True, but at this point it's beyond my control, so emotional investment in the outcome is pointless..
On Wed, Feb 1, 2012 at 13:04, Jonathan Link <[email protected]> wrote: > Or not...if it's a wipe and rebuild we will never know... > > > On Wed, Feb 1, 2012 at 4:01 PM, Kurt Buff <[email protected]> wrote: >> >> LOL. >> >> Patience, grasshopper... >> >> Kurt >> >> On Wed, Feb 1, 2012 at 12:49, Kim Longenbaugh <[email protected]> >> wrote: >> > The suspense is killing me... :) >> > >> > -----Original Message----- >> > From: Kurt Buff [mailto:[email protected]] >> > Sent: Wednesday, February 01, 2012 2:08 PM >> > To: NT System Admin Issues >> > Subject: Re: Curious networking anomaly in Win7 Pro box >> > >> > I've just learned that he's on the road on an emergency service call. >> > >> > I may not hear from him for days... >> > >> > Kurt >> > >> > On Wed, Feb 1, 2012 at 06:41, Kim Longenbaugh <[email protected]> >> > wrote: >> >> The trace routes weren't informative? >> >> >> >> -----Original Message----- >> >> From: Kurt Buff [mailto:[email protected]] >> >> Sent: Tuesday, January 31, 2012 4:21 PM >> >> To: NT System Admin Issues >> >> Subject: Re: Curious networking anomaly in Win7 Pro box >> >> >> >> Not dropping in the sense you mean - I'd still see a traceroute or >> >> other ICMP packets in tcpdump, but they wouldn't go anywhere. >> >> >> >> More to the point, pings to multiple addresses on the same remote >> >> subnet are treated the same, and when he's doing the unsuccessful >> >> pings, there's nothing in tcpdump - just nothing. AFAICT, it's simply >> >> not reaching the office's firewall at all. >> >> >> >> Also, no other machine is having this difficulty - if they can ping >> >> one address on the remote subnet, they can ping all. >> >> >> >> I even went so far as to have him specify the TTL in the pings at 254, >> >> with a timeout of 300ms (usual response time is ~200m, and I didn't >> >> want to wait the full 1000ms). >> >> >> >> As further background, the network firewalls I have are Sidewinders >> >> (now known as McAfee Enterprise Secure firewalls, since the >> >> acquisition) and are a hardened version of FreeBSD. I can ssh into the >> >> box, run tcpdump just like any other *nix and see what's coming across >> >> the wire. >> >> >> >> Kurt >> >> >> >> On Tue, Jan 31, 2012 at 13:01, Steve Kradel <[email protected]> >> >> wrote: >> >>> Doesn't this imply you are dropping at least some ICMP at the >> >>> firewall, then? >> >>> >> >>> On Tue, Jan 31, 2012 at 3:45 PM, Kurt Buff <[email protected]> >> >>> wrote: >> >>>> No drops at the firewall. >> >>>> >> >>>> Forgot to have him do a traceroute - the firewall doesn't allow >> >>>> traceroutes to pass through it, so that doesn't usually occur to me, >> >>>> but in this case it would prove useful. >> >>>> >> >>>> I'll have him try that. >> >>>> >> >>>> Kurt >> >>>> >> >>>> On Tue, Jan 31, 2012 at 11:04, Kim Longenbaugh >> >>>> <[email protected]> wrote: >> >>>>> Compare trace routes from the anomalous machine to the devices you >> >>>>> can connect to with trace routes to the ones you can't. >> >>>>> Check firewall logs for drops. >> >>>>> >> >>>>> -----Original Message----- >> >>>>> From: Kurt Buff [mailto:[email protected]] >> >>>>> Sent: Tuesday, January 31, 2012 12:56 PM >> >>>>> To: NT System Admin Issues >> >>>>> Subject: Curious networking anomaly in Win7 Pro box >> >>>>> >> >>>>> All, >> >>>>> >> >>>>> Just one machine in our UK office is affected, and I haven't been >> >>>>> able >> >>>>> to figure it out. All other machines seem to be working fine. >> >>>>> >> >>>>> This one laptop cannot talk to a few addresses in our US server >> >>>>> subnet. >> >>>>> >> >>>>> For instance, this machine can ping the file server, and the >> >>>>> Exchange >> >>>>> server, but not the DCs, nor a new terminal server, nor the address >> >>>>> of >> >>>>> the router on that subnet. However, all of the machines he's trying >> >>>>> to >> >>>>> ping by name resolve to correct IP addresses. >> >>>>> >> >>>>> We put Wireshark on this machine, and it thinks its emitting the >> >>>>> ICMP >> >>>>> packets, but when I fired up tcpdump on the internal interface of >> >>>>> the >> >>>>> firewall for his office, I verified that it was not seeing packets >> >>>>> for >> >>>>> those machines that he was trying to ping, and it was seeing packets >> >>>>> for the machines to which he was able to connect. >> >>>>> >> >>>>> I did a 'route print', to see if there were something odd there, but >> >>>>> saw nothing interesting. >> >>>>> >> >>>>> A malware scan came up clean - and it's a new install of Win7 Pro >> >>>>> over XP. >> >>>>> >> >>>>> I turned off any services that looked interesting, including the >> >>>>> Aventail connection service, the Windows firewall, and a couple of >> >>>>> others, with no change in result. >> >>>>> >> >>>>> Haven't had a chance to examine the event logs on the laptop. The >> >>>>> laptop is probably going to be wiped before I can work with him on >> >>>>> it >> >>>>> again, but I'm still very curious. Has anyone seen anything like >> >>>>> this >> >>>>> before? >> >>>>> >> >>>>> Kurt >> >>> >> >>> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> >>> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >>> >> >>> --- >> >>> To manage subscriptions click here: >> >>> http://lyris.sunbelt-software.com/read/my_forums/ >> >>> or send an email to [email protected] >> >>> with the body: unsubscribe ntsysadmin >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> >> --- >> >> To manage subscriptions click here: >> >> http://lyris.sunbelt-software.com/read/my_forums/ >> >> or send an email to [email protected] >> >> with the body: unsubscribe ntsysadmin >> >> >> >> >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> >> >> --- >> >> To manage subscriptions click here: >> >> http://lyris.sunbelt-software.com/read/my_forums/ >> >> or send an email to [email protected] >> >> with the body: unsubscribe ntsysadmin >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > --- >> > To manage subscriptions click here: >> > http://lyris.sunbelt-software.com/read/my_forums/ >> > or send an email to [email protected] >> > with the body: unsubscribe ntsysadmin >> > >> > >> > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> > >> > --- >> > To manage subscriptions click here: >> > http://lyris.sunbelt-software.com/read/my_forums/ >> > or send an email to [email protected] >> > with the body: unsubscribe ntsysadmin >> >> ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ >> ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ >> >> --- >> To manage subscriptions click here: >> http://lyris.sunbelt-software.com/read/my_forums/ >> or send an email to [email protected] >> with the body: unsubscribe ntsysadmin >> > > ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ > ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ > > --- > To manage subscriptions click here: > http://lyris.sunbelt-software.com/read/my_forums/ > or send an email to [email protected] > with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
