[Nagiosplug-help] check_udp suitable to mimic traceroute?

[Andreas Ericsson]

Ralph.Grothe at itdz-berlin.de wrote:
> Hello Nagios Users,
> 
> mapping of our network topology close enough to reality gives me
> some headache
> because many of the gateways along the routes that my nagios
> checks pass
> there are, what I like to call "black hole gateways", that don't
> reply to
> ICMP packets.
> 
> Though I suspect that all of them are so called "manageable" and
> thus should
> support at least SNMPv1 (or even better) I am not given queryable
> OIDs, nor
> the community phrase (if GETs were enabled at all) from the
> devices' admins
> (most of whom I even don't know).
> 
> Thus, a decent check_snmp would be futile and the usual
> check_icmp would fail.
> However, I found that at least a few of those devices appear in
> the hop stack of
> a traceroute output to many of my monitored hosts.
> 
> This indicates to me that in the end not all of the gateways are
> that 
> "black holeish", but release some light rays in form of ICMP
> response packets,
> like "TTL expired", which I guess traceroute's functionality
> relies on.
> 

Correct.

> 
> So to avoid the hassle could one use check_udp, or any other of
> the vanilla plug-ins,
> to this end?
> 

I'm afraid not. What you would have to do is modify an existing plugin 
capable of handling icmp, send a ping to a host behind the device you 
really want to ping, and then read the ICMP_TIMXCEED as normal 
ICMP_ECHOREPLY packets. The only difference between the two are in 
icmphdr.type and icmphdr.code. The original packet is still duplicated 
on return.

> All I know is that such a UDP datagram would probably require the
> TTL set to 1
> to have the checked gateway decrement it by one and send an ICMP
> expiration
> notification packet back to the sender, much like traceroute.
> 

The value of the TTL on any outgoing packet would have to be the same as 
the number of hops required to reach the gateway, including the 
gateway-hop itself, so for this setup:

Nagios -> gw1 -> gw2 -> address-to-ping

you'd have to use TTL=1 to check gw1, TTL=2 to check gw2. You'd probably 
be best off by submitting the TTL as an argument, as it's a bit tricky 
to calculate without doing a semi-full traceroute.


-- 
Andreas Ericsson                   andreas.ericsson at op5.se
OP5 AB                             www.op5.se
Tel: +46 8-230225                  Fax: +46 8-230231