diff --git a/test/connection-checker/src/cli.rs b/test/connection-checker/src/cli.rs
index ecc33dd7e9db..97240cf974c6 100644
--- a/test/connection-checker/src/cli.rs
+++ b/test/connection-checker/src/cli.rs
@@ -10,8 +10,8 @@ pub struct Opt {
     #[clap(short, long)]
     pub interactive: bool,
 
-    /// Timeout for network connection to am.i.mullvad (in millis).
-    #[clap(short, long, default_value = "3000")]
+    /// Timeout for network connection to am.i.mullvad (in seconds).
+    #[clap(short, long, default_value = "3")]
     pub timeout: u64,
 
     /// Try to send some junk data over TCP to <leak>.
@@ -30,8 +30,8 @@ pub struct Opt {
     #[clap(long)]
     pub leak: Option<SocketAddr>,
 
-    /// Timeout for leak check network connections (in millis).
-    #[clap(long, default_value = "1000")]
+    /// Timeout for leak check network connections (in seconds).
+    #[clap(long, default_value = "1")]
     pub leak_timeout: u64,
 
     /// Junk data for each UDP and TCP packet
diff --git a/test/connection-checker/src/main.rs b/test/connection-checker/src/main.rs
index 16050f322ea2..c56d8b31da15 100644
--- a/test/connection-checker/src/main.rs
+++ b/test/connection-checker/src/main.rs
@@ -54,7 +54,7 @@ fn am_i_mullvad(opt: &Opt) -> eyre::Result<bool> {
     let client = Client::new();
     let response: Response = client
         .get(url)
-        .timeout(Duration::from_millis(opt.timeout))
+        .timeout(Duration::from_secs(opt.timeout))
         .send()
         .and_then(|r| r.json())
         .wrap_err_with(|| eyre!("Failed to GET {url}"))?;
diff --git a/test/connection-checker/src/net.rs b/test/connection-checker/src/net.rs
index 929bb3c089c4..0ac19f3ca540 100644
--- a/test/connection-checker/src/net.rs
+++ b/test/connection-checker/src/net.rs
@@ -22,7 +22,7 @@ pub fn send_tcp(opt: &Opt, destination: SocketAddr) -> eyre::Result<()> {
     sock.bind(&socket2::SockAddr::from(bind_addr))
         .wrap_err(eyre!("Failed to bind TCP socket to {bind_addr}"))?;
 
-    let timeout = Duration::from_millis(opt.leak_timeout);
+    let timeout = Duration::from_secs(opt.leak_timeout);
     sock.set_write_timeout(Some(timeout))?;
     sock.set_read_timeout(Some(timeout))?;
 
@@ -66,7 +66,7 @@ pub fn send_ping(opt: &Opt, destination: IpAddr) -> eyre::Result<()> {
 
     ping::ping(
         destination,
-        Some(Duration::from_millis(opt.leak_timeout)),
+        Some(Duration::from_secs(opt.leak_timeout)),
         None,
         None,
         None,
@@ -80,9 +80,11 @@ pub fn send_ping(opt: &Opt, destination: IpAddr) -> eyre::Result<()> {
 pub fn send_ping(opt: &Opt, destination: IpAddr) -> eyre::Result<()> {
     eprintln!("Leaking ICMP packets to {destination}");
 
+    // On macOS, use dgramsock (SOCK_DGRAM) instead of the default sock type (SOCK_RAW),
+    // so that we don't need root privileges. Naturally, this does not work for Windows.
     ping::dgramsock::ping(
         destination,
-        Some(Duration::from_millis(opt.leak_timeout)),
+        Some(Duration::from_secs(opt.leak_timeout)),
         None,
         None,
         None,
@@ -92,17 +94,16 @@ pub fn send_ping(opt: &Opt, destination: IpAddr) -> eyre::Result<()> {
     Ok(())
 }
 
-// Some Linux distributions don't allow unprivileged users to send ICMP packets.
-// We use the ping command (which has capabilities/setuid set) to get around that.
+// Older Linux distributions don't allow unprivileged users to send ICMP packets, even for
+// SOCK_DGRAM sockets. We use the ping command (which has capabilities/setuid set) to get around
+// that.
 #[cfg(target_os = "linux")]
 pub fn send_ping(opt: &Opt, destination: IpAddr) -> eyre::Result<()> {
     eprintln!("Leaking ICMP packets to {destination}");
 
     let mut cmd = std::process::Command::new("ping");
 
-    // NOTE: Rounding up to nearest second, since some versions don't support fractional
-    //       seconds
-    let timeout_sec = ((opt.leak_timeout + 1000 - 1) / 1000).to_string();
+    let timeout_sec = opt.leak_timeout.to_string();
 
     cmd.args(["-c", "1", "-W", &timeout_sec, &destination.to_string()]);
 
diff --git a/test/test-manager/src/tests/helpers.rs b/test/test-manager/src/tests/helpers.rs
index 24d7e33babfa..c775e312a65c 100644
--- a/test/test-manager/src/tests/helpers.rs
+++ b/test/test-manager/src/tests/helpers.rs
@@ -44,15 +44,15 @@ pub const THROTTLE_RETRY_DELAY: Duration = Duration::from_secs(120);
 const CHECKER_FILENAME_WINDOWS: &str = "connection-checker.exe";
 const CHECKER_FILENAME_UNIX: &str = "connection-checker";
 
-const AM_I_MULLVAD_TIMEOUT_MS: u64 = 10000;
-const LEAK_TIMEOUT_MS: u64 = 500;
+const AM_I_MULLVAD_TIMEOUT_S: u64 = 10;
+const LEAK_TIMEOUT_S: u64 = 1;
 
 /// Timeout of [ConnCheckerHandle::check_connection].
-const CONN_CHECKER_TIMEOUT: Duration = Duration::from_millis(
-    AM_I_MULLVAD_TIMEOUT_MS // https://am.i.mullvad.net timeout
-    + LEAK_TIMEOUT_MS // leak-tcp timeout
-    + LEAK_TIMEOUT_MS // leak-icmp timeout
-    + 1000, // plus some extra grace time
+const CONN_CHECKER_TIMEOUT: Duration = Duration::from_secs(
+    AM_I_MULLVAD_TIMEOUT_S // https://am.i.mullvad.net timeout
+    + LEAK_TIMEOUT_S // leak-tcp timeout
+    + LEAK_TIMEOUT_S // leak-icmp timeout
+    + 1, // plus some extra grace time
 );
 
 #[macro_export]
@@ -953,12 +953,12 @@ impl ConnChecker {
             let mut args = [
                 "--interactive",
                 "--timeout",
-                &AM_I_MULLVAD_TIMEOUT_MS.to_string(),
+                &AM_I_MULLVAD_TIMEOUT_S.to_string(),
                 // try to leak traffic to LEAK_DESTINATION
                 "--leak",
                 &self.leak_destination.to_string(),
                 "--leak-timeout",
-                &LEAK_TIMEOUT_MS.to_string(),
+                &LEAK_TIMEOUT_S.to_string(),
                 "--leak-tcp",
                 "--leak-udp",
                 "--leak-icmp",