ARD Client Doesn't Show When Using Scanner and Network Range

Question

ARD Client Doesn't Show When Using Scanner and Network Range

All-

When I use the Scanner in ARD3 to scan a remote Network Range over the internet, the ARD client that I KNOW EXISTS in that same IP range DOES NOT show up (other ARD clients that I'm not interested in do show up, but not the specific ARD client I need to observe/control).

If I then call the user at the remote ARD client on the telephone, and have them give me their IP address (using www.whatismyip.com, for example), I can use the Scanner in ARD3 to "find" the ARD client and add it to my All Computers list. Process: change the popup box to read "Network Address" instead of "Network Range" and set the IP address field to the address provided by the user.

Why doesn't the remote ARD client show up when I scan for it using a Network Range in ARD3? Obviously, I don't want to have to call up each user every time I need to perform maintenance/control a client to get their (dynamic) IP address.

I could use dynamic DNS, but that's overkill. If I know (from experience) that my ARD clients are in IP ranges X, Y, and Z, then I SHOULD be able to simply scan for them (or so I thought).

Any help appreceated.

Mac Pro Core Duo, Mac OS X (10.4.8)

Posted on Nov 16, 2006 11:55 PM

Reply

Answer 1

Nov 17, 2006 8:52 AM in response to William W. Higgins Jr.

Try the Bonjour scanner in 3.1. You may have better luck with it.

Reply

Answer 2

Nov 17, 2006 4:07 PM in response to Brian Nesse

Updated to ARD3.1 (admin and clients), but that did not solve the issue.

Let me try to restate the problem:

The ARD client is out of state/across the country (i.e., different sub-net) using a dynamically assigned IP adddress. I can (for now) connect to that ARD client successfully, and perform all ARD functions (that I've tried so far) becasue I know (for now) that client's IP address (I called and spoke with the user who used www.whatismyip.com to give me their IP address). So what's the problem, you ask?

Some time in the future, that same ARD client will have a new, dynamically assigned IP address. I'd like to be able to connect to that client without having to call on the telephone and ask the user what IP address they have been assigned now.

My thinking was that I could make a pretty good guess at their IP address (based on their old IP address, and the way Cable and Telco ISPs allocate/lease IP addresses). For example, if their current dynamic IP address is 999.888.777.45, I could guess that a subsequent dynamically assigned IP address would be in the range 999.888.777.2 to 999.888.777.255. With ARD, I could simply scan that range of network addresses using the Scanner and quickly find the ARD client I want.

I tried to do just that, and the ARD scanner did not find my client when I scanned the network range that the ARD client was actually in. It showed other ARD clients (that I do not administer, own, or want to hack into), but not the one I do want to observe/control/maintain (and have a legal right to). Somewhat paradoxically, when I used the Scanner to find the same ARD client by specific IP address, there was no problem.

Why doesn't the ARD Scanner "see" the ARD client when scanning the network range?

Reply

Answer 3

Nov 20, 2006 9:13 AM in response to William W. Higgins Jr.

ARD uses ICMP to do the scan. This is a commonly blocked protocol, as it is used to locate computers by people who have less than honorable intentions.

Reply

Answer 4

Nov 20, 2006 5:03 PM in response to Brian Nesse

Makes sense. I can't ping the remote client either. I'm guesssing that the Macintosh client that I CAN SEE when scanning the network range with ARD (not my client; not interested in observing/controling/admistering, etc.) is connected directly to their high speed provider and/or has configured their firewall to allow ICMP. How would I do similarly?

I opened a bunch of ports on the firewall for ARD (i.e., 5900 both TCP and UDP; 3283 both TCP and UDP; and 22 TCP) but the ARD Administrator's Guide does not specify what ports need to be opened for ICMP. Any help?

Reply

Answer 5

Nov 21, 2006 7:58 AM in response to William W. Higgins Jr.

My, relatively limited, knowledge of ICMP come primarily from mucking around with the firewall built into my home router. But, to the best of my knowledge...

1) ICMP basically describes a packet format, and does not use a specific port.
2) the built in software firewall does not block ICMP.
3) It is usually blocked at the ISP/DSL/Router level.

Sorry I can't be of more help.

Reply

Answer 6

Nov 21, 2006 1:08 PM in response to Brian Nesse

Thanks.

I can ping numerous clients (both ARD and non-ARD) in the same network range (999.888.777.2 thru 999.888.777.255 to continue with my example from above), but not THE CLIENT I need to have ARD observe/control over. That tells me the ISP is NOT BLOCKING ICMP.

Conclusion is that the firewall at the same site where my client resides IS BLOCKING ICMP. Probably have to take this up with them/the maker of their firewall.

Reply

Answer 7

Nov 22, 2006 2:00 AM in response to William W. Higgins Jr.

I had nearly the same problem. My issue was that all of a sudden it stopped working. I thought it was related to the 3.1 update, but it turns out it was due to a firmware update on the client's firewall / router (Linksys WRT54GS). I disabled the filters on the security page (Block Anonymous Internet Requests, Filter Multicast, Filter Internet NAT Redirection, and Filter IDENT(Port 113)) and then I could see the client again. I will probably go back and figure out which one of these in particular needed to be disabled.

Hope this helps.

Reply

Answer 8

Nov 24, 2006 8:05 AM in response to Jimmy McGue

Yep. Problem originated in the firewall at the client site. Once Ping trafffic was allowed to pass/not blocked, my client was visible to the ARD Scanner.

Others with this problem should look into client side firewall, and ensure that ICMP and/or Ping traffic is allowed to pass/is not blocked. Steps for doing this vary by brand, so consult the manual pages appropriate to your make/model.

Reply