Question:I often use the ping command and tracert command to check the status of hosts on the network to see if they are running normally. However, recently, the company's network management has set a policy on routers and servers to completely disable icmp. As we all know, the ping and tracert commands use the icmp protocol. In this case, I cannot use the preceding two commands to check the host status on the network. Is there any other tool that can help me solve this problem, or change the protocol used by ping and tracert commands from icmp to tcp or udp. Waiting for answers from it168 experts.
Answer:Traditionally, ping and tracert commands use ICMP to detect active hosts and routing commands in the network. Therefore, when the server is installed with a firewall or the ICMP protocol is disabled on the vro, we cannot receive a satisfactory reply by using the ping and tracert commands on the computer. This is also a thorny problem that the above netizen encountered. In this case, how do we check whether the server is online or whether a host on the network is running normally?
In fact, we have many ways to solve the problems encountered by the above netizens. The simplest thing is to use tracert detection on the vswitch rather than on the computer. Because the traceroute command on a vswitch, especially on a CISCO device, uses the UDP protocol, the route information can still be queried through the UPD protocol even if the ICMP protocol is disabled.
In addition, in unix or linux systems, we can use the tracert command to detect the host status in the network, which is the same as the protocol used in cisco, in linux and UNIX, tracert runs through udp.
Of course, most of us do not have the permission to manage vro switches or install linux or unix operating systems. So how can we solve the problem that the ICMP protocol is disabled and use tracert to inquire about the host route and the current status? Here we recommend a small tool named tracetcp. In fact, it is a tracert tool, but it uses TCP instead of ICMP. Therefore, even if the ICMP protocol is disabled, we can use the tracetcp tool to complete the tracert command.
I. preparations:
Although tracetcp is a green tool, we do not need to install it. In addition, the total capacity is only several hundred KB. However, this tool requires support from winpcap because it uses functions similar to sniffer. If winpcap is not installed, the system prompts that the packet. dll and wincap. dll files are lost when tracetcp is run.
WinPcap archive:
Software Version: V3.1
Software language: English
Software type: Free Software
Software size: 456 KB
Applicable platforms: win2000, xp, and 2003
: Http://count.skycn.com/softdownload.php? Id = 11534 & url = http://jsyz.driversky.com/down/WinPcap_3_1.exe
Step 1: Download the winpcap program and double-click it to install it.
Step 2: Agree to the winpcap installation license agreement.
Step 3: copy the required files to the local hard disk.
Step 4: complete the installation. winpcap has been in our operating system and click finish to complete the installation.
2. Use tracetcp to detect network hosts:
We need to execute tracetcp in command line mode to detect the network host. Decompress the downloaded tracetcp package to a directory. Then go to "start"> "run" in the taskbar, Enter CMD, press enter to enter the command line mode, and then enter the extracted directory. Run tracetcp ip to start the test. For example, I tried tracert 10.82.0.30. Tracetcp 10.82.0.30 should be executed so that we can get the feedback from the host, even if the firewall is installed on the host to prohibit ICMP protocol transmission or the access control list is configured on the routing switch device, we can detect the true status of the host even if the ICMP protocol is filtered. If you do not use the tracetcp tool to directly access 10.82.0.30 through the ping or tracert command, you will receive the request timed out or destination net unreachable information. On the surface, the host is inaccessible, it is actually caused by ICMP detection packet filtering. We use tracetcp and directly use the system's own ping. tracert traces the same IP address and returns different results, it turns out that, even if the ICMP protocol is disabled, the tracetcp tool can use the TCP protocol to perform the test.
The IP address mentioned above is a server in the same CIDR block as the computer used by the author. However, a firewall is installed on the server to filter ICMP packets. We also test the IP address 10.82.114.1, after the computer is on the vro, the ACL is set on the vro。 to prohibit ICMP packet passing. So what effect will we get when we use the tracetcp command? In command line mode, enter tracetcp 10.82.114.1 to obtain the computer name of the IP address-win2000s and the route entry required to reach the IP address. Two hops are required to reach the host. In the same case, the ping command that comes with the system will always receive the request timed out prompt, while tracert 10.82.114.1 can be used for two hops, but it will no longer be detected after two hops, still receive feedback from request timed out.
TIPS:
After tests, I found that if some software firewalls are installed on the Local Computer, tracetcp will not work well, such as Zone Alarm, Kerio, and SyGate. So we need to disable these firewall or proxy tools when there is a problem. Fortunately, the tracetcp does not conflict with the firewall provided by the XP system, so we can use it normally.
3. More additional features:
In fact, tracetcp has many parameters. We can implement more functions through different parameters and different combinations of parameters. In command line mode, enter tracetcp -? Press enter to view the help information. All parameters are listed.
TIPS:
In fact, tracetcp is a small scanner. We can use it to scan the corresponding port of a computer. Use the tracetcp ip: port command directly.
Iv. Summary:
No matter which method we adopt, we only need to change the default protocol used by the tracert and ping commands, so that the remote host cannot be detected because the ICMP protocol is filtered. This tool is suitable for detecting the running status of the host when the network or server that disables ICMP packet transmission is installed with a firewall. In general, tracetcp is a good helper for network administrators to detect networks.