On Tue, Jan 31, 2012 at 14:20, Ben Scott <[email protected]> wrote: > On Tue, Jan 31, 2012 at 1:55 PM, Kurt Buff <[email protected]> wrote: >> We put Wireshark on this machine, and it thinks its emitting the ICMP >> packets, but when I fired up tcpdump on the internal interface of the >> firewall for his office, I verified that it was not seeing packets for >> those machines that he was trying to ping, and it was seeing packets >> for the machines to which he was able to connect. > > What does the network look like? Is it just one big broadcast > domain? One physical switch? One IP network, with the firewall being > the next-hop route for the troublesome PC? > > Does the destination MAC address in the wayward Ethernet frames > match the MAC address of the next-hop gateway? > > Can you put a sniffer on the wire between the machine and the switch > (or mirror/monitor that switch port)? I wonder if something else is > intercepting the traffic, or if the PC is trying to ARP for the hosts > or something silly like that. Or even a malfunctioning or > misconfigured switch. > > (If the local network is sufficiently simple this may be redundant.)
It's one subnet for everything in that office, with the firewall as the gateway, no managed switch (I've been trying for years to get one there). The machine that are unreachable are in a remote subnet - along with some machines that *are* reachable in that same subnet - and no other machine. I'm checking to see if it does the same tricks when on wifi - when these tests were performed he had that switched off. Kurt ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
