Why does "curl" command work normally while "ping" not?

linux networking centos ping curl

18,617

You could test if ICMP is blocked with the following perl program:

ping.pl (Edited to print port)

#!/usr/bin/env perl    
use strict;
use warnings;
use Net::Ping;

my @hosts = @ARGV;
die "usage: sudo perl ping.pl host\n" unless @ARGV;

my $timeout = 5;
my @proto = ("tcp", "udp", "icmp","syn");
foreach my $pro ( @proto ) {

    my $p = Net::Ping->new($pro);

    # default port    
    my $port = 7;
    $p->port_number($port);

    # tcp on https port
    if ( $pro eq "tcp"){
      $port = 443;
      $p->port_number($port);
    }

    print "\nProtocol $pro port $port\n";
    foreach my $host( @hosts ) {    
      if ($p->ping($host, $timeout)){
        print "$host is reachable\n";
      }
      else{
        print "$host is NOT reachable\n";
      }
    }
    $p->close();
    sleep(2);
}
exit;

#$ sudo perl ping.pl  google.com 

Protocol tcp port 443
google.com is reachable

Protocol udp port 7
google.com is NOT reachable

Protocol icmp port 7
google.com is reachable

Protocol syn port 7
google.com is reachable

ping and curl output (videotron network)

#$ ping -c 4 google.com
PING google.com (24.200.237.84) 56(84) bytes of data.
64 bytes from google-084.237.cache.videotron.ca (24.200.237.84):    icmp_seq=1 ttl=61 time=7.14 ms
64 bytes from google-084.237.cache.videotron.ca (24.200.237.84):    icmp_seq=2 ttl=61 time=10.1 ms
64 bytes from google-084.237.cache.videotron.ca (24.200.237.84):    icmp_seq=3 ttl=61 time=6.86 ms
64 bytes from google-084.237.cache.videotron.ca (24.200.237.84): icmp_seq=4 ttl=61 time=8.86 ms

--- google.com ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 6.866/8.243/10.102/1.320 ms

#$ curl google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>302 Moved</TITLE></HEAD><BODY>
<H1>302 Moved</H1>
The document has moved
<A HREF="http://www.google.ca/?gfe_rd=cr&amp;ei=ArVmVbiOLajd8gfKq4DoCQ">here</A>.
</BODY></HTML>

18,617

Nan Xiao

Updated on September 18, 2022

Comments

Nan Xiao over 1 year
I find a strange phenomenon in my corporate network:
I can execute curl google.com command successfully:
```
[root@localhost ~]# curl google.com
<HTML><HEAD><meta http-equiv="content-type" content="text/html;charset=utf-8">
<TITLE>301 Moved</TITLE></HEAD><BODY>
<H1>301 Moved</H1>
The document has moved
<A HREF="http://www.google.com/">here</A>.
</BODY></HTML>
```
But execute ping google.com failed:
```
[root@localhost ~]# ping google.com
PING google.com (173.194.33.174) 56(84) bytes of data.
^C
--- google.com ping statistics ---
1569 packets transmitted, 0 received, 100% packet loss, time 1568463ms
```
I suspect the sysadmin has done something, but not sure. Could anyone give some clues how to debug this issue? For example, does the sysadmin set some rules which can filter ping command? How can I verify it?
- Karan almost 9 years
  
  ICMP blocked by corporate firewall most likely. Can you successfully ping any site?
- Nan Xiao almost 9 years
  
  @Karan: No. Can't ping any foreign sites successfully. How can verify this?
- Karan almost 9 years
  
  I'm not sure at your end how you can confirm this since the firewall config will surely be inaccessible to you, but it is the most likely cause.
Karan almost 9 years

So if host is not reachable for any reason that necessarily means ICMP is blocked at your end?
Nan Xiao almost 9 years

@David L.: After executing the script, it outputs:"` [root@mawent3 ~]# ./ping.pl google.com Protocol tcp google.com is NOT reachable Protocol udp google.com is NOT reachable Protocol icmp google.com is NOT reachable Protocol syn google.com is reachable`", what does it can prove?
David L. almost 9 years

@Nan Xiao as it was suggested in the comments to your question, ICMP is probably blocked by corporate firewall
Nan Xiao almost 9 years

@DavidL: Why curl can success? It seems both tcp and udp are blocked too.