dchew
asked on
Ping -A / SolarWinds DNS Audit will not resolve host names through Windows Firewall
I am trying to perform some Network Discovery / DNS Audits on a corporate LAN with about 50 PC Workstation hosts. The hosts are mostly Windows XP Professional SP2/3 and belong to an Active Directory Domain with a Windows Server 2003 as the main Domain Controller hosting DNS.
Yesterday when using a couple of the utilities from the Solarwinds Engineers Toolset (DNS Audit and Ping Scan) to try and create a list of HOSTS and their respective IP Addresses, I noticed that about half of the workstations would not come up in the SCAN results. After a bunch of troubleshooting, I discovered that Windows Firewall was causing this problem. If I turn Windows Firewall off, I can resolve the DNS hostname of that machine, but if it's on, it will not return the DNS name, and ping -a to the IP address will not work either.
Can anyone help me figure out what settings I need to configure the windows firewall with so that I don't have to turn it off completely? I would like to be able to get ping -a to work through the windows firewall.
Thanks in advance,
Yesterday when using a couple of the utilities from the Solarwinds Engineers Toolset (DNS Audit and Ping Scan) to try and create a list of HOSTS and their respective IP Addresses, I noticed that about half of the workstations would not come up in the SCAN results. After a bunch of troubleshooting, I discovered that Windows Firewall was causing this problem. If I turn Windows Firewall off, I can resolve the DNS hostname of that machine, but if it's on, it will not return the DNS name, and ping -a to the IP address will not work either.
Can anyone help me figure out what settings I need to configure the windows firewall with so that I don't have to turn it off completely? I would like to be able to get ping -a to work through the windows firewall.
Thanks in advance,
Amit Bhatnagar
You need to allow Netbios through the Firewall. NetBIOS uses UDP 137,138 and TCP 139.
ASKER
the thing is I already have those listed as exceptions. they are added to the exception list when you add File and Printer Sharing.
You are correct...File Sharing can work on SMB 445 or NetBIOS (the ports I mentioned).
Ok..I tried to do the same on my Network and take a trace...my clients immediately sends out a DNS Query for a Reverse Lookup and since it is present, no other traffic is seen except DNS Query and ICMP. If I disable DNS, then all I see is NbtNS (Netbios Name Service) which works on UDP 137 and ICMP which again says, you need these ports. You can try allowing ICMP using this article
http://msdn.microsoft.com/en-us/library/ms912869.aspx
Ok..I tried to do the same on my Network and take a trace...my clients immediately sends out a DNS Query for a Reverse Lookup and since it is present, no other traffic is seen except DNS Query and ICMP. If I disable DNS, then all I see is NbtNS (Netbios Name Service) which works on UDP 137 and ICMP which again says, you need these ports. You can try allowing ICMP using this article
http://msdn.microsoft.com/en-us/library/ms912869.aspx
ASKER
yes i have seen that article and allowed every checkmark for ICMP, still ping -a does not return host names.
Trace? Can you take one while doing the same? I know it is kinda time consuming but it would also depend on how critical the problem is to you. :)
ASKER
i'm not sure i understand that last response. what exactly are you instructing me to do? i have no problem trying it, just not sure what you want me to try. w
what does "can you take one while doing the same?" mean?
what does "can you take one while doing the same?" mean?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
ok, i have a little bit of experience with Wireshark, and actually have it installed on a machine on this network, from a long time ago. The version we have is : 0.99.3 (SVN Rev 19011). Will this work for what you want me to do?
I will need some guidance on how to "analyze the wire"... does this mean that I need to have wireshark installed on each PC?
I will need some guidance on how to "analyze the wire"... does this mean that I need to have wireshark installed on each PC?
Great ! Since we already know that Windows Firewall is blocking the connection, we just need to analyze the traffic between one source and destination machine. One solution will work for all. Over this forum, it would be difficult to guide you to read the trace. If possible, take a trace. Save it in .PCAP or .CAP format. Zip it and attach it to this forum. I will read it for you but Yes, remember...We need the trace from both the Source and the Destination machine.
Although, I just realized one more step. You can enable logging for Windows Firewall and the packets which it is dropping. You can always open the Firewall log using simple Notepad and go through it.
Although, I just realized one more step. You can enable logging for Windows Firewall and the packets which it is dropping. You can always open the Firewall log using simple Notepad and go through it.
Make sure that the computer from where you do the resolving is fully allowed on the network. Meaning unlimited access.
Maybe you could use other software to resolve all hosts in the network.
look@LAN is a great tool to discover a complete infrastructure ... and it's free ... and that's the way i like them :)
Maybe you could use other software to resolve all hosts in the network.
look@LAN is a great tool to discover a complete infrastructure ... and it's free ... and that's the way i like them :)
ASKER
thanks!