • 5
  • 28
  • 46
  • I will explore that, this is a windows machine. – qballer Nov 01 '11 at 19:48
  • I suspect you are running windows. Fortunately, you can install openssl on windows as well: http://www.openssl.org/related/binaries.html – Rilindo Nov 01 '11 at 20:20
  • I did, your command didn't work. – qballer Nov 01 '11 at 21:12
  • I hate to say that it works for me, but it looks like it is. (see edit). I suggest that you play around with it a bit more. All that say, what you was to do with this exercise is to verify that you can establish a SSL connection (and not just make sure that the you the machine, which you can't anyway). If you able to make a SSL connection, that means that the machine is reachable and the application is up. Otherwise, the app is down or the machine is not reachable for some reason. – Rilindo Nov 01 '11 at 21:24
  • Wait, are you connecting to a windows machine from a windows machine or from a Linux machine to a windows machine. – Rilindo Nov 01 '11 at 21:45
  • All machines are windows based. Not sure about the proxy which stands between the LAN and the outside world, though it shouldn't matter at because these are packets of information sent in a well known protocol. No? (BTW, I really appreciate your help) – qballer Nov 02 '11 at 01:16
  • A proxy server? That's important to know - that meant that with just a simple port test or ssl connection, The proxy server will return a valid response, even though the site may be down. In that case, you will have to make sure that it is returning the correct content. That meant that you will need to watch for valid data with the application, presentation and/or session. Which meant you will need to monitor that the port is up, that you can establish a SSL connection AND getting valid response (e.g the correct certificate, a "hello world", etc"). – Rilindo Nov 02 '11 at 01:29
  • let us [continue this discussion in chat](http://chat.stackexchange.com/rooms/1709/discussion-between-qballer-and-rilindo) – qballer Nov 02 '11 at 14:20
3

You can use psping
http://technet.microsoft.com/en-us/sysinternals/jj729731.aspx

psping -q -i 0 -n 500  google.com:443
Alexufo
  • 46
  • 1
0

If you have lynx installed, it supports https::, you could probably cobble a script using this command function.

Lynx is basically a text only browser.

mdpc
  • 11,856
  • 28
  • 53
  • 67
0

It sounds like ICMP protocol is being blocked by your corporate firewall, which is very typical (to block smurf attacks). Why not just ask your IT staff to open up ICMP traffic to your server?

compcentral
  • 179
  • 2
  • 7
0

I may be incorrectly assuming, but I think your end goal is to test for connectivity, right? Both telnet & netcat work perfectly well for this. You would test by establishing a connection on the listening port and then disconnecting. Telnet is more suitable for a manual process or one which you need to interact with. It sounds like you need something that you can script so I would prefer netcat.

nc -z yourhostname port -or-
nc -z www.google.com 80

The expected output would be:
Connection to www.google.com 80 port [tcp/http] succeeded!

This would work just as well with 443/https or any other service you need to test. The return value for nc will indicate if it was successful or not so you can incorporate with into a script.

Windows supports telnet natively and you can download Windows builds of netcat or use Cygwin.

Aaron Copley
  • 12,525
  • 5
  • 47
  • 68
  • One machine is in the LAN. it goes through a proxy server which allows a specific port out due to security reason(the outgoing port that is, not the one opened in the original machine). The other machine is the DMZ. while it might be able to answer such connection it is still production and can't be overloaded with unwanted application. – qballer Nov 02 '11 at 01:14
  • If netcat overloads your system you have bigger problems. :) – Aaron Copley Nov 02 '11 at 22:41