Introducing Ping Watcher

By stretch | Thursday, October 13, 2011 at 11:11 p.m. UTC

Every now and then I find myself troubleshooting an issue at a remote customer site where hosts have limited connectivity to the rest of the world. For example, sometimes they can reach other private networks over a VPN, but apparently can't reach anything on the public Internet. In this scenario, the game is to deduce whether traffic is being dropped inbound or outbound. Unfortunately, there's no easy way to verify whether traffic is being dropped outbound beyond a device under your control.

So, last week I put together a simple tool to watch for ICMP echo requests (pings) sent to this site and publish a live stream of incoming traffic. This tool is Ping Watcher. (Get it? It watches pings.)

Ping Watcher employs Ajax and a simple back-end tied to a tshark process running on the public interface of this server. Send a ping, tshark catches it and writes it to round-robin memory structure (achieved using redis, and it will appear in Ping Watcher within a few seconds. Now you can confirm that traffic is at least getting from point A to the Internet, if not from the Internet to point B.

Hopefully this proves helpful to people. Let me know of any potential bugs or improvements you'd like to see.

And thanks to tbic and caaakeeey in #django on Freenode for some much-appreciate programming pointers!

About the Author

Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.

Posted in Announcements

Comments


jeff6strings
October 14, 2011 at 12:14 a.m. UTC

Stretch, glad to see you back and there is not enough thanks to give.

Jeff


Steve (guest)
October 14, 2011 at 3:36 p.m. UTC

Welcome back, even if it ends up being sparse.


Ed (guest)
October 14, 2011 at 4:38 p.m. UTC

It seems when sending pings with a length greater than 1480 bytes, the "Identifier" and "Sequence" fields don't get populated. (Fragmentation)?


l00pback0
October 14, 2011 at 8:37 p.m. UTC

very cool. thanks stretch!


chucho21
October 15, 2011 at 2:27 a.m. UTC

thanks I've already made a ping and it works!!!.


vlkv (guest)
October 15, 2011 at 8:51 a.m. UTC

Hi Jeremy !

Yet another cool feature from you to the community, many thanks !

Found a little typo though : "...to the rest of the word" should be

like "... to the rest of the WORLD" , or am i wrong ?

Best regards ! Vincent Vlk


Pedro_Avila
October 15, 2011 at 11:07 p.m. UTC

Strech

Welcome back, and thanks for the information!!!


Roman (guest)
October 17, 2011 at 5:31 a.m. UTC

Nice tool!
When can we see ipv6 version of it? :)
I thing it will be very popular soon :)


Marv
October 21, 2011 at 12:52 a.m. UTC

@Roman - IPv6 version. Good thought.

@stretch - It appears packetlife.net is not IPv6-enabled. Is your hosting provider rackspace supports it. Are they charging a premium for it?


Ryan F (guest)
December 7, 2011 at 1:04 a.m. UTC

Seriously love it...makes those exciting asymmetric routing problems much easier to troubleshoot.


MBlip (guest)
December 21, 2011 at 9:02 a.m. UTC

Hi,

I was using vCider for my connectivity with cloud, can I use ping watcher with it?

Regards,
MBlip.


Paul Stewart (guest)
December 27, 2011 at 12:55 a.m. UTC

That is actually quite cool.


jo (guest)
December 28, 2011 at 10:13 a.m. UTC

very good thanks stretch


Stephen (guest)
February 14, 2012 at 6:30 a.m. UTC

Can you explain how I can get this to run on one of my servers?


nickouk (guest)
February 23, 2012 at 6:54 p.m. UTC

Stretch

This tool is so useful, as is your site. Many thanks for your efforts! For the record, my football nickname is stretch (long legs) ;)

Happy networking.

Comments have closed for this article due to its age.