msgbartop
msgbarbottom

12 Oct 12 Windows specify source ping (ICMP) Interface and IP

How to specify or change source interface and IP of ping (ICMP) packet in Windows with multiple NIC’s

This is something that has come up multiple times especially when working and dealing with network related tasks. Many times server engineers would contact us and complain about network traffic or VPN related issues or more recently I had to test VPN Connectivity from a server to other remote sites. However this server had 2 Network Cards. Both of them had different IP’s. Here is how the setup was:

    VLAN100 = NIC1 = 192.168.100.10
    VLAN200 = NIC2 = 192.168.200.10

Now I needed to ping the remote sites but I needed the source to be VLAN200 = NIC2 = 192.168.200.10. I opened up wireshark and did a simple ping and that showed traffic going out of VLAN100 = NIC1 = 192.168.100.10. Well that wasn’t going to help me because 192.168.100.10 was not part of the interesting traffic on the Cisco ASA. After a little digging I found out that I found out that there is a utility called NPing, that comes with NMap will allow me to accomplish that. I already had NMap installed on this server so I opened up the command prompt and typed:

nping

I got many options and the two options I was interested in were -e and -S.

  1. -e lets you specify the network interface you want to source the ICMP packet from
  2. -S lets you specify the IP Address of that network interface you want to source the ICMP packet from
  3. In my case I needed to source the ping (ICMP) from the second Network Card using the IP address of 192.168.200.10
  4. Now an important point to remember over here is that nping will not see the name of your network interface as it is in windows like “local area connection” etc. It uses the Linux way. So now I found out that mapping by utilizing the following command:
  5. nmap –iflist

  6. It produced bunch of data towards the top second or third line was *************************INTERFACES************************
  7. Right under this line it shows all the network interfaces mapped in Linux style with the IP address. So the first interface was eth0, second was eth1
  8. I picked out the the interface I needed in my case it was eth1 and then ran the following command?
  9. nping -e eth1 -S 192.168.200.10 10.1.1.10
    nping -e eth0(1) -S source-ip target-ip

  10. Now looking at the wireshark capture I was able to see that the ICMP packets were going out of the second network card and on the Cisco ASA Firewall I was able to see the VPN Traffic
  11. nping offers so many more options to work with for troubleshooting purposes, in general NMAP is a great and must have utility for network and systems engineers

Tags: , , , ,

Leave a Comment

WordPress SEO