Probably you already know what ping is: it is a command that you can run on your terminal to see if a host is up and running.
It works by sending some packets to the host and waiting for a response, and it measures the round-trip time that the message takes to go to the host and come back to the client.
An example can be
that can return something like
Pinging lb.wordpress.com [18.104.22.168] with 32 bytes of data: Reply from 22.214.171.124: bytes=32 time=2ms TTL=58 Reply from 126.96.36.199: bytes=32 time=3ms TTL=58 Reply from 188.8.131.52: bytes=32 time=3ms TTL=58 Reply from 184.108.40.206: bytes=32 time=3ms TTL=58 Ping statistics for 220.127.116.11: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 2ms, Maximum = 3ms, Average = 2ms
PSSS! Remember not to use HTTPS!!
More in detail, ping sends an ICMP echo request to a specified interface and waits for a reply.
Just as a reminder, ICMP (Internet Control Message Protocol) is a network protocol that is at the same level as TCP and UDP on the networking stack, but it is typically not used for exchanging data between endpoints but only for sharing errors or information.
The problem comes when you want to ping a service hosted on Azure: in order to avoid DDoS attacks, the Azure team decided to block ICMP packets.
Unfortunately ICMP presents risks and problems for our underlying network infrastructure.
So you cannot ping them.
In fact, if you try it from your system, you will receive Request time out.
But at least you can try to reach it using a browser!
Let's say that you have a website, mysite.azurewebsites.net, that must communicate with an API hosted at myapi.azurewebsites.net. Now you want to check if the networking between the two systems works well and check if everything is well configured.
Of course, you can't open a browser inside the Azure portal. So what?
First of all, you should try to ping the service within the Azure Portal, so that you are sure you're running the commands in the cloud environment. Azure Portal allows you to use multiple tools to interact and analyze what's going on on your App: just open your resource and head to Development Tools
You will find both a Console and an external tool called Advanced Tools: you can use both, but here I'm using the Console tool:
If you try to ping myapi from Azure, you won't receive a Request time out, but a different error:
Unable to contact IP driver. General failure
That's because the ping command has directly been disabled.
So how can we solve it?
Well, the solution is pretty easy! There is a command called tcpping that allows you to do something similar, and that can be called by both the Console and the Kudu advanced tool, accessible in the Development Tools section.
tcpping myapi.azurewebsites.net, you can get something similar:
Connected to myapi.azurewebsites.net:80, time taken: 171ms Connected to myapi.azurewebsites.net:80, time taken: 109ms Connected to myapi.azurewebsites.net:80, time taken: 109ms Connected to myapi.azurewebsites.net:80, time taken: 109ms Complete: 4/4 successful attempts (100%). Average success time: 124.5ms
That, in the console, looks like this:
If you wanna have more info about this command, you can simply type
First of all, it explains what it is: Opens a TCP socket to a target host:port and returns whether the initial handshake was successful and a connection was established.
That's the way to avoid ICMP packets! Just use TCP!
There are also some flags that can be set:
- -n: the number of pings to perform. If not specified, the value is 4
- -t: loop infinitely
- -s: run for the specified seconds
Here we've seen how you can ping an Azure App Service inside the Azure Portal. This is a tiny tool that you must know if you want to check if your architecture is well configured. Do you know other ways?