[Nottingham] Solaris 9 Ping Question

Moses O'Hara cczmoses at unix.ccc.nottingham.ac.uk
Wed May 4 13:12:18 BST 2005 

Nice bit of lateral thinking but no cigar I'm affaraid. 

My cunning plan works on the basis that the TCP/IP in Win98, WinNT and Linux by default each set a diffrent value for the TTL in the packet header (Win98 sets 64, WinNT set 128, Linux stuff 255 usually). 

All I need to do is find out for weather the machines up or not, if it is up what OS it's running. The old system monitor used 138 & 139 but these ports has been block for obvious reasons now. 

I have made enquiries into changing the ICMP blocking rules in the ACL's but there's about 50 of 'em and the guy's got slightly more pressing matters at the moment. 



>>> Michael Quaintance<penfoldq at penfoldq.co.uk> 04/05/2005 12:00:44 >>>

This thread has intrigued me enough to do a little digging of my own and I
think I _might_ be able to offer a little help on this.

Here at work we have Windows, Solaris 8 & 9, HPUX and Linux boxes sharing
the same LAN and I can log on to any of them as a luser but I have no root
priviledges whatsoever. No installing software for me!

I have managed to follow what you have described so far using my own
Solaris 8 box (could log in to a Solaris 9 if I really wanted to but the
result has been the same for Sol8 so I'm not too bothered yet). Whilst
Solaris is not quite as nice as an up-to-date Linux, I think there is a
relatively painless way to do what you want.

>From your Solaris box, work out how many TTL decrements you expect for
each given route and instead of explaining them away, predict them. If you
expect  2 for a given route, try it.

ping -s -t 1 test_host

ping -s -t 2 test_host

If you are still getting "ICMP Time exceeded in transit..." errors, keep
upping the TTL until you get through.

The results of these should tell you exactly how many routers you go
through on the way to your test_host. It's more long-winded than your
initial attempt but it works for me.

Hope this helps.

-Penfold.


Moses O'Hara said:
> Sorry, quite right about the TTL decrements. Any hoot
>
> I tried making ip_utils, but it shouted at me with the following.
>
> make: Fatal error in reader: Makefile, line 12: Unexpected end of line
> seen
>
> tried make html as per the docs and got the same thing.
>
> Check the makefile and the endpoint for the $LIBC_INCLUDE reference didn't
> seem to exist on the filesystem. Tried changing the initial $LIBC_INCLUDE
> declaration at the beginning of the makefile to /usr/include/sys but it
> had no affect.  (Code ain't my greatest strength).
>
> I've done a but of Kfind-ing around the machine and can't find the headers
> it's looking for in the makefile hence looking for a resolution with the
> existing solaris ping command.
>
> Any ideas anyone?
>
>>>> Graeme Fowler<graeme at graemef.net> 04/05/2005 10:13:22 >>>
> On Wed 04 May 2005 08:24:38 BST , Moses O'Hara
> <cczmoses at unix.ccc.nottingham.ac.uk> wrote:
>> ####I'm pritty sure it's the TTL, eberything reports it as the TTL
>> value as in
> <snip>
>
> I'm guessing here that these two examples come from a Linux or Windows
> box, yes?
>
> <snip>
>> #### If I use the -s option I get the following
> <snip again>
>
> Looks faintly familiar... long time since I used Solaris in anger though.
>
>> My thinking behind it works on the principle that Windows 98/ Win NT
>> and Linux all set the TTL values on the Echo's to diffrent values.
>> The routes are static so I  can account for any decrements made my
>> switching equipment to the TTL. There's currently an ICMP blocking
>> policy in force in the switch ACL's with the exception of this one
>> Solaris box which can send and recived ICMP packets across all
>> subnets.
>
> IP TTLs are *not* decremented by switching. If your source and target
> devices have 1, 2, 3, 4 or 25 switches (unlikely, but possible!)
> between them then they simply won't care - your source and target
> communicate at Layer 3 (of the much-taught OSI model) or above; the
> switches are down in Layer 2.
> If you have *routers* between source and target, each one decrements
> the TTL by 1 (normally...) as each packet traverses it.
>
> Ideas... How about you install GNU Ping instead?
>
> Graeme
>
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk 
> http://mailman.lug.org.uk/mailman/listinfo/nottingham 
>
> This message has been checked for viruses but the contents of an
> attachment
> may still contain software viruses, which could damage your computer
> system:
> you are advised to perform your own checks. Email communications with the
> University of Nottingham may be monitored as permitted by UK legislation.
>
>
> _______________________________________________
> Nottingham mailing list
> Nottingham at mailman.lug.org.uk 
> http://mailman.lug.org.uk/mailman/listinfo/nottingham 
>


_______________________________________________
Nottingham mailing list
Nottingham at mailman.lug.org.uk 
http://mailman.lug.org.uk/mailman/listinfo/nottingham

This message has been checked for viruses but the contents of an attachment
may still contain software viruses, which could damage your computer system:
you are advised to perform your own checks. Email communications with the
University of Nottingham may be monitored as permitted by UK legislation.

More information about the Nottingham mailing list