Doesn't this imply you are dropping at least some ICMP at the firewall, then?
On Tue, Jan 31, 2012 at 3:45 PM, Kurt Buff <[email protected]> wrote: > No drops at the firewall. > > Forgot to have him do a traceroute - the firewall doesn't allow > traceroutes to pass through it, so that doesn't usually occur to me, > but in this case it would prove useful. > > I'll have him try that. > > Kurt > > On Tue, Jan 31, 2012 at 11:04, Kim Longenbaugh <[email protected]> > wrote: >> Compare trace routes from the anomalous machine to the devices you can >> connect to with trace routes to the ones you can't. >> Check firewall logs for drops. >> >> -----Original Message----- >> From: Kurt Buff [mailto:[email protected]] >> Sent: Tuesday, January 31, 2012 12:56 PM >> To: NT System Admin Issues >> Subject: Curious networking anomaly in Win7 Pro box >> >> All, >> >> Just one machine in our UK office is affected, and I haven't been able >> to figure it out. All other machines seem to be working fine. >> >> This one laptop cannot talk to a few addresses in our US server subnet. >> >> For instance, this machine can ping the file server, and the Exchange >> server, but not the DCs, nor a new terminal server, nor the address of >> the router on that subnet. However, all of the machines he's trying to >> ping by name resolve to correct IP addresses. >> >> We put Wireshark on this machine, and it thinks its emitting the ICMP >> packets, but when I fired up tcpdump on the internal interface of the >> firewall for his office, I verified that it was not seeing packets for >> those machines that he was trying to ping, and it was seeing packets >> for the machines to which he was able to connect. >> >> I did a 'route print', to see if there were something odd there, but >> saw nothing interesting. >> >> A malware scan came up clean - and it's a new install of Win7 Pro over XP. >> >> I turned off any services that looked interesting, including the >> Aventail connection service, the Windows firewall, and a couple of >> others, with no change in result. >> >> Haven't had a chance to examine the event logs on the laptop. The >> laptop is probably going to be wiped before I can work with him on it >> again, but I'm still very curious. Has anyone seen anything like this >> before? >> >> Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
