LOL. Patience, grasshopper...
Kurt On Wed, Feb 1, 2012 at 12:49, Kim Longenbaugh <[email protected]> wrote: > The suspense is killing me... :) > > -----Original Message----- > From: Kurt Buff [mailto:[email protected]] > Sent: Wednesday, February 01, 2012 2:08 PM > To: NT System Admin Issues > Subject: Re: Curious networking anomaly in Win7 Pro box > > I've just learned that he's on the road on an emergency service call. > > I may not hear from him for days... > > Kurt > > On Wed, Feb 1, 2012 at 06:41, Kim Longenbaugh <[email protected]> > wrote: >> The trace routes weren't informative? >> >> -----Original Message----- >> From: Kurt Buff [mailto:[email protected]] >> Sent: Tuesday, January 31, 2012 4:21 PM >> To: NT System Admin Issues >> Subject: Re: Curious networking anomaly in Win7 Pro box >> >> Not dropping in the sense you mean - I'd still see a traceroute or >> other ICMP packets in tcpdump, but they wouldn't go anywhere. >> >> More to the point, pings to multiple addresses on the same remote >> subnet are treated the same, and when he's doing the unsuccessful >> pings, there's nothing in tcpdump - just nothing. AFAICT, it's simply >> not reaching the office's firewall at all. >> >> Also, no other machine is having this difficulty - if they can ping >> one address on the remote subnet, they can ping all. >> >> I even went so far as to have him specify the TTL in the pings at 254, >> with a timeout of 300ms (usual response time is ~200m, and I didn't >> want to wait the full 1000ms). >> >> As further background, the network firewalls I have are Sidewinders >> (now known as McAfee Enterprise Secure firewalls, since the >> acquisition) and are a hardened version of FreeBSD. I can ssh into the >> box, run tcpdump just like any other *nix and see what's coming across >> the wire. >> >> Kurt >> >> On Tue, Jan 31, 2012 at 13:01, Steve Kradel <[email protected]> wrote: >>> Doesn't this imply you are dropping at least some ICMP at the firewall, >>> then? >>> >>> On Tue, Jan 31, 2012 at 3:45 PM, Kurt Buff <[email protected]> wrote: >>>> No drops at the firewall. >>>> >>>> Forgot to have him do a traceroute - the firewall doesn't allow >>>> traceroutes to pass through it, so that doesn't usually occur to me, >>>> but in this case it would prove useful. >>>> >>>> I'll have him try that. >>>> >>>> Kurt >>>> >>>> On Tue, Jan 31, 2012 at 11:04, Kim Longenbaugh <[email protected]> >>>> wrote: >>>>> Compare trace routes from the anomalous machine to the devices you can >>>>> connect to with trace routes to the ones you can't. >>>>> Check firewall logs for drops. >>>>> >>>>> -----Original Message----- >>>>> From: Kurt Buff [mailto:[email protected]] >>>>> Sent: Tuesday, January 31, 2012 12:56 PM >>>>> To: NT System Admin Issues >>>>> Subject: Curious networking anomaly in Win7 Pro box >>>>> >>>>> All, >>>>> >>>>> Just one machine in our UK office is affected, and I haven't been able >>>>> to figure it out. All other machines seem to be working fine. >>>>> >>>>> This one laptop cannot talk to a few addresses in our US server subnet. >>>>> >>>>> For instance, this machine can ping the file server, and the Exchange >>>>> server, but not the DCs, nor a new terminal server, nor the address of >>>>> the router on that subnet. However, all of the machines he's trying to >>>>> ping by name resolve to correct IP addresses. >>>>> >>>>> We put Wireshark on this machine, and it thinks its emitting the ICMP >>>>> packets, but when I fired up tcpdump on the internal interface of the >>>>> firewall for his office, I verified that it was not seeing packets for >>>>> those machines that he was trying to ping, and it was seeing packets >>>>> for the machines to which he was able to connect. >>>>> >>>>> I did a 'route print', to see if there were something odd there, but >>>>> saw nothing interesting. >>>>> >>>>> A malware scan came up clean - and it's a new install of Win7 Pro over XP. >>>>> >>>>> I turned off any services that looked interesting, including the >>>>> Aventail connection service, the Windows firewall, and a couple of >>>>> others, with no change in result. >>>>> >>>>> Haven't had a chance to examine the event logs on the laptop. The >>>>> laptop is probably going to be wiped before I can work with him on it >>>>> again, but I'm still very curious. Has anyone seen anything like this >>>>> before? >>>>> >>>>> Kurt >>> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >>> >>> --- >>> To manage subscriptions click here: >>> http://lyris.sunbelt-software.com/read/my_forums/ >>> or send an email to [email protected] >>> with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin > > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
