• Post Reply Bookmark Topic Watch Topic
  • New Topic

InetAdress.isReachable() Ping Permissions

 
Joshua Smith
Ranch Hand
Posts: 193
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
All-

I am working on an application that needs to be able to do the equivalent of a simple ICMP/Echo ping to determine the "up" status of some hosts on our local network. I am using the InetAdress.isReachable(timeout) method that is new with Java 5. The problem is that is fails to successfully ping certain hosts (not all hosts - which puzzles me) unless the application is running as root. Run the application as a normal user and it fails. su to root and re-run it and it works fine. I'm told that this has to do with security permissions and access to RAW sockets on Unix.

Can anyone suggest a solution for this problem?

These are a couple of posts that I have read while trying to figure out the problem, but none of them seem to be an acceptable solution.

http://amazing-development.com/index.php?cat=5&paged=2
http://discuss.joelonsoftware.com/default.asp?joel.3.31465.8

The application is running on Solaris 2.8 under Java 5.

Thank you,
Joshua Smith
 
Joe Ess
Bartender
Posts: 9361
11
Linux Mac OS X Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I've never used InetAdress.isReachable(timeout), but the links you've given look pretty specific: You have to be root to use RAW sockets. Is there any reason you need ICMP? We do server monitoring using java.net.URL and web servers on nonprivledged ports.
 
Joshua Smith
Ranch Hand
Posts: 193
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Joe-

The tool that I'm working on pings a box via various protocols - one of which is ICMP/Echo.

As I understand the Java implementation of isReachable(), it tries the RAW socket approach first and if it can't get the permissions, then it fails over to talking to the Echo port. For many hosts that's fine. For a few of our Linux hosts that are not listening on the Echo port with their out-of-the-box configuration, this was a problem. For now, we've enabled the Echo port on those boxes. This isn't a complete solution though. In this case we had control of the boxes so opening the port was not a problem. That might not always be the case. Also, I'm told that opening the Echo port makes you vulnerable to DoS attacks. In our deployment environment that's not much of a risk as the machine is on an isolated network, but that could be a concern in other contexts.

So I'm still not sure what the long term solution is. I'm leaning towards finding something that wraps the native ping tools and calling out to it from Java. It's certainly not platform independent, but would work in this case. I'd love to hear from anyone else that has dealt with something similar to this.

Thanks,
Josh
 
Frank Spychalski
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Joshua,

as I wrote in my blog post, I wrote a wrapper for fping to get around this problem. The reason I used fping was that the output was pretty easy to parse and you could ping multiple targets with a single call.

You can download the jar: http://software.net.schlund.de/dist/UTIL/

Example:

final FPing fp = new SingleFPing("/usr/sbin/fping");
for (int i = 0; i < args.length; i++) {
fp.addHost(args[i]);
}
System.out.println(fp.ping());

This code is not beautiful but it works and is used for some time now in the network monitoring system of a pretty big ISP (my employer)...

bye
Frank
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!