Ping a Specific Port

Question

Peter

Asked: 2009-06-20 12:56:19 +0800 CST2009-06-20 12:56:19 +0800 CST 2009-06-20 12:56:19 +0800 CST

Juniper firewall - large pings for testing

772

Is there an way to permit ping packets larger than 1472 through a Juniper SSG520M firewall?

"Ping of Death" and "Large Size ICMP Packet" protection has already been disabled under the 'Screening' options.

I need to be able to ping from the Trust side to the Untrust side (and perhaps vice versa) with packets larger than 1500 (i.e. ping 192.168.1.1 -l 4096) so I can force fragmentation.

2 Answers

Voted

LapTop006 · Answer 1 · 2009-06-21T03:09:03+08:00

LapTop006

2009-06-21T03:09:03+08:002009-06-21T03:09:03+08:00

Note that linux ping by default these days seems to set the don't fragment bit. Check the man page for your implementation (as there are several depending on distribution sigh).

For the "iputils" version you want the "-M dont" option.

1

Cian · Answer 2 · 2009-08-30T09:42:52+08:00

Cian

2009-08-30T09:42:52+08:002009-08-30T09:42:52+08:00

If you login to the cli, you should be able to see why the ping is being dropped with ffilter Something along the lines of set ffilter dst-ip <whatever> src-ip <whatever>

Should tell you what rule is actually dropping the ping, so you can turn it off.

1

Juniper firewall - large pings for testing

Ping a Specific Port

What port does SFTP use?

Resolve host name from IP address

How can I sort du -h output by size

Command line to list users in a Windows Active Directory group?

What's the command-line utility in Windows to do a reverse DNS look-up?

How to check if a port is blocked on a Windows machine?

What port should I open to allow remote desktop?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?