:) -----Original Message----- From: Kurt Buff [mailto:kurt.b...@gmail.com] Sent: Friday, February 03, 2012 2:33 PM To: NT System Admin Issues Subject: Re: Curious networking anomaly in Win7 Pro box
Oh, I'm no Spock - that's a hard-learned lesson for me, with occasional reminders needed. BTW: This issue was resolved via a wipe and reload. User is now happy. Kurt On Wed, Feb 1, 2012 at 14:19, Kim Longenbaugh <k...@colonialsavings.com> wrote: > Well said, Mr. Spock > > -----Original Message----- > From: Kurt Buff [mailto:kurt.b...@gmail.com] > Sent: Wednesday, February 01, 2012 3:57 PM > To: NT System Admin Issues > Subject: Re: Curious networking anomaly in Win7 Pro box > > True, but at this point it's beyond my control, so emotional > investment in the outcome is pointless.. > > On Wed, Feb 1, 2012 at 13:04, Jonathan Link <jonathan.l...@gmail.com> wrote: >> Or not...if it's a wipe and rebuild we will never know... >> >> >> On Wed, Feb 1, 2012 at 4:01 PM, Kurt Buff <kurt.b...@gmail.com> wrote: >>> >>> LOL. >>> >>> Patience, grasshopper... >>> >>> Kurt >>> >>> On Wed, Feb 1, 2012 at 12:49, Kim Longenbaugh <k...@colonialsavings.com> >>> wrote: >>> > The suspense is killing me... :) >>> > >>> > -----Original Message----- >>> > From: Kurt Buff [mailto:kurt.b...@gmail.com] >>> > Sent: Wednesday, February 01, 2012 2:08 PM >>> > To: NT System Admin Issues >>> > Subject: Re: Curious networking anomaly in Win7 Pro box >>> > >>> > I've just learned that he's on the road on an emergency service call. >>> > >>> > I may not hear from him for days... >>> > >>> > Kurt >>> > >>> > On Wed, Feb 1, 2012 at 06:41, Kim Longenbaugh <k...@colonialsavings.com> >>> > wrote: >>> >> The trace routes weren't informative? >>> >> >>> >> -----Original Message----- >>> >> From: Kurt Buff [mailto:kurt.b...@gmail.com] >>> >> Sent: Tuesday, January 31, 2012 4:21 PM >>> >> To: NT System Admin Issues >>> >> Subject: Re: Curious networking anomaly in Win7 Pro box >>> >> >>> >> Not dropping in the sense you mean - I'd still see a traceroute or >>> >> other ICMP packets in tcpdump, but they wouldn't go anywhere. >>> >> >>> >> More to the point, pings to multiple addresses on the same remote >>> >> subnet are treated the same, and when he's doing the unsuccessful >>> >> pings, there's nothing in tcpdump - just nothing. AFAICT, it's simply >>> >> not reaching the office's firewall at all. >>> >> >>> >> Also, no other machine is having this difficulty - if they can ping >>> >> one address on the remote subnet, they can ping all. >>> >> >>> >> I even went so far as to have him specify the TTL in the pings at 254, >>> >> with a timeout of 300ms (usual response time is ~200m, and I didn't >>> >> want to wait the full 1000ms). >>> >> >>> >> As further background, the network firewalls I have are Sidewinders >>> >> (now known as McAfee Enterprise Secure firewalls, since the >>> >> acquisition) and are a hardened version of FreeBSD. I can ssh into the >>> >> box, run tcpdump just like any other *nix and see what's coming across >>> >> the wire. >>> >> >>> >> Kurt >>> >> >>> >> On Tue, Jan 31, 2012 at 13:01, Steve Kradel <skra...@zetetic.net> >>> >> wrote: >>> >>> Doesn't this imply you are dropping at least some ICMP at the >>> >>> firewall, then? >>> >>> >>> >>> On Tue, Jan 31, 2012 at 3:45 PM, Kurt Buff <kurt.b...@gmail.com> >>> >>> wrote: >>> >>>> No drops at the firewall. >>> >>>> >>> >>>> Forgot to have him do a traceroute - the firewall doesn't allow >>> >>>> traceroutes to pass through it, so that doesn't usually occur to me, >>> >>>> but in this case it would prove useful. >>> >>>> >>> >>>> I'll have him try that. >>> >>>> >>> >>>> Kurt >>> >>>> >>> >>>> On Tue, Jan 31, 2012 at 11:04, Kim Longenbaugh >>> >>>> <k...@colonialsavings.com> wrote: >>> >>>>> Compare trace routes from the anomalous machine to the devices you >>> >>>>> can connect to with trace routes to the ones you can't. >>> >>>>> Check firewall logs for drops. >>> >>>>> >>> >>>>> -----Original Message----- >>> >>>>> From: Kurt Buff [mailto:kurt.b...@gmail.com] >>> >>>>> Sent: Tuesday, January 31, 2012 12:56 PM >>> >>>>> To: NT System Admin Issues >>> >>>>> Subject: Curious networking anomaly in Win7 Pro box >>> >>>>> >>> >>>>> All, >>> >>>>> >>> >>>>> Just one machine in our UK office is affected, and I haven't been >>> >>>>> able >>> >>>>> to figure it out. All other machines seem to be working fine. >>> >>>>> >>> >>>>> This one laptop cannot talk to a few addresses in our US server >>> >>>>> subnet. >>> >>>>> >>> >>>>> For instance, this machine can ping the file server, and the >>> >>>>> Exchange >>> >>>>> server, but not the DCs, nor a new terminal server, nor the address >>> >>>>> of >>> >>>>> the router on that subnet. However, all of the machines he's trying >>> >>>>> to >>> >>>>> ping by name resolve to correct IP addresses. >>> >>>>> >>> >>>>> We put Wireshark on this machine, and it thinks its emitting the >>> >>>>> ICMP >>> >>>>> packets, but when I fired up tcpdump on the internal interface of >>> >>>>> the >>> >>>>> firewall for his office, I verified that it was not seeing packets >>> >>>>> for >>> >>>>> those machines that he was trying to ping, and it was seeing packets >>> >>>>> for the machines to which he was able to connect. >>> >>>>> >>> >>>>> I did a 'route print', to see if there were something odd there, but >>> >>>>> saw nothing interesting. >>> >>>>> >>> >>>>> A malware scan came up clean - and it's a new install of Win7 Pro >>> >>>>> over XP. >>> >>>>> >>> >>>>> I turned off any services that looked interesting, including the >>> >>>>> Aventail connection service, the Windows firewall, and a couple of >>> >>>>> others, with no change in result. >>> >>>>> >>> >>>>> Haven't had a chance to examine the event logs on the laptop. The >>> >>>>> laptop is probably going to be wiped before I can work with him on >>> >>>>> it >>> >>>>> again, but I'm still very curious. Has anyone seen anything like >>> >>>>> this >>> >>>>> before? >>> >>>>> >>> >>>>> Kurt >>> >>> >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> >>> >>> --- >>> >>> To manage subscriptions click here: >>> >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> >>> with the body: unsubscribe ntsysadmin >>> >> >>> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >> >>> >> --- >>> >> To manage subscriptions click here: >>> >> http://lyris.sunbelt-software.com/read/my_forums/ >>> >> or send an email to listmana...@lyris.sunbeltsoftware.com >>> >> with the body: unsubscribe ntsysadmin >>> >> >>> >> >>> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >> >>> >> --- >>> >> To manage subscriptions click here: >>> >> http://lyris.sunbelt-software.com/read/my_forums/ >>> >> or send an email to listmana...@lyris.sunbeltsoftware.com >>> >> with the body: unsubscribe ntsysadmin >>> > >>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> > >>> > --- >>> > To manage subscriptions click here: >>> > http://lyris.sunbelt-software.com/read/my_forums/ >>> > or send an email to listmana...@lyris.sunbeltsoftware.com >>> > with the body: unsubscribe ntsysadmin >>> > >>> > >>> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> > >>> > --- >>> > To manage subscriptions click here: >>> > http://lyris.sunbelt-software.com/read/my_forums/ >>> > or send an email to listmana...@lyris.sunbeltsoftware.com >>> > with the body: unsubscribe ntsysadmin >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to listmana...@lyris.sunbeltsoftware.com >>> with the body: unsubscribe ntsysadmin >>> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to listmana...@lyris.sunbeltsoftware.com >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to listmana...@lyris.sunbeltsoftware.com > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to listmana...@lyris.sunbeltsoftware.com with the body: unsubscribe ntsysadmin