diff --git a/test/connection-checker/src/net.rs b/test/connection-checker/src/net.rs
index 4d875dc86e37..fdad7de3862c 100644
--- a/test/connection-checker/src/net.rs
+++ b/test/connection-checker/src/net.rs
@@ -2,7 +2,6 @@ use eyre::{eyre, Context};
 use std::{
     io::Write,
     net::{IpAddr, Ipv4Addr, SocketAddr},
-    process::Command,
     time::Duration,
 };
 
@@ -61,26 +60,32 @@ pub fn send_udp(opt: &Opt, destination: SocketAddr) -> Result<(), eyre::Error> {
     Ok(())
 }
 
+#[cfg(any(target_os = "windows", target_os = "macos"))]
 pub fn send_ping(opt: &Opt, destination: IpAddr) -> eyre::Result<()> {
     eprintln!("Leaking ICMP packets to {destination}");
 
-    let mut cmd = Command::new("ping");
+    ping::dgramsock::ping(
+        destination,
+        Some(Duration::from_millis(opt.leak_timeout)),
+        None,
+        None,
+        None,
+        None,
+    )?;
 
-    #[cfg(target_os = "windows")]
-    cmd.args(["/n", "1"])
-        .args(["/w", &opt.leak_timeout.to_string()]);
+    Ok(())
+}
 
-    #[cfg(target_os = "linux")]
-    {
-        let timeout_sec = ((opt.leak_timeout as f32) / 1000f32).to_string();
-        cmd.args(["-c", "1"]).args(["-W", &timeout_sec]);
-    }
+// Some Linux distributions don't allow unprivileged users to send ICMP packets.
+// We use the ping command (which has capabilities/setuid set) to get around that.
+#[cfg(target_os = "linux")]
+pub fn send_ping(opt: &Opt, destination: IpAddr) -> eyre::Result<()> {
+    eprintln!("Leaking ICMP packets to {destination}");
 
-    #[cfg(target_os = "macos")]
-    cmd.args(["-c", "1"])
-        .args(["-W", &opt.leak_timeout.to_string()]);
+    let mut cmd = std::process::Command::new("ping");
 
-    cmd.arg(&destination.to_string());
+    let timeout_sec = ((opt.leak_timeout as f32) / 1000f32).to_string();
+    cmd.args(["-c", "1", "-W", &timeout_sec, &destination.to_string()]);
 
     let output = cmd.output().wrap_err(eyre!(
         "Failed to execute ping for destination {destination}"