nanog mailing list archives
Re: operational: icmp echo out of control?
From: Richard A Steenbergen <ras () e-gerbil net>
Date: Tue, 28 May 2002 14:43:25 -0400
On Tue, May 28, 2002 at 01:05:19PM -0400, Chris Woodfield wrote:
The problem here is that other types of probes raise IDS alarms on way too many networks - the next-best method is to probe HTTP ports, but we don't want to have to pull down thousands of web pages just to get performance stats. So, they send a SYN, wait for the ACK, record the latency and send a FIN. Sounds benign, but you'd be surprised how klaxons go off in response to this.
So what, someone sneezes on an ethernet cable and IDS alarms go off. :) Theoretically, ICMP Echo should be less intrusive for performance measuring since it is clearly only for this purpose, whereas doing an actual TCP handshake could easily be mistaken for a port scan. But for so many network admins, all they know is "ICMP bad". Besides, if you thought ICMP was inaccurate, a TCP handshake is far worse. First, you have no way of knowing if the TCP replies are the originals, or if they have been retransmitted, so any single sample is pretty useless for measuring reply time. Second, for most cases with TCP opens, you are measuring the interaction time of the application process, not response time from the kernel. Depending on how the application is written, and what event model it uses, it is very likely to be doing other things before and after it gets notified that there is a new connection, then does the accept(). Internet path measurement isn't simple, you're probably best off trying to get as much data as possible passively. :) -- Richard A Steenbergen <ras () e-gerbil net> http://www.e-gerbil.net/ras PGP Key ID: 0x138EA177 (67 29 D7 BC E8 18 3E DA B2 46 B3 D8 14 36 FE B6)
Current thread:
- operational: icmp echo out of control? Mark Kent (May 23)
- Re: operational: icmp echo out of control? Clayton Fiske (May 23)
- Re: operational: icmp echo out of control? Bryan Bradsby (May 23)
- Re: operational: icmp echo out of control? Richard A Steenbergen (May 23)
- Re: operational: icmp echo out of control? E.B. Dreger (May 23)
- Re: operational: icmp echo out of control? Mark Kent (May 23)
- Re: operational: icmp echo out of control? Scott Granados (May 23)
- Re: operational: icmp echo out of control? Randy Bush (May 23)
- Re: operational: icmp echo out of control? Chris Woodfield (May 28)
- Re: operational: icmp echo out of control? Kevin Loch (May 28)
- Re: operational: icmp echo out of control? Richard A Steenbergen (May 28)
- Re: operational: icmp echo out of control? E.B. Dreger (May 28)
- Re: operational: icmp echo out of control? Jeff Mcadams (May 28)
- Re: operational: icmp echo out of control? Mike Tancsa (May 28)
- Re: operational: icmp echo out of control? Richard A Steenbergen (May 28)
- Re: operational: icmp echo out of control? Valdis . Kletnieks (May 28)
- Re: operational: icmp echo out of control? John Kristoff (May 28)
- Message not available
- Re: operational: icmp echo out of control? John Kristoff (May 28)
- Re: operational: icmp echo out of control? E.B. Dreger (May 23)
- IWF was: RE: operational: icmp echo out of control? Deepak Jain (May 28)
- Re: operational: icmp echo out of control? Greg A. Woods (May 28)
- <Possible follow-ups>
- RE: operational: icmp echo out of control? James Smith (May 23)