Macbook: Alternative to Ping (using TCP rather than ICMP)

A lot of companies are moving to ZTNA (Zero Trust Network Architecture). This is generally a good thing, it helps cyber posture and it and makes life a lot easier as you no longer need to login to VPN tunnels to manage your cloud environment/s.

But one of the few downsides of ZTNA is that (by definition) it cannot support ICMP packets. So how do things like Ping and Trace Route work? Well in general they don’t. If you’re on windows you can use a great SysInternals tool call PsPing, but for Mac you will need TCP ping. Below are the installation details for TCP Ping:

brew install wget
wget https://github.com/paradiseduo/tcping/releases/download/3.5/tcping.zip
unzip tcping.zip
chmod +x tcping
sudo mv tcping /usr/local/bin/
sudo xattr -rd com.apple.quarantine /usr/local/bin/tcping

Examples using TcpPing:

## Domain Ping
tcping -c 5 andrewbaker.ninja 443
## IPV4 Ping
tcping -c 5 13.244.140.33: 443
## IPV6 Ping
tcping -c 3 ::1 8080

Key Parameters

You can go directly to https://github.com/paradiseduo/tcping or if your lazy just use the below.

➜ tcping --help

      dP                     oo
      88
    d8888P .d8888b. 88d888b. dP 88d888b. .d8888b.    {Version: 3.5}
      88   88       88    88 88 88    88 88    88
      88   88.      88.  .88 88 88    88 88.  .88
      dP   `88888P  88Y888P  dP dP    dP `8888P88
                    88                        .88
                    dP                    d8888P

tcping is a ping over tcp connection.

Examples:
    1. ping over tcp with custom port 10 times
        > tcping www.baidu.com 80
    2. ping over tcp with custom port 5 times
        > tcping -c 5 www.baidu.com 443

USAGE: tcping [--count <count>] [--interval <interval>] <ip> <port>

ARGUMENTS:
    <ip>                        The IP or Domain to tcping.
    <port>                      The port to tcping.

OPTIONS:
    -c, --count <count>         The number of times to repeat 'tcping'. Default value is 10, Max value is 65535
    -i, --interval <interval>   The request interval(second). Default value is 1 second
    -h, --help                  Show help information.

How Does TCPing works

TCPing measures RTT using the SYN handshake that occurs when a TCP connection is opened. It does this by opening a TCP connection to the destination port with a SYN, and then waits for the SYN ACK back from the destination to determine if the service is up, and to measure RTT. After it receives a SYN ACK, it will then send a RST ACK. This RST (reset) will forcibly close the half-opened TCP connection (preventing you from inadvertently exhausting the server of resources – aka SYN Flood attack).

Bonus: Install Tcp Route Trace

Am too lazy to write another article, so use the below for TCP route trace:

brew install tcptraceroute

Examples using Tcp Traceroute:

sudo tcptraceroute andrewbaker.ninja 443

Leave a Reply

Your email address will not be published. Required fields are marked *