2

I cannot even ping my computer from another device inside LAN. I've tried the followings:

  1. Turned on Network Discovery, File&Printer Sharing, Folder Sharing from Network and Sharing Center
  2. Created an allow_all rule in symantec ntp for both directions
  3. Turned off all components of Symantec Endpoint Security (NTP, PTP, even Virus Protection)
  4. Created inbound rule for ICMPv4 protocol in Windows Firewall
  5. Turned off Windows Firewall

After step 2, there was still some logs in Symantec Packet Logs about blocked incoming and outgoing requests from IP 0.0.0.0:0 to 0.0.0.0:0. The applied rules were "Block_all" and "Build-in Allow All IP Traffic" (which were not available in Firewall Rules list) and the detail is:

Ethernet II (Packet Length: 42)
    Destination:  c4-9a-02-12-6a-dd
    Source:  34-02-86-98-40-fe
Type: ARP (0x0806)
Address Resolution Protocol (ARP)
    Hardware type: Ethernet (0x0001)
    Protocol type: IP (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: Response
    Sender hardware address: 34-02-86-98-40-fe
    Sender IP address: 192.168.1.101
    Target hardware address: c4-9a-02-12-6a-dd
    Target IP address: 192.168.1.104

Note: 192.168.1.104 is the device that sends ping request.

Feyyaz
  • 121
  • 4
  • What you've shown is information for an [ARP](https://en.wikipedia.org/wiki/Address_Resolution_Protocol) request, not a [ping](https://en.wikipedia.org/wiki/Ping_%28networking_utility%29) [ICMP](https://en.wikipedia.org/wiki/Internet_Control_Message_Protocol) packet. ARP is the mechanism by which a system learns the [MAC address](https://en.wikipedia.org/wiki/MAC_address), e.g., in this case c4-9a-02-12-6a-dd for 192.168.1.104, associated with an IP address. If ARP is blocked systems can't communicate at all. Do you use both Symantec firewall software and the Microsoft Windows firewall? – moonpoint Jan 01 '16 at 15:21
  • Have you run ping tests from the system you can't access? I.e., have you run the tests in the opposite direction. If B is the system you can't access and A can't ping B, can B ping A? Can B ping the router's IP address? Have you tried pinging B from more than one system? If you don't have more than one system to ping B, only A, can A successfully ping other IP addresses? – moonpoint Jan 01 '16 at 15:30
  • @moonpoint, there were only ARP requests. Right, that's the MAC address for 192.168.1.104. At first, Symantec and Windows firewall were active, then I turned off both. – Feyyaz Jan 01 '16 at 15:39
  • @moonpoint, B can ping A and other devices, A can ping other devices. But I tried several devices to ping B, no luck. And that's not the only problem. I cannot access an HTTP File Server on B, it cannot communicate with Chromecast device, etc. Probably root cause for ARP blocks, ICMP blocks and other issues is the same. – Feyyaz Jan 01 '16 at 15:44

3 Answers3

1

Did you adjust remote settings? Right click My Computer, click on remote settings, be sure check box is ticked. In advanced, have check box for Allow remote Assistance ticked

11111

enter image description here

enter image description here

Carl B
  • 6,660
  • 16
  • 46
  • 66
  • yes, they are ticked – Feyyaz Jan 01 '16 at 15:06
  • On a Windows system, that might explain why [RDP](https://en.wikipedia.org/wiki/Remote_Desktop_Protocol) would not work, but wouldn't explain why a system wouldn't send ICMP [echo replies](https://en.wikipedia.org/wiki/Ping_%28networking_utility%29#Echo_reply) to ICMP [echo requests](https://en.wikipedia.org/wiki/Ping_%28networking_utility%29#Echo_request) sent by the ping utility on another system. – moonpoint Jan 01 '16 at 15:26
1

ARP and ICMP (Echo requests or ping) packets are often times disabled completely. You need to completely disable everything one by one until you weed out the issue. I would personally pop open wireshark and see where the packets are going or getting dropped. Wireshark can read past the firewall. You'll be able to see if its just your computer or sending computer.

cloudnyn3
  • 181
  • 3
  • 1
    I opened wireshark and sent a new ping request. Unfortunately, I didn't see any requests from 192.168.1.104. Sending device can ping other devices. – Feyyaz Jan 01 '16 at 15:48
  • Have you tried "tracert" it uses a different port and packet type, so it might not get flagged down by anything. – cloudnyn3 Jan 01 '16 at 15:59
  • I will have to say that 9/10 it's usually the firewall or a security system. I deal with this ALL the time at work. Windows also has a buttload of settings to keep people out, I would start turning EVERY single security feature you can think of off one by one and see what exactly is causing the issue. – cloudnyn3 Jan 01 '16 at 16:05
  • Traceroute also fails. I guess so, but I don't know what else to disable. – Feyyaz Jan 01 '16 at 16:09
  • Did you portforward to that machine? You might also have to disable the firewall on the router if you have one. I trust my computer's firewall enough that I don't use it. I have had weird issues because of device firewalls. – cloudnyn3 Jan 01 '16 at 16:19
  • 2
    @cloudnyn3, [traceroute](https://en.wikipedia.org/wiki/Traceroute) sends [UDP](https://en.wikipedia.org/wiki/User_Datagram_Protocol) datagrams to high-numbered ports, but Microsoft's tracert uses ICMP packets just as does ping - see [Tracert](https://technet.microsoft.com/en-us/library/cc940128.aspx). If he had access to a Linux/OS X system on the LAN, using traceroute might produce different results, but using Microsoft's tracert would likely produce the same results. – moonpoint Jan 01 '16 at 16:23
  • @moonpoint Thank-you for correcting me. I apologize =P – cloudnyn3 Jan 01 '16 at 16:26
  • @moonpoint, I used a mac for traceroute, it still fails. – Feyyaz Jan 01 '16 at 16:28
  • @Feyyaz, since Wireshark didn't see any ICMP echo requests, can you move the network connection for the .101 system to another port on the switch, router, or firewall to which it is cabled? Do you have another network cable you could try for it? I.e., can you rule out a cable or port problem? Though those don't seem like likely causes if the .101 system can ping other systems. I presume both the .101 and .104 systems have the same subnet mask. – moonpoint Jan 01 '16 at 16:29
  • 1
    @Feyyaz It seems like it is either something you haven't turned off on your OS, or a physical problem. There IS the possibility of another service unrelated to any applications you're using that might be causing this. I would temporarily turn off start up items and reboot in safe mode with absolutely nothing running other than necessities. See if that helps at all, and as moonpoint said, if they are subnetted differently that could easily cause some confusion. – cloudnyn3 Jan 01 '16 at 16:34
  • @Feyyaz, try safe mode as cloudyn3 suggested and, if the results are the same, then try a Linux [live CD](https://en.wikipedia.org/wiki/Live_CD). There are many Linux distributions for which a live CD is available, e.g., see [The LiveCD List](https://livecdlist.com/). If that works, that would confirm that the problem is within the OS at a level that is affecting the networking service in Windows even in safe mode. – moonpoint Jan 01 '16 at 16:43
  • It fails in safe mode, too. But I now believe that there is a service which blocks it, because I started pinging from my mac, it kept failing (timeout). Then I restarted the target machine, on windows logo screen (initialization), mac ping results turned to "sendTo: Host is down", and right after windows desktop screen showed up, ping results turned back to timeout. I will also try ubuntu live, thanks. – Feyyaz Jan 01 '16 at 17:30
  • @moonpoint, I'm tried Ubuntu Live. It's working just fine. So the problem must be about Windows. There is another program that I should have suspected at first: Checkpoint Endpoint Security. I disabled it's windows services, ping again failed but that still seems the most suspicious app to me. Working on it.. – Feyyaz Jan 02 '16 at 12:34
0

Well, the problem was neither Windows Firewall nor Symantec, as some of you have already suspected, it was another application that I didn't realize at first: Checkpoint Endpoint Security.

It is required for us to make VPN connections to the company. It has its own firewall that Windows doesn't detect. Even if VPN is not active, its firewall works and blocks everything, silly. And it cannot be disabled because of company policy.

The solution was to completely uninstall Checkpoint Endpoint Security :).

Thank you for all your efforts.

Feyyaz
  • 121
  • 4