Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

Question:

Question: Can't ping a machine - why?

Hopefully I've chosen the correct forum for this...

I have two MBPs, and two iphones in the house, connecting wirelessly through an AirportExtreme.

Out of all the devices, there is one MBP that can't be pinged even though it's online and works perfectly. It can see everything else, but nothing can ping it. Since noone can ping it (by IP), obviously it isn't DNS or other routing.

I've got the firewall turned off on all machines since I'm on a private network, so that isn't it either.

Can someone suggest what else I could try?

Thanks!

Macbook Pro, Mac OS X (10.6.4)

Posted on Aug 23, 2010 7:22 PM

Reply

Aug 24, 2010 6:29 PM in response to Dwayne K King In response to Dwayne K King

OK - so I check out the machine in question.

First, the firewall wasn't on, so I don't think the Stealth Mode was a factor but I did try turning the f/w on so that I could deselect that option. No change.

Also, it's not really a service that I want to allow access to, so I haven't enabled any of the services. I have an http server running on 8080 that I want the other machines to access (but as I previously mentioned I can't even ping it).

I'm pretty sure that it isn't just pings that aren't getting through though since I can't ssh into it from the other MBP either, even though remote login is enabled.

Any other ideas?

Aug 24, 2010 6:29 PM

Reply Helpful

Aug 24, 2010 9:48 PM in response to Dwayne K King In response to Dwayne K King

Since you are pinging by numeric IP address, maybe try changing its LAN IPA to manual address with DHCP and give it an address within the subnet but outside the DHCP pool.

And for lack of any better ideas, are you sure you are pinging the right IPA? I know, I know, it sounds insultingly stupid for me to even suggest this, but I suggest it coz' it almost sounds like you're not calling the correct address.

One last thing as a random troubleshooting tip: On the machine to which you are trying to connect, launch Terminal.app as an admin user and try running sudo tcpdump -i en1 dst host 192.168.x.x, where en1 is the airport card interface (use en0 if tethered via ethernet cable) and 192.168.x.x is the IPA of the destination machine. At least you'll be able to see if the computer is even seeing the incoming packets. Where to go from there I'm really not sure....

Outside of that, I'm pretty much out of ideas, good ones and bad ones.

Aug 24, 2010 9:48 PM

Reply Helpful

Aug 25, 2010 8:18 AM in response to j.v. In response to j.v.

Excellent idea re: the tcpdump - I hadn't thought of that.

Don't worry about being insulting. I do enough phone support to know that the obvious questions are not always obvious to the other person. Although if I never show my face around here again you'll know why 🙂

I'll update the thread after I debug a little more.

Aug 25, 2010 8:18 AM

Reply Helpful

Aug 25, 2010 6:45 PM in response to Dwayne K King In response to Dwayne K King

OK - this is really strange. So it looks like the requests ARE getting to the machine in questions.

I started the tcpdump running on the machine that I can't get to, and then tried to ssh to it from another machine. Here is what I got:

tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on en1, link-type EN10MB (Ethernet), capture size 65535 bytes
21:35:58.418821 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [P.], seq 2643580038:2643580086, ack 244818113, win 65535, options [nop,nop,TS val 1031800779 ecr 570693060], length 48
21:35:58.570763 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [P.], seq 48:96, ack 1, win 65535, options [nop,nop,TS val 1031800780 ecr 570693060], length 48
21:35:58.717140 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [P.], seq 0:96, ack 1, win 65535, options [nop,nop,TS val 1031800781 ecr 570693060], length 96
21:35:58.922653 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [P.], seq 96:144, ack 1, win 65535, options [nop,nop,TS val 1031800784 ecr 570693060], length 48
21:35:59.097116 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [.], ack 49, win 65535, options [nop,nop,TS val 1031800785 ecr 570693491], length 0

Obviously there is more, but I presume you were really just wondering if the packets were getting there.

Just a simple ping from another machine generated this:

21:42:27.267131 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [.], ack 5457, win 65535, options [nop,nop,TS val 1031804664 ecr 570697363], length 0
21:42:27.271214 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [.], ack 5553, win 65535, options [nop,nop,TS val 1031804664 ecr 570697363], length 0
21:42:28.254981 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [.], ack 5633, win 65535, options [nop,nop,TS val 1031804674 ecr 570697373], length 0
21:42:29.264729 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [.], ack 5713, win 65535, options [nop,nop,TS val 1031804684 ecr 570697383], length 0
21:42:30.273959 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [.], ack 5793, win 65535, options [nop,nop,TS val 1031804694 ecr 570697393], length 0
21:42:31.284764 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [.], ack 5873, win 65535, options [nop,nop,TS val 1031804704 ecr 570697403], length 0
21:42:31.774844 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [P.], seq 5568:5616, ack 5873, win 65535, options [nop,nop,TS val 1031804709 ecr 570697403], length 48
21:42:31.786414 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [.], ack 5921, win 65535, options [nop,nop,TS val 1031804709 ecr 570697410], length 0
21:42:31.789495 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [.], ack 6065, win 65535, options [nop,nop,TS val 1031804709 ecr 570697410], length 0
21:42:31.790608 IP 192.168.1.52.4414 > 192.168.1.71.ssh: Flags [.], ack 6129, win 65535, options [nop,nop,TS val 1031804710 ecr 570697410], length 0

The machine doing the pinging was receiving the response:

Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2

Does this help at all? I assume that at this point we can conclude that the traffic is being actively refused as opposed to not getting there.

Confusing since there is no firewall enabled.

Aug 25, 2010 6:45 PM

Reply Helpful

Sep 1, 2010 8:29 PM in response to Dwayne K King In response to Dwayne K King

I was thinking that if you could repeat this exercise, that maybe there might be a log file in /private/var/log/, like /private/var/log/secure.log or /private/var/log/system.log, that might tell you something a little more revealing. But I can't identify a viable candidate log file. I did a successful ping from one machine to the other and checked the two log files mentioned above on the target machine and saw no activity related to the incoming pings or to the outgoing responses in them. Just seems like there would be a log of that somewhere -- everything else under the sun gets logged somewhere. Assuming that such a log file exists, hopefully you or someone else following this thread can identify it.

Sep 1, 2010 8:29 PM

Reply Helpful

Sep 2, 2010 7:13 PM in response to Dwayne K King In response to Dwayne K King

Dwayne K King wrote:
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2


Did you or anyone else turn off ICMP on that machine? If ICMP is off, you can't be pinged. It's a 'security' option sometimes used to prevent certain kinds of attack, such as the Ping of Death. Some websites (www.microsoft.com is an example) have ICMP turned of for precisely that reason and cannot be pinged, and if you try, you get exactly the 'request timeout' message above.

And, no, I have no idea how you'd do that without involving the firewall at some point. Are you sure that the firewall is disabled on that machine, 'cause it sure looks as though it's live and is blocking ICMP.

Sep 2, 2010 7:13 PM

Reply Helpful
User profile for user: Dwayne K King

Question: Can't ping a machine - why?