Wednesday, September 23, 2009

Ping doesn't cut it for connectivity testing

A failed ping only means that the ping failed, doesn't tell you much about the connectivity.

On some twitter discussion today I was reminded of how often people use the ping command to test for connectivity, what a lot of people don't know, is that ping is just another service, and can be disabled or blocked, -as it has become more frequent these days-, rendering this method useless, on top of that, more often than not you need to test connectivity to a specific service; a much better approach is to use telnet. Using telnet you can actually test not only that there is connectivity, but that you can reach the desired port.

Some frequently used ports:

20, 21 Standard FTP
23 Telnet default
80 Standard web
115 SFTP
443 Standard secure web
139 NETBIOS (file and printer sharing in Windows)
143 IMAP
445 SMB (to connect to Windows from other OSs)

an example of testing if you can access the web on some ip:
telnet 80

when the connection succeeds, you usually just get a black screen, with the cursor staring at you, if the connection fails, you will get an error message

As a final note, in case the connection fails, you might want to use tracert -d [ip address] to get more details of why the connection fails

1 comment:

jr said...

I've always blocked icmp requests on my home firewall mainly for that very reason. Some people will simply think there is nothing there. But I usually will have other open services