Solved

Windows 8 Allows Ping from Router, but not other PC

Posted on 2013-12-08
22
1,110 Views
Last Modified: 2014-01-06
When testing in my lab, I ran into some weird behavior with ping.  I had 2 win8 machines attached to a switch, and that switch attached to a router.  I was unable to ping from one of the PCs to the other one, but found that both the router and switch were able to ping both machines without problem.

Then I added a inbound firewall exception for ICMP on both PCs and was able to then ping PC to PC.  

I understand that the Windows firewall blocks pings by default, but does anyone have any thoughts on why it wouldn't block them from the router or switch.

Hardware I'm using is as follows:
Win 8 HP laptop
Win 8 tower
Cisco 3550 switch
Cisco 2950 switch
Cisco 1721 router
0
Comment
Question by:RKnebel512
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 5
  • 5
  • +2
22 Comments
 
LVL 95

Assisted Solution

by:John Hurst
John Hurst earned 250 total points
ID: 39705168
I use Symantec Endpoint Protection which disables Windows Firewall and I can happily ping my Windows 8.1 laptop from my Windows 7 desktop.

To your comment above, my guess is that Windows Firewall accepts a ping from the device it is connected to but not beyond that.

... Thinkpads_User
0
 
LVL 15

Expert Comment

by:Skyler Kincaid
ID: 39705230
Where you pinging by name or IP address?
0
 
LVL 3

Author Comment

by:RKnebel512
ID: 39706800
@thinkpads_user: In my topology, I could ping from the router too, which is not directly connected. In fact, I added another switch and another router just to be certain, and the far router (on a different network) could still ping.

@xKincaidx: I'm pinging by up addresses in all instances. I don't have and set up.
0
Building an interactive eFuture classroom

Watch and learn how ATEN provided a total control system solution including seamless switching matrix switch, HDBaseT extenders, PDU, lighting control to build an interactive eFuture classroom.

 
LVL 95

Expert Comment

by:John Hurst
ID: 39707085
Microsoft secures things by turning them off so you cannot use them. You may wish to use a commercial firewall that does not have these issues.

Based on what you said, I expect that Microsoft Firewall had difficulty interpreting the source ping that would not go through. Either the ping (seems doubtful) or the IP/DNS/Gateway it came from. It may have interpreted the IP as a problem source.

I tried several different machines into my Windows 8.1 machine and it always responded.

So then, either just use the exceptions you implemented in Microsoft Firewall (normal practice) or consider a different Firewall.

.... Thinkpads_User
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39707106
Did you happen to try forcing an IPv4 ping, such as:
Ping. -4  192.168.123.123
Win 8 may default to IPv6.  I am not sure about Win 8 (will check) but all I thought all previous O/S's allowed IPv4 ICMP requests by default.  The router would have used IPv4.
0
 
LVL 3

Author Comment

by:RKnebel512
ID: 39707449
@thinkpads_user: The problem is that Windows is not blocking pings from my routers and switches when the firewall is up.  It only blocks the PC pings.

@RobWill: I will try an IPv4 ping later, but I don't think that's the problem.  When I punched a hole in the firewall to let the traffic through, I punched a hole for ICMPv4.  So if that was the issue, it should still be blocking.

I know that the windows firewall is supposed to block pings by default.  My issue is that it isn't blocking any pings from the router and switch.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 39707457
I think that is because the router and switch are next to your computer. So the Windows Firewall sees no danger in them.

... Thinkpads_User
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 39707478
Perhaps it may be helpful (if only for me) to see the PC source as a "live" source (e.g. a source of internet traffic on top of the ping and so possibly dangerous); and the Router sources as a "dead" source (e.g. no traffic, just a ping).

.... Thinkpads_User
0
 
LVL 77

Expert Comment

by:Rob Williams
ID: 39709958
I am not so I agree with your last comments Thinkpads_User.  It implies the firewall has some sort of 3rd party intelegence  :-)
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 39739905
Hi, are both router and switch using a 'ping' command / do you ping manually from those devices? It could be that both these devices use some sort of tcp based ping, so not using ICMP protocol at all. Or do you determine that the W8 can be 'pinged' by looking at DHCP statistics maybe?
0
 
LVL 3

Author Comment

by:RKnebel512
ID: 39743125
- I used the ping command in all cases, from the command prompt on the PC and from CLI on the routers and switches.  

- All boxes are using ICMP.  I know this because I ran wireshark packet sniff and they all showed up as ICMP.  When I went through the packets, all the information looked the same, except for the "data" payload.  The Cisco switch and router had a payload of 72 bytes, while the PC had a payload of 32 bytes.  But I don't see why that would make a difference.  I was under the impression that those were just a placeholder to verify that everything is transmitting properly.

I'm not really sure what you mean by the last question, but I'm not using any DHCP.  Everything has a static ip address.
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 39743347
>>I'm not really sure what you mean by the last question, but I'm not using any DHCP.  Everything has a static ip address.

Never mind that, knowing that you use ping answers this already. Just to be clear: when disabling all ICMP inbound rules on the W8 machines makes ping from the Cisco equipment work? If that's the case then either the ICMP (blocking) rules are not working on the W8 machines or the ICMP echo packet sent by the Cisco equipment is not ICMP.

Can you post the packet with 72 byte payload sent by the Cisco equipment and the reply packet sent by the W8 machine?
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 39743361
Cisco 2950 switches' ping command is sending ICMP packets, but it can support other 'protocol keywords' as well:

http://www.cisco.com/en/US/docs/switches/lan/catalyst2950/software/release/12.1_13_ea1/configuration/guide/swtrbl.html#wp1084463

Can you get us a ping command reference from you Cisco switch, maybe "ping -?"?
0
 
LVL 3

Author Comment

by:RKnebel512
ID: 39744021
Here is the Ping options on each Cisco Device:


Switch-3550#ping ?
  WORD  Ping destination address or hostname
  ip    IP echo
  tag   Tag encapsulated IP echo
  <cr>


Switch-2950#ping ?
  WORD  Ping destination address or hostname
  ip    IP echo
  tag   Tag encapsulated IP echo
  <cr>


Router-1721#ping ?
  WORD  Ping destination address or hostname
  ip    IP echo
  tag   Tag encapsulated IP echo
  <cr>


In each case I just used the standard "ping 192.168.10.51" command.
0
 
LVL 38

Expert Comment

by:Gerwin Jansen, EE MVE
ID: 39746280
You can attach a small capture file to your post, I tried importing your text-paste - did not work - I'll remove the 'big' post above ;)
0
 
LVL 3

Author Comment

by:RKnebel512
ID: 39748764
Okay, Here it is.  I uploaded both the tacket trace from the router to the PC and the one from  PC to PC.  

The attach file here on experts-exchange wouldn't let me attach a .pcapng wireshark file, so I changed the file extension to .txt.  It will have to be changed back before you can use the file.

Both of these traces are taken when the firewall is down so that I was able to get both request and reply packets.
Ping-From-Router-to-PC.txt
Ping-From-PC-to-PC.txt
0
 
LVL 38

Accepted Solution

by:
Gerwin Jansen, EE MVE earned 250 total points
ID: 39753151
Got the files and had a look, only 2 differences I found:
- TTL from the request from the router that is 255 instead of 128 for the others (reply from PC and request/reply to/from PC).
- data from router is 72 bytes, from PC is 32 bytes

Can you post a trace as well between router and PC when the firewall is enabled on the PC? Because that is where the ping is working where you wouldn't expect it, right?
0
 
LVL 3

Author Comment

by:RKnebel512
ID: 39758521
So I can no longer replicate the problem.  I set up the same topology as I had before, but the computers only exhibit the behavior that thinkpads_user mentioned above, where Windows firewall allows pings that are coming from the same network.  

I can no longer get the far router on a different network to ping the PC when the firewall is up.  

Since I can't replicate the problem anymore, I think I will have to give up on the question.  Thank you everyone for your help.
0
 
LVL 95

Expert Comment

by:John Hurst
ID: 39758976
@RKnebel512 - Thank you for updating us.   .... Thinkpads_User
0

Featured Post

Manage your data center from practically anywhere

The KN8164V features HD resolution of 1920 x 1200, FIPS 140-2 with level 1 security standards and virtual media transmissions at twice the speed. Built for reliability, the KN series provides local console and remote over IP access, ensuring 24/7 availability to all servers.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article offers some helpful and general tips for safe browsing and online shopping. It offers simple and manageable procedures that help to ensure the safety of one's personal information and the security of any devices.
Keystroke loggers have been around for a very long time. While the threat is old, some of the remedies are new!
In this Micro Tutorial viewers will learn how to use Boot Corrector from Paragon Rescue Kit Free to identify and fix the boot problems of Windows 7/8/2012R2 etc. As an example is used Windows 2012R2 which lost its active partition flag (often happen…
This Micro Tutorial will show you how to maximize your wireless card to its maximum capability. This will be demonstrated using Intel(R) Centrino(R) Wireless-N 2230 wireless card on Windows 8 operating system.

737 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question