Net::Ping not working right

aweber1nj has asked for the wisdom of the Perl Monks concerning the following question:

It may not be that the ping is a problem, it is more likely my ISP. You see a GNU-License, Perl script that my firewall uses ("syswatch" by Point Clark Networks) checks if a WAN iface is "up", then attempts to use an icmp ping via the explicit iface to check if it still has internet connectivity.

This works fine thru FIOS, but Comcast seems to block or otherwise mangle the icmp pings (no matter what target host I try). I tried switching the ping object to use UDP, but that doesn't work at all, and the Net::Ping docs seem to indicate that those are the only protocols that can be explicitly directed to a specific iface -- which I need to do, in order to check that specific connection.

Does anyone have any other options I can try to validate a WAN link's internet connectivity? I thought of using a WWW-Head request over http, but that can't be directed through a specific interface -- maybe if we dynamically adjusted the OS's routes to push the request thru an interface, but that seems klunky at best.

Anyone have any ideas how I can get Perl to detect my WAN status more accurately when I have multiple WAN interfaces? Thanks! -AJ

Comment on Net::Ping not working right

Replies are listed 'Best First'.
Re: Net::Ping not working right by Bloodnok (Vicar) on Dec 09, 2008 at 15:12 UTC
Root permissions are required in order to successfully use the ICMP protocol, hence most firewalls will block all ICMP packets. I'd suggest the first step is, if at all possible, to establish just what protocols are allowed thro' your firewall(s) ... it may be that e.g. telnet _is_ allowed, in which case, you could use Net::Telnet in order to detect a login string. You don't say which OS you're using, but in my (admittedly limited) experience, on a multiple interface system, the interface is selected by virtue of the address, hence (starts to cringe) you might be able to utilise modifications to the packet routing on your m/c in order to 'select' a WAN interface. BTW, it frequently helps readability to use <p> tags to split your posting... A user level that continues to overstate my experience :-))	[reply]
Re^2: Net::Ping not working right by aweber1nj (Initiate) on Dec 09, 2008 at 15:23 UTC
The firewall is linux-based, the script runs as root, and since the script is actually ON the firewall, the icmp is allowed to the WAN. Especially given that the other WAN interface has no problem with the ICMP packets. The problem is with the ISP allowing the traffic, not my local LAN/Firewall. I don't think a telnet session can be directed to a specific interface, similar to what I was thinking with the HTTP-HEAD request.	[reply]
Re^3: Net::Ping not working right by Bloodnok (Vicar) on Dec 09, 2008 at 15:44 UTC
As you so rightly say, the telnet connection can't, of itself, be 'directed', but temporarily modifying the routing tables c/w specifying the ip address of a known target host (assuming that each iface is connected to a separate network), should, IMHO, be capable of emulating the capability you seek... A user level that continues to overstate my experience :-))	[reply]
Re: Net::Ping not working right by inoci (Scribe) on Dec 09, 2008 at 15:30 UTC
well, instead of a solution all i can offer is advice on a place to look for one. while browsing through the Net::Ping source, i noticed that it uses setsockopt() to bind to a specific interface, so maybe you could build up your own stack based on that to act as a foundation for a telnet session that you can then use to connect to, say, port 80 on google.com to see if you're up and working on a given interface. this would also have the added advantage of not having to run as root. not for lack of trying, but my eyes start to bleed when i start dealing with sockets and their crazier options, i'm just way to lazy.	[reply]
Re^2: Net::Ping not working right by aweber1nj (Initiate) on Dec 09, 2008 at 16:55 UTC
Oh, I know what you mean about socket-coding. I've dealt with them in both C and Java, and it's not pretty. A good idea. Was hoping to NOT have to get into that level myself! Thanks, AJ	[reply]
Re: Net::Ping not working right by inoci (Scribe) on Dec 09, 2008 at 19:16 UTC
duh, i just realized that you could also look at netcat to do this. (see also).	[reply]
Re: Net::Ping not working right by svenXY (Deacon) on Dec 09, 2008 at 15:08 UTC
Hi, I might take a closer look at this node if you add some paragraphs and newlines to your posting. Otherwiese it's just too unreadable for me, sorry. Regards, svenXY	[reply]