Re: ICMP and Traceroute

[Joseph S D Yao <jsdy () cospo osis gov>]

> On 18 May 99, at 8:51, Frank W. Keeney wrote:
> > My view of the Internet is the content and services that it provides.
> > ICMP and traceroute are only tools to verify network connectivity. Day
> > to day testing of connectivity to the Internet should be done with the
> > applications.
>
>   I take exactly the opposite view.  When our network operators need to 
> confirm a server's connectivity, I'd prefer that they use connectivity tools 
> (ping, nslookup, tracert) than that they expose the server -- and, by 
> extension, the internal network -- by way of a browser that is probably way 
> behind on security patches, to the vagaries of some random third-party web 
> site.  HTTP opens a much bigger hole than the task of checking connectivity 
> warrants.

There is a third way.  Someone in our office has written a PERL script
that, for each of a set of Web sites that are supposed to be directly
connected behind our firewall:
        tries to look up the name, to get an IP address
                failure -> DNS isn't working
        tries to connect to the Web server on port 80 of the IP address
                [we remember it in case DNS failed], and do an initial
                GET
        tries to ping the IP address, if that fails

--
Joe Yao                         jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support                                     EMT-B
-----------------------------------------------------------------------
        PLEASE ... send or Cc: all "COSPO/OSIS Computer Support"
                     mail to sys-adm () cospo osis gov
-----------------------------------------------------------------------
      This message is not an official statement of COSPO policies.