A lot of companies are moving to ZTNA (Zero Trust Network Architecture). This is generally a good thing, it helps cyber posture and it and makes life a lot easier as you no longer need to login to VPN tunnels to manage your cloud environment/s.
But one of the few downsides of ZTNA is that (by definition) it cannot support ICMP packets. So how do things like Ping and Trace Route work? Well in general they don’t. If you’re on windows you can use a great SysInternals tool call PsPing, but for Mac you will need TCP ping. Below are the installation details for TCP Ping:
brew install wget
wget https://github.com/paradiseduo/tcping/releases/download/3.5/tcping.zip
unzip tcping.zip
chmod +x tcping
sudo mv tcping /usr/local/bin/
sudo xattr -rd com.apple.quarantine /usr/local/bin/tcping
Examples using TcpPing:
## Domain Ping
tcping -c 5 andrewbaker.ninja 443
## IPV4 Ping
tcping -c 5 13.244.140.33: 443
## IPV6 Ping
tcping -c 3 ::1 8080
Key Parameters
You can go directly to https://github.com/paradiseduo/tcping or if your lazy just use the below.
➜ tcping --help dP oo 88 d8888P .d8888b. 88d888b. dP 88d888b. .d8888b. {Version: 3.5} 88 88 88 88 88 88 88 88 88 88 88. 88. .88 88 88 88 88. .88 dP `88888P 88Y888P dP dP dP `8888P88 88 .88 dP d8888P tcping is a ping over tcp connection. Examples: 1. ping over tcp with custom port 10 times > tcping www.baidu.com 80 2. ping over tcp with custom port 5 times > tcping -c 5 www.baidu.com 443 USAGE: tcping [--count <count>] [--interval <interval>] <ip> <port> ARGUMENTS: <ip> The IP or Domain to tcping. <port> The port to tcping. OPTIONS: -c, --count <count> The number of times to repeat 'tcping'. Default value is 10, Max value is 65535 -i, --interval <interval> The request interval(second). Default value is 1 second -h, --help Show help information.
How Does TCPing works
TCPing measures RTT using the SYN handshake that occurs when a TCP connection is opened. It does this by opening a TCP connection to the destination port with a SYN, and then waits for the SYN ACK back from the destination to determine if the service is up, and to measure RTT. After it receives a SYN ACK, it will then send a RST ACK. This RST (reset) will forcibly close the half-opened TCP connection (preventing you from inadvertently exhausting the server of resources – aka SYN Flood attack).
Bonus: Install Tcp Route Trace
Am too lazy to write another article, so use the below for TCP route trace:
brew install tcptraceroute
Examples using Tcp Traceroute:
sudo tcptraceroute andrewbaker.ninja 443