Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Statically Compiled NPing for Linux Automation

Created: 17 Oct 2012 • Updated: 17 Oct 2012
ianatkin's picture
+1 1 Vote
Login to vote

Sometimes when looking at client connectivity issues, we need something a little more tunable than Ping's response times using Internet Control Message Prococol (ICMP) packets. Some troubleshooting scenarios for example require us to look at responses from specific TCP ports.

To enhance our Linux automation environments we use NMap's Ping, or NPing for short. It is fantastic for tcp port checks and is valuable network troubleshooting tool.

Contained in this download is the  v5.51.6  compilation of NPing for the Altiris Linux Automation. For those who are more familiar with NPing, I have to say that I have tried compiling the v6 versions (current release is v6.01) but this branch has defied me -I cannot force a working static compilation. 

The most common usage in my troubleshooting world I use for NPing is to initiate a TCP handshake on a number of specific ports. For example to see if a webserver is up on a machine with IP 192.168.157.100 I'd run,

>nping --tcp -p 80 --flags SYN 192.168.157.100

Starting NPing 0.5.51.6 (http://nmap.org/nping) at 2012-10-9 06:11 GMTDT
SENT (0.0034s) TCP 192.168.157.10:43543 > 192.168.157.100:80 S ttl=64 id=24935 iplen=40 seq=318200897 win=1480
RCVD (0.0039s) TCP 192.168.157.100:80 > 192.168.157.100:43543 SA ttl=64 id=24935 iplen=40 seq=318200897 win=1480
SENT (1.0061s) TCP 192.168.157.10:43543 > 192.168.157.100:80 S ttl=64 id=24935 iplen=40 seq=318200897 win=1480
RCVD (1.0065s) TCP 192.168.157.100:80 > 192.168.157.100:43543 SA ttl=64 id=24935 iplen=40 seq=318200897 win=1480
SENT (2.0065s) TCP 192.168.157.10:43543 > 192.168.157.100:80 S ttl=64 id=24935 iplen=40 seq=318200897 win=1480
RCVD (2.0072s) TCP 192.168.157.100:80 > 192.168.157.100:43543 SA ttl=64 id=24935 iplen=40 seq=318200897 win=1480
SENT (3.0066s) TCP 192.168.157.10:43543 > 192.168.157.100:80 S ttl=64 id=24935 iplen=40 seq=318200897 win=1480
RCVD (3.0081s) TCP 192.168.157.100:80 > 192.168.157.100:43543 SA ttl=64 id=24935 iplen=40 seq=318200897 win=1480
SENT (4.0093s) TCP 192.168.157.10:43543 > 192.168.157.100:80 S ttl=64 id=24935 iplen=40 seq=318200897 win=1480
RCVD (4.0100s) TCP 192.168.157.100:80 > 192.168.157.100:43543 SA ttl=64 id=24935 iplen=40 seq=318200897 win=1480


Max rrt: 0.623ms | Min rrt: 0.040ms | Avg rrt: 0.269ms
Raw packets sent: 5 (200B) | Rcvd: 5 (230B) | Lost 0 (0.00%)
Tx time: 4.00613s | Tx bytes/s: 49.92 | Tx pkts/s: 1.25
Rx time: 5.00594s | Rx bytes/s: 45.95 | Rx pkts/s: 1.0
NPing done: 1 IP address pinged in 5.01 seconds
 

The above output shows that the port 80 is up on the remote machine and responding to these tcp handshake initiations; all 5 packets sent have had a rapid response from the remote web service. Note the machine IP I am running the test from is 192.168.157.10

For a secure web server test I'd run the same command but change the tcp port to 443 as follows,

>nping --tcp -p 443 --flags SYN 192.168.157.100

Starting NPing 0.5.51.6 (http://nmap.org/nping) at 2012-10-9 06:18 GMTDT
SENT (0.0016s) TCP 192.168.157.10:9680 > 192.168.157.100:443 S ttl=64 id=26883 iplen=40 seq=2002226547 win=1480
SENT (1.0022s) TCP 192.168.157.10:9680 > 192.168.157.100:443 S ttl=64 id=26883 iplen=40 seq=2002226547 win=1480
SENT (2.0030s) TCP 192.168.157.10:9680 > 192.168.157.100:443 S ttl=64 id=26883 iplen=40 seq=2002226547 win=1480
SENT (3.0061s) TCP 192.168.157.10:9680 > 192.168.157.100:443 S ttl=64 id=26883 iplen=40 seq=2002226547 win=1480
SENT (4.0093s) TCP 192.168.157.10:9680 > 192.168.157.100:443 S ttl=64 id=26883 iplen=40 seq=2002226547 win=1480

Max rrt: N/A | Min rrt: N/A | Avg rrt: N/A
Raw packets sent: 5 (200B) | Rcvd: 0 (0B) | Lost 5 (100.00%)
Tx time: 4.00906s | Tx bytes/s: 49.89 | Tx pkts/s: 1.25
Rx time: 5.00851s | Rx bytes/s: 0.00 | Rx pkts/s: 0.0
NPing done: 1 IP address pinged in 5.01 seconds

Here we see a situation where we've got no packets coming back from our handshake requests on tcp 443. From this we can conclude that there is either no service running on this port, or a firewall is blocking this traffic at some point between client and server.

NPing has a lot more functionality that just this built in too, but for quick troubleshooting you'll rarely need to go beyond the usage examples I've shown here. I recommend the keen read up more from the NMap website!

Kind Regards,
Ian./