# Two computers, one can ping the other, the other cannot



## El Ornitorrinco (Mar 17, 2009)

Try this one on for size.

Two computers running Windows XP Professional SP3 are networked to the same router, both have access to the internet. Both firewalls are disabled, and are on the same workgroup. _rickys-computer_ can ping _RoadRunner_ but _RoadRunner_ cannot ping _rickys-computer_. 



rickys-computer ipconfig /all said:


> Windows IP Configuration
> Host Name . . . . . . . . . . . . : rickys-computer
> Primary Dns Suffix . . . . . . . :
> Node Type . . . . . . . . . . . . : Unknown
> ...





RoadRunner ipconfig /all said:


> Windows IP Configuration
> 
> Host Name . . . . . . . . . . . . : RoadRunner
> Primary Dns Suffix . . . . . . . :
> ...


So here is the successful ping, from _rickys-computer_ to _RoadRunner_.



rickys-computer to RoadRunner ping said:


> Pinging roadrunner.giffordclan.org [192.168.1.65] with 32 bytes of data:
> 
> Reply from 192.168.1.65: bytes=32 time<1ms TTL=128
> Reply from 192.168.1.65: bytes=32 time<1ms TTL=128
> ...


And here is the unsuccessful ping, from _RoadRunner_ to _rickys-computer._



RoadRunner to rickys-computer ping said:


> Pinging rickys-computer.giffordclan.org [192.168.1.85] with 32 bytes of data:
> Request timed out.
> Request timed out.
> Request timed out.
> ...


I was able to find one other guy that had the same problem on the whole internet, and the community in that thread helpfully responded by saying that it is not possible to get this sort of problem. Here it is, documented in all its glory. Also, I find it interesting that _RoadRunner_ is able to identify the IP address of _rickys-computer_ when I tell it "ping rickys-computer", yet it cannot communicate with it. I haven't learned that much about computers and networking yet, so I haven't the foggiest why that would be. All help is greatly appreciated. 

Gratefully,
Ricky


----------



## grue155 (May 29, 2008)

One way pings like this point to a problem with the underlying networking setup. Typically it is a probem with the Address Resolution Protocol (ARP). That's how the hardware translates hardware addresses into IP addresses. If one machine has its translation table somehow corrupted, it can receive just fine, but can't send (well, it can send, but it goes to the wrong place).

The easiest way to run down an ARP problem like this, is to install a network monitor like Wireshark (www.wireshark.org) and see what packets are doing on the wire when the ping is done. It doesn't matter which machine gets Wireshark installed, so long as they're on the same wire.


----------



## El Ornitorrinco (Mar 17, 2009)

Update:

OK, so I tried pinging _rickys-computer_ from a third computer on the network, _Titan_, and it was also not able to ping _rickys-computer,_ nor was the router able to ping it. This destroys my earlier theory that _roadrunner_ was not able to send pings, rather it is now clear that _rickys-computer_ cannot receive them. _rickys-computer_ is set to dual boot XP Pro and Ubuntu Linux, so I booted it up in Linux and pinged it successfully from Titan, roadrunner, and the router, so it is a Windows problem. Gotta love Microsoft. 

So, uh, what do I do now?

Many thanks,
Ricky


----------



## grue155 (May 29, 2008)

The thing to find out now on _rickys-computer_ is what it is seeing in terms of packets trying to come into the machine. That means Wireshark should be installed on _rickys-computer_ The description makes it sound like there is some kind of firewall or some such that's blocking traffic. If Wireshark is showing the inbound ping then it is really a Windows configuration problem. If Wireshark is showing outbound packets in reply, then Windows may be okay, but where are the packets going is the question to be answered.


----------



## El Ornitorrinco (Mar 17, 2009)

If you'd look at my WireShark report, I'd be much obliged. It's interesting that it's trying so hard to find _screamer_ a computer from an old network that _rickys-computer_ used to be on. The gray ones are _roadrunner_ pinging _rickys-computer_. (I'm sure you would have figured it out, but it should save you some time to not have to look for it)

Here is my report: 
http://www.2shared.com/file/5136337/67489e10/roadRunnerPingRickysComputer.html

I only have an inkling as to what any of the report means. But man is that thing _cool._ Anyways, looking forward to figuring out what the heck is going on.

Many thanks,
Ricky


----------



## johnwill (Sep 26, 2002)

Top suspect here is still a firewall. Failure to ping in an otherwise working network setup is almost always a firewall component blocking the requests.


----------



## grue155 (May 29, 2008)

This does look like a firewall problem, probably on machine 1.85. The packet capture is showing the outbound ping requests from 1.65 to 1.85 (frames 9 and 10). The packet capture is also showing traffic from 1.85 to google (frames 3 and 4). All the MAC addresses are consistent, so there isn't an ARP problem.

A quick check of the Windows Security Center (Control Panel -> Security Center) should show if a firewall is running. You can check the Windows Firewall by clicking the link at the bottom of the Security Center window. I'm suspecting the Windows Firewall is turned on.

As an aside, 1.85 is running Netbios over IPX. I haven't seen IPX being used for some time. This is something that you've set up? It's not a typical configuration. Packet capture frames 32 to 43 have IPX frames and regular IP frames.


----------



## El Ornitorrinco (Mar 17, 2009)

I am pretty sure that Windows Firewall is not the problem. I turned it off immediately after installing the network card, and disabled the Windows Firewall/ICS service. Now when I try to manually restart it it tells me, "Could not start the Windows Firewall/ICS service on Local Computer. Error 1608: The dependency service or group failed to start."

Dunno what's up with that. I used IPX on the old network because my family and I like to play some old games like WarCraft 2 and some of the older Command and Conquer games, and TCP/IP is not an option on many of them.

EDIT:
So I looked up Windows Firewall/ICS on Eldergeek and it told me, "Provides network address translation, addressing, name resolution and/or intrusion prevention services for a home or small office network." This sounds like the exact sort of thing that might be my problem, and that perhaps starting it again would solve it. Great. Why won't it run? I went to the properties in Services, looked at dependencies, and it said nothing, so I don't know what service it's dependent on that isn't running.


----------



## mark_s0 (Mar 20, 2009)

Other than windows/software firewall, are you able to start/restart any other services or just that one that's not loading?

if it's just that one, check that Network Connections service is started. If it's all services, it's probably a deeper issue with windows.


----------



## Influencer (Mar 4, 2009)

Also, make sure that there are no other Anti-virus software or firewalls on the computer that are on. Some(Like McAfee for instance) disable Security Center. It is still enabled in services, but it will not run. I don't mind because I love McAfee and it is leagues better than security center(if you get Total Protection), but the notification that "your computer is at risk" because Security center is turned off is extremely annoying. Just a thought, you haven't said if there were any more firewalls/anti-virus software on your computer. And keep in mind, even with McAfee disabled, it will not let security center start up.


----------



## El Ornitorrinco (Mar 17, 2009)

I have Comodo, but it has not been running during any of these tests. However, it might explain the startup problem. I have another computer running Comodo, I will try to start the ICF service on that.


----------



## El Ornitorrinco (Mar 17, 2009)

Update:
I looked at the dependencies of Windows Firewall/ICF on another computer and I found that one of them, Windows Management Instrumentation, was not running. I tried running it, but one of its dependent services, Event Log, was not running. Joy of joys. Luckily Event Log started right up, so I was able to start up Windows Management Instrumentation and then Windows Firewall/ICF. I then rebooted, pinged _rickys-computer_, and four packets timed out. So it's cool that I got that running, I guess, but it didn't solve my problem.

Windows Firewall is disabled, and I have been completely shutting down Comodo, not just disabling the firewall. I'll take screenshots if you want. =D


----------



## johnwill (Sep 26, 2002)

Please post a HijackThis 2.00.2 Log here.


----------



## El Ornitorrinco (Mar 17, 2009)

You bet.



Ricky's HiJack This log said:


> Logfile of Trend Micro HijackThis v2.0.2
> Scan saved at 9:39:17 AM, on 3/25/2009
> Platform: Windows XP SP3 (WinNT 5.01.2600)
> MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
> ...


----------



## grue155 (May 29, 2008)

I don't know if this is relevent or not, but the Comodo firewall isn't installed in the usual place. The HJT log is showing "C:\Program Files\Maintenance\Comodo\COMODO Internet Security\cfp.exe". There isn't a "Maintenance" in the usual path. Is this an install choice, or an anomoly to dig into?


----------



## johnwill (Sep 26, 2002)

I'd totally uninstall COMODO Internet Security and see if that changes things. I also agree that's an odd place for it to be installed.


----------



## El Ornitorrinco (Mar 17, 2009)

Side note:
My Program Files folder is more organized than most. I've got my Maintenance and Tools folder, Games folder, and Productivity folder. It gives me that same good feeling as having a clean house. It floats my boat. =D

Main update:
OK, so this morning, without uninstalling Comodo, I tried pinging 1.85 from 1.65 again just for giggles, and it worked! I'm guessing getting Windows Firewall/ICF running did the trick, but perhaps both computers needed to be restarted on not just the one? Or perhaps it didn't kick in until two boots later? Who knows.

Thank you for your help! I am very grateful that there people like you who help people like me who disable Event Log and then wonder why their computer doesn't work. And thanks for your patience with me, johnwill and grue155.

But... I can successfully ping the computers and see them in My Network Places, but I cannot access the shares. 1.65 cannot access the shares on 1.85 nor the other way around, but both can access the share on another computer, 1.57. Technically, the problem that I posted is solved. (But what I really wanted was to be able to freely share files between the two computers.) Should I start a new thread or just post my error in here?


----------



## El Ornitorrinco (Mar 17, 2009)

For whatever reason it won't let me edit that message, but nevermind on the help. I don't know why I wasn't able to access either share before, they're both working now. Yay Windows.

Like I said, many thanks for the help, I really appreciate it.


----------



## Influencer (Mar 4, 2009)

Windows strikes again...seems that no matter what you do, sometimes windows will just decide to start working. It could very well be getting the Windows Firewall running fixed it...but Windows takes its own sweet time to realize it.


----------



## johnwill (Sep 26, 2002)

Glad it all worked out. :smile:


----------

