Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

No ICMP response from Windows XP client - firewall disabled

Status
Not open for further replies.
mitchen

mitchen

Technical User
Aug 5, 2005
11
GB
I was troubleshooting an issue a user had with their telnet sessions dropping when they left them idle, despite there being no timeouts configured on the servers. The user is running Windows XP SP2.

I captured the network traffic for the user's network segment and found that, at the time of the disconnects, the server was sending TCP Keepalive messages but getting no response.

I then tried pinging the IP address of the user's machine. The machine name resolves ok but there is no response back from the ping. I have even tried pinging the machine from the network switch it is directly connected to but still no response. However, I DO get a ping response from other machines on the same subnet - making me suspect it is something on this particular machine.

My immediate thought was that it was the Windows XP firewall blocking ICMP messages - however, it turns out the user already has the XP firewall disabled. They aren't (knowingly!) running any other firewall software.

So, what could they have on their machine which could possibly be preventing it from responding to Pings?

To confuse things even more, from the users machine it IS possible to ping all other devices on the network. There just seems to be something on that machine which is preventing it from responding to pings from other devises.

Does anyone have any ideas of what could be doing this? Or how to find out what it could be?
 
Sort by date Sort by votes
if you're using a router, check the ICMP request settings for that particular machine address at the router, it could be blocking ICMP requests, if it is, you will need to program the router to allow ICMP incoming/outgoing on the LAN address for the computer that's not recieving ICMP requests.
 
Upvote 0 Downvote
Hi, thanks for the response.

No, I don't believe it is a router blocking ICMP requests - if it was then I would have expected to see the same behaviour for other devices on the same subnet. I also would have expected to see pings FROM the "problem" machine being blocked.

I have also tried Pinging the problem machine from the network switch it is directly connected to but no response. Yet I can ping another device on the same subnet and a different port without any problems. There are no errors being reported on the switch port and I've even tried connecting the machine to a different switch port anyway but this makes no difference.

I am fairly certain that it has to be something on the machine itself which is to blame - but I just don't know what! Its certainly a strange problem!
 
Upvote 0 Downvote
Hi, thanks for the response.

The failure is occuring at the machine itself - pathping doesn't really reveal anything as it just times out. I'm talking about pinging it from the same LAN - even down to both devices being on the same switch so its no even going through any routers or anything.

I connect my laptop to the network switch the user is also connected to.

I ping the user's laptop - my network sniffer shows the ping requests leaving my machine but no responses coming back from the user.

The user pings my laptop - and, bizarrely, they are able to do this successfully!

So, it seems there is something on this user's machine which is blocking incoming ICMP echo requests to it or preventing it sending ICMP echo replies?

It is very bizarre, to say the least!
 
Upvote 0 Downvote
It sounds like it's not allowing ICMP packets out then.
I would have a look at packet filtering on the tcpip protocol itself, go to the settings for the NIC, properties of TCPIP, Advanced, Options and then TCP/IP Filtering.

Check to make sure that nothing is set in there.
 
Upvote 0 Downvote
Yeah, we already looked at the TCP/IP filtering - it wasn't even enabled though.

Even tried enabling it and having everything as "permit all" but that made no difference either!

Its really got me scratching my head!
 
Upvote 0 Downvote
ok, long shot... try removing IP, restarting the pc, reinstalling IP. I do know that NT had a problem sometimes where the stack would get it's knickers in a twist and the only way around it was to reinstall the stack.
 
Upvote 0 Downvote
Hi, that was also a step I had considered myself.

Only thing I was wary of - is there any potential repercussions from resetting the IP stack? i.e. is it possible that I could screw things up even further rather than fix things!?

Thanks for all the assistance so far!
 
Upvote 0 Downvote
Can the pc ping itself?

Stu..

Only the truly stupid believe they know everything.
Stu.. 2004
 
Upvote 0 Downvote
Highly unlikely, is the client DHCP or static? If DHCP then just do it, if it's static take the settings then do it.
 
Upvote 0 Downvote
They aren't (knowingly!) running any other firewall software." Many people I work with install Norton antivirus and have no idea that they have also installed Norton Internet security. You should probably check the pc yourself.

 
Upvote 0 Downvote
Some examples of similar problems and fixes. The running thread appears to be hidden firewall components in third party antivirus software or firewall settings remaining active even though they are disabled.

I Simply Can't Ping A Computer On My Network
thread779-1096319

Cannot ping XP workstation
thread779-920007

RTO when pinging a specific macine
thread779-951678

How to troubleshoot TCP/IP connectivity with Windows XP
 
Upvote 0 Downvote
Folks,

thanks for all the helpful advice so far.

Looks like we've made a breakthrough, of sorts. Tried a few things, resetting the TCP/IP stack, uninstalling some pieces of software. Nothing had any effect until...

We uninstalled the Cisco VPN client software on this machine and - wow - it then becomes pingable (is that a word?!) from all other machines on the network again.

So, we think - the Cisco VPN software must have somehow got corrupted. But, when we reinstall it, we can no longer ping that machine again.

Doesn't seem to make sense as we have several other users running the same version of Cisco's VPN client (4.01) on the same LAN, without these problems.

So, how can we resolve this once and for all and have this machine reachable by Ping AND have the Cisco VPN client software installed?

Any thoughts/suggestions?

Thanks again.
 
Upvote 0 Downvote
Folks,

ignore my last message - problem now resolved!

It looks like what was required was an uninstall of the Cisco VPN client software AND a reset of the TCP/IP stack. However, it had to be carried out in the correct order.

1) Uninstall VPN client software
2) Reset TCP/IP stack
3) Reinstall VPN client software

After completing the steps in this order, everything sprang into life as it should! (at last!)

Thanks for all your help.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

K
  • Question
Recover Data Windows 10
Replies
2
Views
2K
Rick998
Rick998
pjw001
  • Locked
  • Question
Latest Windows Update - End of Service
Replies
2
Views
761
pjw001
pjw001
VicM
  • Locked
  • Question
Problem updating Windows Explorer
Replies
1
Views
372
Nancycaf
Nancycaf
pjw001
  • Locked
  • Question
Windows 11 Screen Colours have changed (slightly) 3
Replies
14
Views
2K
pjw001
pjw001
theConjurian
  • Locked
  • Question
No administrator rights after upgrading to Windows 11
Replies
19
Views
769
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top