Introducing Ping Watcher
By stretch | Thursday, October 13, 2011 at 11:11 p.m. UTC
Every now and then I find myself troubleshooting an issue at a remote customer site where hosts have limited connectivity to the rest of the world. For example, sometimes they can reach other private networks over a VPN, but apparently can't reach anything on the public Internet. In this scenario, the game is to deduce whether traffic is being dropped inbound or outbound. Unfortunately, there's no easy way to verify whether traffic is being dropped outbound beyond a device under your control.
So, last week I put together a simple tool to watch for ICMP echo requests (pings) sent to this site and publish a live stream of incoming traffic. This tool is Ping Watcher. (Get it? It watches pings.)
Ping Watcher employs Ajax and a simple back-end tied to a tshark process running on the public interface of this server. Send a ping, tshark catches it and writes it to round-robin memory structure (achieved using redis, and it will appear in Ping Watcher within a few seconds. Now you can confirm that traffic is at least getting from point A to the Internet, if not from the Internet to point B.
Hopefully this proves helpful to people. Let me know of any potential bugs or improvements you'd like to see.
And thanks to tbic and caaakeeey in #django on Freenode for some much-appreciate programming pointers!
About the Author
Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.
Posted in Announcements
October 14, 2011 at 12:14 a.m. UTC
Stretch, glad to see you back and there is not enough thanks to give.
October 14, 2011 at 3:36 p.m. UTC
Welcome back, even if it ends up being sparse.
October 14, 2011 at 4:38 p.m. UTC
It seems when sending pings with a length greater than 1480 bytes, the "Identifier" and "Sequence" fields don't get populated. (Fragmentation)?
October 14, 2011 at 8:37 p.m. UTC
very cool. thanks stretch!
October 15, 2011 at 2:27 a.m. UTC
thanks I've already made a ping and it works!!!.
October 15, 2011 at 8:51 a.m. UTC
Hi Jeremy !
Yet another cool feature from you to the community, many thanks !
Found a little typo though : "...to the rest of the word" should be
like "... to the rest of the WORLD" , or am i wrong ?
Best regards ! Vincent Vlk
October 15, 2011 at 11:07 p.m. UTC
Welcome back, and thanks for the information!!!
October 17, 2011 at 5:31 a.m. UTC
When can we see ipv6 version of it? :)
I thing it will be very popular soon :)
October 21, 2011 at 12:52 a.m. UTC
@Roman - IPv6 version. Good thought.
@stretch - It appears packetlife.net is not IPv6-enabled. Is your hosting provider rackspace supports it. Are they charging a premium for it?
December 7, 2011 at 1:04 a.m. UTC
Seriously love it...makes those exciting asymmetric routing problems much easier to troubleshoot.
December 21, 2011 at 9:02 a.m. UTC
I was using vCider for my connectivity with cloud, can I use ping watcher with it?
December 27, 2011 at 12:55 a.m. UTC
That is actually quite cool.
December 28, 2011 at 10:13 a.m. UTC
very good thanks stretch
February 14, 2012 at 6:30 a.m. UTC
Can you explain how I can get this to run on one of my servers?
February 23, 2012 at 6:54 p.m. UTC
This tool is so useful, as is your site. Many thanks for your efforts! For the record, my football nickname is stretch (long legs) ;)