Hot Downloads

×

Notice

The forum is in read only mode.
Welcome, Guest
Username: Password: Remember me

TOPIC: Strange Ping Problem

Re: Strange Ping Problem 11 years 10 months ago #22322

  • Smurf
  • Smurf's Avatar Topic Author
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0

2) asymmetric routing or similar routing table anomaly at one end or the other


Bishop, can ya expand on that one for me please ?
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.

Re: Strange Ping Problem 11 years 10 months ago #22324

If you've got the wrong subnet mask on the node at the distant end then that end might make a bad decision on whether to forward the packet to the router or not, or it might also pick the 'wrong' router. Hence the ping might not get routed correctly when it originates at the distant end and appears not to work. But from the local end to the distant end it works fine. I've also seen a similar effect with asymmetric routing, where the packets take a different path from B to A than they do from A to B. All it takes is for one bit of the routing not to quite line up and your traffic can end up in the wrong place and never arrive where it should. For example, a network only ever has one default gateway but if you have two or more routers (load-balanced links perhaps) connecting out into the same routing cloud you can get traffic going out of one but perhaps coming back in the other. This can confuse ARP caches and also leaves you at the mercy of odd routing rules out in the cloud. Do some traceroutes from each end and you'll soon see whether my suggestions are relevant or not to your situation

Re: Strange Ping Problem 11 years 10 months ago #22327

  • Smurf
  • Smurf's Avatar Topic Author
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
:) Cheers Bishop, i see what ya mean. Basically what i was trying to explain in this thread to someone else (didn't fully understand the wording) www.firewall.cx/ftopict-4641.html

Oh, BTW. This issue wasn't actually there. I was going of third hand information and when i have come to check this myself, they were trying to ping the wrong thing and getting their IP's mixed up on what they could/couldn't reach.

Thanks for replying anyway everyone
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.

Re: Strange Ping Problem 11 years 10 months ago #22328

  • S0lo
  • S0lo's Avatar
  • Offline
  • Moderator
  • Moderator
  • Posts: 1577
  • Karma: 3
  • Thank you received: 7

If you've got the wrong subnet mask on the node at the distant end then that end might make a bad decision on whether to forward the packet to the router or not, or it might also pick the 'wrong' router. Hence the ping might not get routed correctly when it originates at the distant end and appears not to work. But from the local end to the distant end it works fine. I've also seen a similar effect with asymmetric routing, where the packets take a different path from B to A than they do from A to B. All it takes is for one bit of the routing not to quite line up and your traffic can end up in the wrong place and never arrive where it should. For example, a network only ever has one default gateway but if you have two or more routers (load-balanced links perhaps) connecting out into the same routing cloud you can get traffic going out of one but perhaps coming back in the other. This can confuse ARP caches and also leaves you at the mercy of odd routing rules out in the cloud. Do some traceroutes from each end and you'll soon see whether my suggestions are relevant or not to your situation


The confusing thing to me here (in both cases) is that each ping is a send and reply. So if a send always works when pinging A to B then a reply should always work when pinging B to A. And vise versa.

In other words, If we assume that the problem was in sending packets when pinging B to A. Then the replied packets when pinging A to B should not have worked. similarly, If we assume that the problem was in replying packets when pinging B to A. Then the sent packets when pinging A to B should not have worked.
Studying CCNP...

Ammar Muqaddas
Forum Moderator
www.firewall.cx

Re: Strange Ping Problem 11 years 10 months ago #22330

  • Smurf
  • Smurf's Avatar Topic Author
  • Offline
  • Moderator
  • Moderator
  • Posts: 1390
  • Karma: 1
  • Thank you received: 0
This is true but if you take a look at the other thread where i discussed this with someone else, i think its to do with the way Microsoft works.

I think it gets strange during the following;

Host A = 10.1.0.8/8
Host B = 10.10.10.1/24

I think, if Host A pings Host be, because Host A is Class A, it will think that host B is on the same subnet and will just do a streight ARP. ARP is broadcast and will not route, therefore Host B would reply with its MAC entry. Then the two will be able to talk without any issues because they both have MAC to IP entries.

If, on the other hand, Host B tries to talk to Host A, then since its a Class C it will then try to route the traffic and thus get into issues.

This is what i think anyway :)
Wayne Murphy
Firewall.cx Team Member
www.firewall.cx

Now working for a Security Company called Sec-1 Ltd in the UK, for any
Penetration Testing work visit www.sec-1.com or PM me for details.

Re: Strange Ping Problem 11 years 10 months ago #22331

Yes, it's the difference in the subnet mask coupled with where the ping originates from that makes the difference
Time to create page: 0.114 seconds

CCENT/CCNA

Cisco Routers

  • SSL WebVPN
  • Securing Routers
  • Policy Based Routing
  • Router on-a-Stick

VPN Security

  • Understand DMVPN
  • GRE/IPSec Configuration
  • Site-to-Site IPSec VPN
  • IPSec Modes

Cisco Help

  • VPN Client Windows 8
  • VPN Client Windows 7
  • CCP Display Problem
  • Cisco Support App.

Windows 2012

  • New Features
  • Licensing
  • Hyper-V / VDI
  • Install Hyper-V

Linux

  • File Permissions
  • Webmin
  • Groups - Users
  • Samba Setup