Ping -A / SolarWinds DNS Audit will not resolve host names through Windows Firewall

I am trying to perform some Network Discovery / DNS Audits on a corporate LAN with about 50 PC Workstation hosts.  The hosts are mostly Windows XP Professional SP2/3 and belong to an Active Directory Domain with a Windows Server 2003 as the main Domain Controller hosting DNS.  

Yesterday when using a couple of the utilities from the Solarwinds Engineers Toolset (DNS Audit and Ping Scan) to try and create a list of HOSTS and their respective IP Addresses, I noticed that about half of the workstations would not come up in the SCAN results.  After a bunch of troubleshooting, I discovered that Windows Firewall was causing this problem.  If I turn Windows Firewall off, I can resolve the DNS hostname of that machine, but if it's on, it will not return the DNS name, and ping -a to the IP address will not work either.  

Can anyone help me figure out what settings I need to configure the windows firewall with so that I don't have to turn it off completely?  I would like to be able to get ping -a to work through the windows firewall.

Thanks in advance,
dchewAsked:
Who is Participating?
 
Amit BhatnagarConnect With a Mentor Technology Consultant - SecurityCommented:
Oh...I apologize for not providing clear instruction. I wanted to know whether you are familiar with network trace using Wireshark or Network Monitor 3.2. It can capture all the activity that happens on the wire. You can take a trace while doing the Ping -a and it will show exactly what is happening on the wire for a better understanding. Let me know if you need any assistance for running a network trace. We need to do this on the source machine and the target machine simultaneously.

I hope it is clear now..:)
0
 
Amit BhatnagarTechnology Consultant - SecurityCommented:
You need to allow Netbios through the Firewall. NetBIOS uses UDP 137,138 and TCP 139.
0
 
dchewAuthor Commented:
the thing is I already have those listed as exceptions.  they are added to the exception list when you add File and Printer Sharing.

0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Amit BhatnagarTechnology Consultant - SecurityCommented:
You are correct...File Sharing can work on SMB 445 or NetBIOS (the ports I mentioned).
Ok..I tried to do the same on my Network and take a trace...my clients immediately sends out a DNS Query for a Reverse Lookup and since it is present, no other traffic is seen except DNS Query and ICMP. If I disable DNS, then all I see is NbtNS (Netbios Name Service) which works on UDP 137 and ICMP which again says, you need these ports. You can try allowing ICMP using this article

http://msdn.microsoft.com/en-us/library/ms912869.aspx
0
 
dchewAuthor Commented:
yes i have seen that article and allowed every checkmark for ICMP, still ping -a does not return host names.
0
 
Amit BhatnagarTechnology Consultant - SecurityCommented:
Trace? Can you take one while doing the same? I know it is kinda time consuming but it would also depend on how critical the problem is to you. :)
0
 
dchewAuthor Commented:
i'm not sure i understand that last response.  what exactly are you instructing me to do?  i have no problem trying it, just not sure what you want me to try.  w

what does "can you take one while doing the same?" mean?
0
 
dchewAuthor Commented:
ok, i have a little bit of experience with Wireshark, and actually have it installed on a machine on this network, from a long time ago.   The version we have is :  0.99.3 (SVN Rev 19011).  Will this work for what you want me to do?  

I will need some guidance on how to "analyze the wire"...  does this mean that I need to have wireshark installed on each PC?
0
 
Amit BhatnagarTechnology Consultant - SecurityCommented:
Great ! Since we already know that Windows Firewall is blocking the connection, we just need to analyze the traffic between one source and destination machine. One solution will work for all. Over this forum, it would be difficult to guide you to read the trace. If possible, take a trace. Save it in .PCAP or .CAP format. Zip it and attach it to this forum. I will read it for you but Yes, remember...We need the trace from both the Source and the Destination machine.

Although, I just realized one more step. You can enable logging for Windows Firewall and the packets which it is dropping. You can always open the Firewall log using simple Notepad and go through it.
0
 
Naruto_Commented:
Make sure that the computer from where you do the resolving is fully allowed on the network. Meaning unlimited access.
Maybe you could use other software to resolve all hosts in the network.
look@LAN is a great tool to discover a complete infrastructure ... and it's free ... and that's the way i like them :)

0
 
dchewAuthor Commented:
thanks!
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.