C# - Ping server with ICMP disabled - c#

I am trying to ping a series of servers frequently using the PingReply class. Most of the time this is fine, but other times I get failed pings. I'm guessing this has something to do with ICMP being disabled on the remote server(s). Is there any way to get a ping to from a server even if ICMP is disabled?

If the remote server won't respond to an ICMP ECHO request, it won't work with the Ping command. Odds are there is some difference between the packet you're sending and the one Ping is sending. You can use something like Network Monitor or Wireshark to see the packets and compare them.
Odds are you're sending a packet with a lower TTL (or maybe too big of a buffer). I would try increasing PingOptions.Ttl first.

The ping command also uses ICMP. If you know of a port that will reliably be open on that machine, you can always establish a telnet connection.

Related

Check that VPN ports are open

Is there any way to check that UDP ports 500 and 4500 of a VPN server are responding ? The goal is to check if a firewall or something is blocking these ports.
Thanks in advance
So, UDP doesn't do acks or connections like tcp does; so the only way to be sure the port is responding is to actually send some data and get a response (there is no requirement that it does respond though).
Since these are specific ports, I assume that there is a specific application/protocol you are looking at. For that you basically need to open the port and either send it some garbage data or some form of identification payload (depending on the protocol).
This previous question outlines what you need to do to handle that.
It seems that I should use ISAKMP protocol to talk to the servers.
There seems to be no way to test that the ports are available without using the protocol used by the server.
You may try to use some opensource VPN clients like strongswan and try connect through VPN. Use either IKEv1 or IKEv2 connection, it will try to hit 500/4500 ports for connection. If the response from the server is received then ports are open.

UDP Hole Punching - Destination unreachable

I'm trying to make p2p connection using UDP hole punching method, but I always get ICMP packet with Destination unreachable status.
At first, there is created an UDP connection to server:
send = new IPEndPoint(IPAddress.Any, 0);
server = new UdpClient(send);
server.AllowNatTraversal(true);
without any direct connection (no ip, no port, just endpoint on random port).
I send some packets to server with direct server.send([..],[..],serverip,serverport) on server's ip and port and obtain information (remote IP, port used to connect to server) about another peer
Now I'm trying to make hole punch with sending simple UDP packets on peer's IP:PORT using server connection (but again with direct server.send([..], [..], peerip, peerport)). I know that the first packet is always dropped, so I'm sending it 50 in 100ms intervals, while remote peer does same thing.
If I understand UDP hole punching method, sending packet from first peer (A) opens NAT record in A's NAT and it is dropped by B's NAT because of no record in NAT. So when B send packet to A, there is record in A's NAT created with first packet (for B) and packet should be received by B. The NAT record in B's NAT is created. A should send another packet to B successfully.
P.S.: http://nattest.net.in.tum.de/test.php test was successful
http://nattest.net.in.tum.de/individualResult.php?hash=a5f229d156d4f5409a305c37729d9510
http://nattest.net.in.tum.de/individualResult.php?hash=3fd60e888721908a9480cd12836b97af - using VPN on second VM
P.P.S.: I'm using virtualized Windows in Virtual Box.
You should get a network capture trace from both endpoints and study the results. Pay close attention to port numbers on all sides, as the port number may be getting re-mapped as well as the IP address.
It is difficult to infer what are you asking. If you are getting an ICMP error, it's possible that the NAT or endpoint wasn't ready to receive your UDP packet. Repeating the hole punching test a few more times might clear this issue up.
I suspect the port number you think the remote peer is listening on is getting mapped differently from what you think it is. Such will be the case if you are on a symmetric NAT, which is very possible with VPN on VM.

Do TCP sockets automatically close after some time if no data is sent?

I have a client server situation where the client opens a TCP socket to the server, and sometimes long periods of time will pass with no data being sent between them. I have encountered an issue where the server tries to send data to the client, and it seems to be successful, but the client never receives it, and after a few minutes, it looks like the client then gets disconnected.
Do I need to send some kind of keep alive packet every once in a while?
Edit: To note, this is with peers on the same computer. The computer is behind a NAT, that forwards a range of ports used to this computer. The client that connects with the server opens the connection via DNS. i.e. it uses the mydomain.net & port to connect.
On Windows, sockets with no data sent are a big source for trouble in many applications and must be handled correctly.
The problem is, that SO_KEEPALIVE's period can be set system-wide (otherwise, a default is useless two hours) or with the later winsock API.
Therefore, many applications do send some occasional byte of data every now and then (to be disregarded by the peer) only to make the network layer declare disconnection after ACK is not received (after all due retransmissions done by the layer and ack timeout).
Answering your question: no, the sockets do not disconnect automatically.
Yet, you must be careful with the above issue. What complicates it further is that testing this behavior is very hard. For example, if you set everything correctly and you expect to detect disconnection properly, you cannot test it by disconnecting the physical layer. This is because the NIC will sense the carrier loss and the socket layer will signal to close all application sockets that relied on it. A good way to test it is connect two computers with 3 legs and two switches in between, disconnecting the middle leg, thus preventing carrier loss but still physically disconnecting the machines.
There is a timeout built in to TCP but you can adjust it, See SendTimeout and ReciveTimeout of the Socket class, but I have a suspiciouion that is not your problem. A NAT router may also have a expiration time for TCP connections before it removes it from it's port forwarding table. If no traffic passes within the time of that timeout on the router it will block all incoming traffic (as it cleared the forwarding information from it's memory so it does not know what computer to send the traffic to), also the outgoing connection will likely have a different source port so the server may not recognize it as the same connection.
It's more secure to use Keep-alive option (SO_KEEPALIVE under linux), to prevent disconnect due to inactivity, but this may generate some extra packets.
This sample code do it under linux:
int val = 1;
....
// After creating the socket
if (setsockopt(s, SOL_SOCKET, SO_KEEPALIVE, (char *)&val, sizeof(val)))
fprintf(stderr, "setsockopt failure : %d", errno);
Regards.
TCP sockets don't automatically close at all. However TCP connections do. But if this is happening between peers in the same computer the connection should never be dropped as long as both peers exist and have their sockets open.

How to control if a computer is open or not from LAN except ICMP (Ping)?

I'm developing a wake up on LAN project but that I want to control if computer is open or not on my local area network. But I don't want to use ICMP or WMI (there are DCs on my network). So is there any other options for this problem like Socket Connection, check specific ports are using or not like this?
What's wrong with ICMP?
Anyway, you try accessing a port and measuring how long it takes for the connection to fail. If it fails quickly (You'll have to measure what 'quickly' is on your system), the computer is probably up and refusing connections. If it fails after a long time (again, measure to find out what 'long' is), the computer is probably down.
I doubt you'll be able to achieve 100% accuracy this way.
As you probably know, "Wake on LAN" is just a UDP broadcast on port 60000, with the packet containing the MAC address of the host you wish to activate:
UDP 255.255.255.0:60000
Soooooo ....
What good is "ping" (or anything else?) going to do if the host is "off"?
All you're really interested in is:
1) Can the host(s) in question receive your UDP broadcasts?
2) Is there anything between you and the host(s) blocking the port?

How broadcast ping works?

Hi
Can someone tell me why when I send broadcast ICMP Request, only router send me ICMP Reply?
Even if I modify MAC destination of this ICMP Request (original is FF:FF:FF:FF:FF:FF) to MAC specific host (IP still broadcast that local network ...it still don't send me Reply.
Why?
From RFC1122: "An ICMP Echo Request destined to an IP broadcast or IP multicast address MAY be silently discarded"
MS Windows usually discard broadcast ping. Check that your computers are really running MS Windows.

Categories