Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ICMP Echo Packets Being Dropped


  • Please log in to reply
36 replies to this topic

#16 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:07:46 AM

Posted 29 January 2014 - 02:52 PM

ZoneAlarm has already been uninstalled as per Greg's suggestion. I do not have it on my PC any more.

Besides I had the ICMP DROP errors when the PC was only booted into Safe Mode when ZA was not running.

 

I don't suggest for one second that this is an easy problem as I have already tried every setting and suggestion I have found on the Internet.

 

There is very little information on ICMP DROP errors and how to resolve them.



BC AdBot (Login to Remove)

 


#17 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:07:46 AM

Posted 29 January 2014 - 03:07 PM

Ideally, I would uninstall Windows Firewall but I can't because it is too wrapped into Vista. Re-installing would then reset WF itself and the registry keys it uses which might help.

 

An ICMP Echo Request type 8 code 0 should be coming in and an ICMP Echo Response type 0 code 0 go back. I can see the ICMP Echo Request type 8 code 0 arriving ok, but then just dropped instead of being returned.



#18 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 29 January 2014 - 05:00 PM

The only thing I know of that drop packets are firewalls, on a PC or in a router makes no never mind. The last thing I can suggest is download Wireshark, it's a free packet sniffer and have it running on PC2's interface and ping it from other PCs. Then you can see the actual packets coming in. This shoulda been my first suggestion lol. BTW Wireshark is just nerdy cool. you'll see what I mean =)


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#19 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:05:46 PM

Posted 29 January 2014 - 06:50 PM

Couple of things to try

 

make sure the file&print firewall rules are set to allow to all profiles.

Create a relation ship between the machines using the follwing commands

net use \\pc1\ipc$
net use \\pc2\ipc$

Supply a username and password for both.

open up Explorer and type the word network, if its working then you wont have to do anything or click the Allow network discovery to populate the list of machines (Do this on both amchiens).

Stop reseting the winsock it has nothign to dow ith this problem and also dont worry about the router, once again it has nothing to do with an ICMP (7) echo request. it would only apply from the management interface IE(Internet and not LAN)

 

o i forgot to try one more thing mate, goto run and type ncpa.cpl and right clickmthe network adaptor and then make sure you have "File & Pritn Sharing for microsoft networks" ticked on both machines. if its not there, then click Install/Service/FileAnd print (off the top of my heard thats how it goes)


Edited by JohnnyJammer, 29 January 2014 - 06:56 PM.


#20 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:07:46 AM

Posted 30 January 2014 - 09:02 AM

Hi johnnyJammer.

 

I am between a rock and a hard place. I have tried everything I have found on the Internet (Mircrosoft and forums) over the past 3 weeks and failed. So if I ask for help I feel I have to try anything anyone suggests even if personally I do not believe it will work. Hence I reset the winsock, TCPIP, router and a host of other things in my massive list earlier.

 

As Computer1 (desktop) and Computer 3 & Computer4 (my 2 laptops) all work perfectly, and through the same router,  I reckon the fault has to be on Computer2 only.

 

As the Windows Firewall log shows the dropped packets from all the other 3 PCs the issue cannot be the router as the messages are reaching Computer2 ok.

 

As Computer2 cannot be pinged when my PCs are all in Safe Mode, ZoneAlarm and all other 3rd software is irrelevant although people still keep referring to it. Not that it is relevant to my problem, but a router is just a hardware firewall, ZA provides a software firewall and anti-virus, both of which I prefer to the Microsoft’s own offerings.

 

For whatever reason Computer2 is receiving an Echo Request type 8 code 0 and is not responding correctly with an Echo Response type 0, instead choosing to drop the packets.

 

Network Discovery on both PCs sees Computer1 and Computer2 ok and creates a diagrammatic map. So they are seeing each other.

 

I tried what you suggest on Computer1 and got back:-

 

          C:\Users\Mike>net use \\Computer1\ipc$

         The command completed successfully.

         C:\Users\Mike>net use \\Computer2\ipc$

         System error 53 has occurred.

         The network path was not found.

 

I tried what you suggest on Computer2 and got back:-

         C:\Users\Emma>net use \\Computer1\ipc$

         The command completed successfully.

         C:\Users\Emma>net use \\Computer2\ipc$

         The command completed successfully.

         As expected at this stage it is a one-way thing.

 

On your second suggestion, "File and Printer Sharing for Microsoft Networks" was ticked on both machines.



#21 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 30 January 2014 - 11:35 AM

the reason we keep mentioning it or at least I do is because if you search the net on how to block icmp...guess what the answer is 100% of the time? that's right a firewall. But since it's irreverent in your case, I'll stop talking. Good luck =) 


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#22 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:07:46 AM

Posted 30 January 2014 - 03:08 PM

Hi CD2,

 

I am very greatful for any assistance I receive as probably only with help will this ever get sorted.

 

I have probably read all the same forums as yourself about blocking ICMP, which is usually a firewall issue, but I think dropping ICMP is a different issue. ZA cannot be the cause in Safe Mode and I have already tried every possible setting in Windows Firewall and everything looks fine although it does not work.

 

It's a strange enigma when I get :-

 

C:\Users\Mike>net use \\Computer2\ipc$

System error 53 has occurred.

The network path was not found.

 

And yet the pings are still getting through to Computer2 and being logged..



#23 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:07:46 AM

Posted 30 January 2014 - 05:14 PM

I installed Wireshark and can see the ICMP requests coming in from 192.168.1.66  to  192.168.1.72 and the format looks ok when the packet is expanded.

But there are no echo responses going back out.

So again, I can see what is happening but no explanation why so I know what to change to fix it.

 

Wireshark says the message length received is 74, and the ping command sent in CMD says pinging with a length of 32 bytes,  so I don't know if that is significant.



#24 JohnnyJammer

JohnnyJammer

  • Members
  • 1,117 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:QLD Australia
  • Local time:05:46 PM

Posted 30 January 2014 - 09:24 PM

ok mate try this command in Dos prompt, make sure to run it as Admin mate

netsh firewall set icmpsetting type = 8 mode = ENABLE

Ensure that the zone alarm firewall service is completley disabled and make sure the windows firewall is running.



#25 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:46 AM

Posted 30 January 2014 - 09:29 PM

what does the ICMPv4 section look like of 'netstat -s' ? 


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#26 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:07:46 AM

Posted 31 January 2014 - 06:23 AM

Hi guys (glad to have you back CD2 !).

 

I have tried the netsh command 4 or 5 times now. However,

 

ZA is shut down and Windows Firewall on 

I ran the command exactly as you typed it and it replied "Ok.". 

I tried to ping, but still timed out.

 

I ran the netstat -s and the output is below:-

 

IPv4 Statistics

  Packets Received                   = 8341
  Received Header Errors             = 0
  Received Address Errors            = 0
  Datagrams Forwarded                = 0
  Unknown Protocols Received         = 0
  Received Packets Discarded         = 162
  Received Packets Delivered         = 8581
  Output Requests                    = 5369
  Routing Discards                   = 0
  Discarded Output Packets           = 0
  Output Packet No Route             = 16
  Reassembly Required                = 0
  Reassembly Successful              = 0
  Reassembly Failures                = 0
  Datagrams Successfully Fragmented  = 0
  Datagrams Failing Fragmentation    = 0
  Fragments Created                  = 0

IPv6 Statistics

  Packets Received                   = 4
  Received Header Errors             = 0
  Received Address Errors            = 0
  Datagrams Forwarded                = 0
  Unknown Protocols Received         = 0
  Received Packets Discarded         = 4
  Received Packets Delivered         = 41
  Output Requests                    = 69
  Routing Discards                   = 0
  Discarded Output Packets           = 0
  Output Packet No Route             = 2
  Reassembly Required                = 0
  Reassembly Successful              = 0
  Reassembly Failures                = 0
  Datagrams Successfully Fragmented  = 0
  Datagrams Failing Fragmentation    = 0
  Fragments Created                  = 0

ICMPv4 Statistics

                            Received    Sent
  Messages                  13          0        
  Errors                    0           0        
  Destination Unreachable   0           0        
  Time Exceeded             0           0        
  Parameter Problems        0           0        
  Source Quenches           0           0        
  Redirects                 0           0        
  Echo Replies              1           0        
  Echos                     12          0        
  Timestamps                0           0        
  Timestamp Replies         0           0        
  Address Masks             0           0        
  Address Mask Replies      0           0        
  Router Solicitations      0           0        
  Router Advertisements     0           0        

ICMPv6 Statistics

                            Received    Sent
  Messages                  0           7        
  Errors                    0           0        
  Destination Unreachable   0           0        
  Packet Too Big            0           0        
  Time Exceeded             0           0        
  Parameter Problems        0           0        
  Echos                     0           0        
  Echo Replies              0           0        
  MLD Queries               0           0        
  MLD Reports               0           0        
  MLD Dones                 0           0        
  Router Solicitations      0           6        
  Router Advertisements     0           0        
  Neighbor Solicitations    0           1        
  Neighbor Advertisements   0           0        
  Redirects                 0           0        
  Router Renumberings       0           0        

TCP Statistics for IPv4

  Active Opens                        = 106
  Passive Opens                       = 1
  Failed Connection Attempts          = 2
  Reset Connections                   = 17
  Current Connections                 = 3
  Segments Received                   = 8255
  Segments Sent                       = 4997
  Segments Retransmitted              = 81

TCP Statistics for IPv6

  Active Opens                        = 0
  Passive Opens                       = 0
  Failed Connection Attempts          = 0
  Reset Connections                   = 0
  Current Connections                 = 0
  Segments Received                   = 0
  Segments Sent                       = 0
  Segments Retransmitted              = 0

UDP Statistics for IPv4

  Datagrams Received    = 191
  No Ports              = 5
  Receive Errors        = 210
  Datagrams Sent        = 248

UDP Statistics for IPv6

  Datagrams Received    = 12
  No Ports              = 0
  Receive Errors        = 4
  Datagrams Sent        = 85



#27 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:07:46 AM

Posted 31 January 2014 - 06:41 AM

The ICMPv4 statistics confirm what I have been saying.  3 attempts to ping Computer2 from Computer1 (4 tries in each) is the 12 Echoes received. But no packets are being sent back at all from ICMPv4. 

 

Looking at a netstat -s on my good PC (Computer1) I see:-

 

ICMPv4 Statistics

                            Received    Sent
  Messages                  254         338      
  Errors                    0           0        
  Destination Unreachable   253         326      
  Time Exceeded             0           0        
  Parameter Problems        0           0        
  Source Quenches           0           0        
  Redirects                 0           0        
  Echo Replies              1           0        
  Echos                     0           12       
  Timestamps                0           0        
  Timestamp Replies         0           0        
  Address Masks             0           0        
  Address Mask Replies      0           0        
  Router Solicitations      0           0        
  Router Advertisements     0           0      

 

There are a lot of destination reachable but at least the sent stats are not zero.  



#28 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:07:46 AM

Posted 31 January 2014 - 06:48 AM

As I understand it the number of messages received and sent should match,  and the number of Echos Received/Sent and Echo replies Received/Sent should match.

But I have no idea what can be causing the drops.



#29 gits68

gits68

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:08:46 AM

Posted 16 May 2014 - 02:26 AM

hi, same here, still not found any solution... did you ?


Edited by gits68, 16 May 2014 - 02:26 AM.


#30 SilverTop3020

SilverTop3020
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Sheffield, UK
  • Local time:07:46 AM

Posted 16 May 2014 - 04:49 AM

Hi there gits68.  I have worked all my life with computers, mainframes, Unix, Solaris, Linux and every version of Windows. I have fixed every problem I have ever had until I had this. I believe my daughter downloaded some games from Steam just before Christmas and that is when this all started. Or she had a virus I don't know about. I have read every thread on the Internet and had assistance from Microsoft but still the problem exists. I have exported/imported all the Windows registry keys from my PC to my daughter's PC, reset everything possible, tried various forums, but there is no solution. I would not waste money paying for an "expert" to fix the problem as even Microsoft knew less about how Windows Firewall works than I did. 

I have created WF exceptions and they all work for everything except anything relating to ICMP ping. I could go on forever.

There is only one workaround.  On her PC enter run, type in services.msc, locate the Windows Firewall service, right click and change to Manual. Reboot. 

I can then copy files to her PC from mine ok with her firewall down. When I have finished I change the Windows Firewall service back to Automatic and reboot.

Of course I can do anything anyway from her PC, but as mine is the master and I back up to hers, I prefer to run my backup utilities from my PC.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users