pileofrogs has asked for the wisdom of the Perl Monks concerning the following question:

I'm making a system that scans my servers and reports all sorts of lovely details about their health.

I've got a simple function that can test if a TCP port is open or not to help me determine if my web server or SSH server is running. I'd like something similar for my UDP based services (NTP, DHCP, DNS resolver etc...).

I looked in the Perl Cookbook, and they have a recipe for a simple UDP client. Apparently, you need to send a datagram to the server and hope it sends you one back.

Is there a generic initial UDP datagram that will illicit a response that I can test for? I'm worried that differences in DNS,DHCP,NTP and whatever else will make it so there is no generic initial connection and no reliably uniform response.

A better question might be, what's the best way to test if a server is listening for UDP packets on a given port?

-Thanks!
-pileofrogs

Replies are listed 'Best First'.
Re: UDP port scan?
by Fletch (Bishop) on Jan 18, 2006 at 01:00 UTC

    Since you are reinventing the wheel, it might be worth looking at what other such monitoring platforms (nagios, Big Brother) do. I'd bet they've got a suitable client implementation of the protocol and if the server doesn't respond within whatever timeframe is configured it flags the server as being down / unreachable / kidnaped by rabid spider monkeys.

[reply]
      1. I've never been satisfied with existing monitoring suites. Not because they're bad, but because I always want to tweak them so much that I'm basically re-writing them.
      2. I don't want a protocol specific scanner. I want something generic.
      3. I want something that isn't part of Net::DHCP or Net::NTP or whatever I'm going to use to test the real functionality of the server. I'm intentionally creating redundancy.
      4. If you're recommending that I read the source of the existing scanners, good idea!
[reply]
Re: UDP port scan?
by tirwhan (Abbot) on Jan 18, 2006 at 07:13 UTC

    You're right, UDP scanning is inherently unreliable. You could do what nmap does and send a simple empty UDP packet to every port. The host will respond with an ICMP type 3 (Destination unreachable) packet if the port is closed. If it doesn't send back an ICMP message, the port is either open or behind a firewall which dropped your UDP packet (in the latter case you can forget about scanning for open ports with this method).

    Actually, I'd suggest you look at using nmap for this task (maybe with one of the Nmap modules from CPAN), it has lots of inbuilt probes for specific services which can be used to more reliably detect whether a port is open, and the service version behind it. If you don't you should at least read the manpage, it also explains about ICMP response rate limiting in many operating systems.


    There are ten types of people: those that understand binary and those that don't.
[reply]
[d/l]
Re: UDP port scan?
by zombie_fred (Scribe) on Jan 18, 2006 at 07:07 UTC
    I don't think you can get a 'generic initial UDP datagram that will illicit a response'. Whether an application responds to a UDP packet is a function of each specific protocol. The 'are you still alive' protocol the we implemented for our server farm is a datagram to the monitoring port on a Heart-Beat machine. The server sends a packet every 60 seconds, and does not expect any response from the other side. (After all, this is UDP, if it didn't get there, oh well....)

    --
    zf

[reply]

Back to Seekers of Perl Wisdom