Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICMP Echo Packets Being Dropped


  • Please log in to reply
36 replies to this topic

#1 SilverTop3020

SilverTop3020

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:11:37 PM

Posted 27 January 2014 - 11:04 AM

I have 2 Windows Vista PCs both with networked shared drives. The network is Private.

 

Three weeks ago I found I could no longer ping from Computer1 to Computer2 and yet the other way works fine. I also have 2 laptops that can no longer ping to Computer2.

 

I have no idea what has changed on Computer2.

 

After weeks of research, comparing Windows settings between PCs, resetting the router, checking ZoneAlarm, services that should be running, resetting winsock, running SFC, etc, etc I have found that even if both PCs are started in Safe Mode With Networking I still cannot ping to Computer2 from Computer1. The other way is ok still. I have 4 pages of attempted resolution to this problem.

 

I switched on Windows Firewall on Computer2 and can see in the Private log that ICMP Echo requests are being dropped (not blocked as I expected):-

 

2014-01-24 16:18:36 DROP ICMP 192.168.1.66 192.168.1.72 - - 60 - - - - 8 0 – RECEIVE

 

192.168.1.66 is Computer1 and 192.168.1.72 is Computer2.

 

Changing various Windows Firewall settings including adding Inbound and Outbound Rules for ICMP has made no difference.

 

I strongly suspect that the problem is with missing/wrong ICMP registry keys or permissions. I have now run out of ideas and would desperately appreciate any help as I have run out of ideas now.



BC AdBot (Login to Remove)

 


#2 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 27 January 2014 - 01:14 PM

The firewall on a router, will always drop ICMP echo packets, unless you allow the computers full open access to the Internet.  Then everything will pass right through, and anyone from the outside world, can walk right through the front door so to speak of your router.



#3 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:11:37 PM

Posted 27 January 2014 - 01:57 PM

Both Computer1 and Computer2 Communicate ok with the Internet and Computer2 can see all the drives on Computer1. It's only Computer1 (& laptops 3 & 4) that cannot access the drives on Computer2.

I reset the router to factory defaults in the early days but made no difference. 

I know DNS is held on my router but if I can see from C2 to C1 I should be able to see C1 to C2.

The dropped messages are on C2, not on the router log.



#4 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 27 January 2014 - 04:09 PM

Can PC 2 ping off your network? both IP and URL? I'd go into device manager on PC 2, remove the network card, and reboot it. Try it then. 


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#5 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:11:37 PM

Posted 28 January 2014 - 06:33 AM

PC2 works fine in all respects. It can see  PC1 and the 2 laptops all perfectly well, as well as the Internet.

I have already disabled my onboard ethernet connection and put in a wireless card. I ran for a few days (between reboots, etc) with only the wireless connection, but still PC2 could not be pinged. Again PC2 works perfectly.

 

So I have disabled the wireless card and gone back to ethernet.

 

I don't see now that the network card (ethernet or wireless) is any longer the issue. Similarly, the fact that I can see the ping dropped on the PC2 Windows Firewall log suggests it is not a router error.

 

nslookup via the dnsname and ip address both work ok.

 

Any other ideas, anyone please ?



#6 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:11:37 PM

Posted 28 January 2014 - 06:53 AM

As a reminder from PC1:-

 

Pinging computer2.lan [192.168.1.72] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

 

Ping statistics for 192.168.1.72:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

 

And if I try to connect in Network Discovery I get:-

 

Windows cannot access \\COMPUTER2

 

Error code: 0x80070035

The network path was not found.

 

I have googled and tried everything I can find on the Internet relating to both errors over the last 3 weeks.



#7 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 28 January 2014 - 08:26 AM

If you are still running Zonealarm, again it will continue to reject Pinging.  That is the purpose of a firewall.  I never use firewalls on any computer behind a Router that has a built in Firewall.  No need to double layer in that regard.  Get rid of ZoneAlarm, turn off Windows Firewall and you will see things return to normal.

 

As for resetting the adapter, do a ipconfig /flushdns and netsh winsock reset catalog in a Command Window as Administrator.



#8 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:11:37 PM

Posted 28 January 2014 - 08:43 AM

Hi Greg.   I have Windows firewall disabled by default, I only enabled it for a day to see if there was any useful diagnostics in the logs. This was how I knew the messages were reaching PC2.

I did run for 3 or days with ZoneAlarm (anti-virus & firewall) installed completely, but again it made no difference. So I since put it back on.

 

Already done:-

 

I have 2 desktops (Computer1 & Computer2) and 2 laptops (Computer3 & Computer4).

The desktops are both running Vista.

One laptop is Vista and the last is XP.

The 2 desktops have 2 disk drives each.

The 2 desktops are connected via Ethernet cables and the laptops wireless.

I mapped all the network drives so that every PC (desktop and laptop) can see every other drive (as long as the PC is switched on obviously). They share the same workgroup (WORKGROUP), etc.

This has worked fine for years.

But now one desktop (Computer2) cannot be accessed from any of the other 3 PCs. It is blocking all access from the other 3, including mapping and pings.

Drive mapping to Computer2 fails from all the other 3 PCs.

Ping fails with “Request timed out”.

All the 4 PCs, including Computer2, work fine otherwise and can access the Internet.

The other 3 can see each other’s shares still, and Computer2 can see all the other 3 remote shares ok as before.

I am not aware of any changes to Computer2 that could have caused this. So I thought NIC, firewall, router or Windows settings must be at fault (?)  Until I get the pings to work the share permissions, etc are all irrelevant. The laptops are irrelevant now to future investigations.

Network Discovery is running ok and the other computers can see Computer2 is displayed ok in the list. When I try to access Computer2 (from Computer1) in Network Discovery I get “Windows cannot access \\Computer2” with “error code 0x80070035 The network path was not found”.

Windows Network Diagnostics shows “Network diagnostics pinged the remote host but did not receive a response.”

I have put a wireless card in Computer2 and disabled the Ethernet connection. The PC works fine to the other PCs and Internet still, but ping to Computer2 still times out.

All PCs use ZoneAlarm for Firewall and Anti Virus. I removed ZoneAlarm completely from Computer2, but ping to Computer2 still times out. 

I have never used Windows firewall so that should not be relevant.

I reset my router back to factory settings, but ping to Computer2 still times out.

I have checked all the Windows settings I can think off comparing Computer1 to Computer2 bearing in mind that Computer1 is working fine, but cannot find a difference.

I have checked all the following services are running via   services.msc  – TCP/IP Netbios helper, DNS Client, Function Discovery, SSDP Discovery, UPNP Device, System Event Notification, Computer Browser, DHCP Client, Network connections, Network Location awareness, Remote Procedure Call, Server, Workstation.

Network Discovery is ON, Network is Private, File And Printer Sharing is ON, Public Folder Sharing is ON.

 

I reset the Winsock  (netsh winsock reset), but ping to Computer2 still times out.

I have flushed DNS.

nslookup resolves Computer2 ok with it IP address.

tracert and ping  both return   “Request timed out”.

arp –a     confirms Computer2 exists.

net view   shows all 4 PCs ok.

I have tried extending the timeout value in ping (ping –w 5000 computer2) to 5 secs but it still times out.

I am not aware that ping uses any particular port so I don’t know which to check is open (netstat –a).

Reboot both PCs into Safe Mode and ran a ping to each other, but ping to Computer2 still times out. The problem must be low down in the system.

Ran     sfc /scannow   on both PCs   “Windows resource Protection did not find any integrity violations”  on both.

“netsh int ip reset c:\resetlog.txt”    on Computer2  “Reseting Echo Request.  Failed.  Access is denied.”

Now Network Discovery cannot open Computer1.

Event Viewer does not show anything about pings.

Ping 127.0.0.1  network card,ok

Ping 192.168.1.254  gateway, ok

Ping 192.168.1.72  timed out  (Computer2)

HOW CAN A PC BLOCK PINGS EVEN IN SAFE MODE ?

ipconfig /release      removes the current IP address

ipconfig /renew        polls for a new IP address

ipcofig /flushdns 

 

Ran KB811259 FixIt for the Winsock, but still times out.

Ran KB299357 FixIt to reset TCP/IP

“netsh firewall set icmpsetting 8 enable”  responded with   “service not running” error because I use ZoneAlarm and Windows Firewall cannot start.

Ran KB947709 FixIt to try to start Windows Firewall with ZoneAlarm down,  no good.

Ping –w 5000 computer2     (5 secs wait time for response) , but still times out.

“netdiag /v /debug” on both PCs and compared logs.

“route print”  on both PCs and compared logs.

Removed Netbios over TCPIP from both PCs, but still times out.

Removed  PlusNet’s own servers:-

Primary DNS          212.159.13.49

Secondary DNS     212.159.13.50

 

Ran KB251899 FixIt to fix Windows Security Centre issue. W.S.C. now working.

Removed thousands of blocked sites by running DelDomains.inf, worked ok to clear sites, but still times out.

Removed thousands of blocked sites from windows/system32/drivers/etc/host  file.

Need Windows Firewall working to access ICMP settings to see if blocking pings. But Windows Firewall will not load.

 

http://www.hageltech.com/blog/2012/02/07/base-filtering-engine-problems.html

Ran BFE-Repair-Vista.zip   &   Firewall-Repair-Vista.Zip

Updated HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\BFE\Parameters\Policy

Reboot, Now Base Filtering Engine is running.

Ran FixIt http://support.microsoft.com/mats/windows_firewall_diagnostic to start Windows Firewall.

Windows Firewall start error:     Service-specific error 5 (0x5)

http://support.microsoft.com/kb/943996

Now Windows Firewall is working, Network Discovery has been switched off.

 

http://wiki.phys.ethz.ch/readme/how_to_enable_icmp_echo_requests_ping_in_windows_vista

 

In Windows Firewall, set to allow ICMP for Domain & Private only. Reboot, now Network Discovery is back.

But still cannot ping from Computer1 to Computer2 ! Ughh!

Windows Firewall And Advanced Settings enables the options in Network And Sharing Centre to be turned off/on for Network Discovery, File Sharing, Public Folder Sharing.

Rebooted Computer2 into Safe Mode. Windows Firewall is automatically enable. In Windows Firewall And Advanced Security set all 3 zones to log errors to /Windows/System32/LogFiles/Firewall/pFirewall.Log

Can see :-

2014-01-24 16:18:36 DROP ICMP 192.168.1.66 192.168.1.72 - - 60 - - - - 8 0 – RECEIVE

 

https://support.microsoft.com/kb/889527      suggests issue with   tcpip.sys

sfc /scannow    run again but no problems found.

Compared tcpip.sys with Computer1, but same version, etc.

 

To start Windows Firewall    look in Control Panel

To start Windows Firewall With Advanced Security   look in Programs, Administrative Tools

Tracert and ping both use ICMP. ICMP may drop packets if under high load.

Ping
When you ping a destination network address, you're sending an ICMP packet with message type 8 (Echo) code 0 (Echo--Request) to that address. The ICMP reply packet has a message type 0 (Echo) code 0 (Echo--Reply).

Problem exists even if Windows Firewall & ZoneAlarm are down. SFC suggests no program issues.

Only leaves settings firewall settings (?)

Check out missing registry keys, etc by downloading Farbar Service Scanner (FSS) :-

http://www.bleepingcomputer.com/forums/t/460040/windows-vista-security-center-problem-after-successful-removal-of-live-security-platinum-virus/

Restore any missing registry keys:-

http://download.bleepingcomputer.com/win-services/vista/

“netsh firewall set icmpsetting 8 enable” ok, but ping still times out.

 

 



#9 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 28 January 2014 - 03:31 PM

If Pinging is being blocked, either your router is set to not allow, or something is hosed up on one or both machines.  Try uninstalling all Network adapters on all machines and let Windows load the default drivers for them.  Then see what happens.

 

What is the manufacturer & model# of the router that you are using?



#10 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:11:37 PM

Posted 28 January 2014 - 04:58 PM

Greg,  it's not the router because the drop errors are in the firewall logs on PC2. So the messages must be getting through the router to PC2, but PC2 is dropping the pings and not sending back a response so they are timing out on PC1.

 

When I disabled the ethernet NIC and put in the wireless card Windows installed the default drivers for the wireless card. But it was still the same even through the wireless card.

 

The router is a Technicolor TG582n FTTC.



#11 Greg62702

Greg62702

  • Banned
  • 717 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:37 PM

Posted 28 January 2014 - 05:21 PM

Again, it is either the Firewall, Router, bad routing table on the computers, which was caused by installing ZoneAlarm, or Something screwed with the Hosts file.

 

You need to uninstall the devices, not disable them, in order for Windows to flush out everything related to them, including the Routing tables, and have it reinstall the devices when you boot the machines up.

 

Not doing so, along with continuing to run ZoneAlarm, you will continue to have this problem.  What does it show in Advanced Sharing Settings in Network & Sharing Center, under Private Network & All?  Does the Adapter show that it belongs to the "Private Network" in Network & Sharing Center?

 

Try this on both machines in a Command Window as Administrator (Copy & Paste what follows):  netsh firewall set icmpsetting 8 enable

 

You can also set a rule in the Firewall, by opening it up in Network & Sharing Center and enter the following rule:  Networking – Echo Request (ICMPv4-In)

 

This was taken from the info at http://www.howtogeek.com/howto/windows-vista/allow-pings-icmp-echo-request-through-your-windows-vista-firewall/  You can also find a lot of good networking information at http://www.ezlan.net



#12 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:11:37 PM

Posted 29 January 2014 - 09:39 AM

I uninstalled ZA (combined anti-virus & firewall) using Programs And Features.

 

I rebooted.

 

I then disabled both NIC cards.

I then uninstalled the wireless card "including diver software for this device". Windows removed it all and immediately re-installed the drivers.

I then uninstalled the ethernet NIC card "including diver software for this device".

 

I confirmed the setup with the 2 following commands :-

"arp –a" :-

No ARP Entries Found

 

"ipconfig /all" :-

 

Windows IP Configuration

 

 

   Host Name . . . . . . . . . . . . : Computer2

   Primary Dns Suffix  . . . . . . . :

   Node Type . . . . . . . . . . . . : Hybrid

   IP Routing Enabled. . . . . . . . : No

   WINS Proxy Enabled. . . . . . . . : No

 

Wireless LAN adapter Wireless Network Connection:

 

   Media State . . . . . . . . . . . : Media disconnected

   Connection-specific DNS Suffix  . :

   Description . . . . . . . . . . . : Atheros AR5005GS Wireless Network Adapter

   Physical Address. . . . . . . . . : 00-19-E0-67-D1-B6

   DHCP Enabled. . . . . . . . . . . : Yes

   Autoconfiguration Enabled . . . . : Yes

 

I then rebooted and the ethernet NIC drivers were re-installed.

 

I then ran "netsh firewall set icmpsetting 8 enable"   :-

"Ok."

 

Windows Firewall has come back on, and I already have inbound and outbound rules to all ICMPV4 as well as another for ICMPv4 Echo only.

 

Rebooted, but still cannot ping to PC2.

 

Switched off Windows Firewall.

 

Rebooted, but still cannot ping to PC2 :-

 

Pinging computer2.lan [192.168.1.72] with 32 bytes of data:

Request timed out.

Request timed out.

Request timed out.

Request timed out.

 

Ping statistics for 192.168.1.72:

    Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Network and Sharing Centre shows:-

Private network    (same as the other PCs).

Network discovery      on

File sharing                 on

Public folder sharing   on

 

I have already tried most of these things, but anything is worth a try when nothing works.



#13 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:11:37 PM

Posted 29 January 2014 - 09:43 AM

I had already seen http://www.howtogeek.com/howto/windows-vista/allow-pings-icmp-echo-request-through-your-windows-vista-firewall/ and tried what it said, but it was worth another try if I want support.



#14 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:11:37 PM

Posted 29 January 2014 - 09:56 AM

I have looked at   http://www.ezlan.net   but still nothing explains the simple question why PC2 is dropping ICMP packets even though Echoes have been allowed through Windows Firewall.



#15 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:37 PM

Posted 29 January 2014 - 02:46 PM

With everything that you have done, my only conclusion is Zonealarm is causing this. I know you uninstalled it but I know of nothing in windows that would cause ICMP packets to just drop. Try turning ZA all the way down and then disable it and maybe use http://www.bleepingcomputer.com/download/zonealarm-uninstall-tool/ I know you're going to say that it's on my other PC and there's no problem but I can think of nothing else.

 

If the TCP/IP stack was corrupt, “netsh int ip reset c:\resetlog.txt”    on Computer2  “Reseting Echo Request.  Failed.  Access is denied. resets tcp/ip and that last bit makes me think it is ZA.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users