Monitor TCP connection using half-open/embryonic connection

Question

I would like to monitor a TCP/IP endpoint using TCP half-open or embryonic connection as defined in RFC793. The purpose of such monitoring is to detect whether the TCP endpoint is available or not. Hal-open monitoring is important to reduce the footprint of such monitoring for the TCP endpoint. The TCP cinematic is SYN->SYN-ACK<-RST.

Is it possible to implement such monitoring in Java? Using Netty library?

Answer 1

It seems to be achievable but one needs to use another low-level implementation of the TCP for java.

This library might help: https://github.com/mlaccetti/rocksaw/blob/master/src/main/java/com/savarese/rocksaw/net/RawSocket.java

An example of low-level sending SYN command:

https://github.com/dangan249/RawSocket/blob/master/ccs/neu/edu/andang/RawSocketClient.java#L181-L182

private final byte SYN_FLAG = (byte) 2;
private final byte ACK_FLAG = (byte) 16;

    ...
// send the SYN packet
sendMessage(null, this.getCurrentSeqNum(), this.getCurrentACKNum(), SYN_FLAG);
    

which boils down to just writing a proper packet into the socket:

TCPHeader header = new TCPHeader( this.sourcePort, this.destPort, sequenceNum ,
                ackNum, flags , AD_WINDOW_SIZE ) ;

TCPPacket packet = new TCPPacket( header );

...
this.rSock.write( this.destAddress, packet.toByteArray() ) ;

By doing that one can implement a needed sequence of operations including the wanted SYN->SYNC-ACK<-RST

Answer 2

@Andremoniy answer was refined to build a simple C binary doing half-open/embryonic check. The C binary binary has required RAW SOCKET Linux capability. It is executed from Java code using Runtime.exec(). The advantage comparing to using rocksaw library is to avoid running the whole Java process with additional capabilities required for doing such check.