On Tue, Jan 31, 2012 at 1:55 PM, Kurt Buff <[email protected]> wrote: > We put Wireshark on this machine, and it thinks its emitting the ICMP > packets, but when I fired up tcpdump on the internal interface of the > firewall for his office, I verified that it was not seeing packets for > those machines that he was trying to ping, and it was seeing packets > for the machines to which he was able to connect.
What does the network look like? Is it just one big broadcast domain? One physical switch? One IP network, with the firewall being the next-hop route for the troublesome PC? Does the destination MAC address in the wayward Ethernet frames match the MAC address of the next-hop gateway? Can you put a sniffer on the wire between the machine and the switch (or mirror/monitor that switch port)? I wonder if something else is intercepting the traffic, or if the PC is trying to ARP for the hosts or something silly like that. Or even a malfunctioning or misconfigured switch. (If the local network is sufficiently simple this may be redundant.) -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
