Re: SMB problems when ICMP is blocked?

["Feeny, Michael (GWMT-TASCS)" <michael_feeny () ml com>]

All,

First, thanx so much for your responses.  It's ALWAYS good to get ideas from fellow packeteers :-)

Now, for the Epilogue...

It turns out that the ICMP-blocking was NOT the root cause of the problem (though I had lots of evidence that pointed 
me in that direction).

The root of the problem was:

There was overlapping IP Address space among the many clients of this file server (this fact did not surface until much 
interrogation).  The client IP's were NAT'd on their way to the server in a "many-to-one" configuration.  That is, 2 
different clients in the overlapping IP Address space could arrive at the server sourced with the same NAT'd IP 
Address.  When this occurred, as the second client arrived with the same IP as an existing client, the file server 
killed the first client's connection and serviced the second (and so on for the 3rd, 4th, etc.  Each one bumping off 
the previous connection).

The TACTICAL solution was to configure the file server to detect duplicate connections based upon machine name, and not 
by IP Address.

The strategic solution will be to eliminate the overlapping IP Address space, but that may take some time (we are 
merging 2 HUGE organizations).

Thanx again for all your feedback - I always learn a lot from the conversations here.

Michael

Michael Feeny 
Bank of America / Merrill Lynch
Global Wealth Management Technology 
Technology Architecture, Strategy & Core Services 
Application Infrastructure Services
Office: 609-274-2761 
Mobile:  484-995-1745 
AOL IM: feenyman99 


-----Original Message-----
From: wireshark-users-bounces () wireshark org [mailto:wireshark-users-bounces () wireshark org] On Behalf Of Jens Link
Sent: Sunday, March 07, 2010 4:32 PM
To: Community support list for Wireshark
Subject: Re: [Wireshark-users] SMB problems when ICMP is blocked?

Andrew Hood <ajhood () fl net au> writes:

> You are preaching to the choir Jens. Once upon a time someone told
> security a fable about all ICMP being the tool of evil hackers. They
> believed it. IPv6 won't affect this network unless IPv4 is deleted by M$
> from all versions of the Windows stack.

Microsoft is heavily using IPv6. I usually don't work with Microsoft
products  but I was told that current Microsoft products will only talk
IPv6 to each other and if they don't have IPv6 they'll tunnel over
IPv4. It's time for a lot of people to a) IPv6 and b) TCP basics. And b)
includes not block each and *every* ICMP packets. No matter if it is
IPv4 or IPv6. 

cheers

Jens
-- 
-------------------------------------------------------------------------
| Foelderichstr. 40  | 13595 Berlin, Germany | +49-151-18721264         |
| http://www.quux.de | http://blog.quux.de   | jabber: jenslink () guug de |
-------------------------------------------------------------------------
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

--------------------------------------------------------------------------
This message w/attachments (message) may be privileged, confidential or proprietary, and if you are not an intended 
recipient, please notify the sender, do not use or share it and delete it. The information contained in this e-mail was 
obtained from sources believed to be reliable; however, the accuracy or completeness of this information is not 
guaranteed. Unless specifically indicated, this message is not an offer to sell or a solicitation of any investment 
products or other financial product or service, an official confirmation of any transaction, or an official statement 
of Merrill Lynch. Subject to applicable law, Merrill Lynch may monitor, review and retain e-communications (EC) 
traveling through its networks/systems. The laws of the country of each sender/recipient may impact the handling of EC, 
and EC may be archived, supervised and produced in countries other than the country in which you are located. This 
message cannot be guaranteed to be secure or error-free. Refe
 rences to "Merrill Lynch" are references to any company in the Merrill Lynch & Co., Inc. group of companies, which are 
wholly-owned by Bank of America Corporation. Securities and Insurance Products: * Are Not FDIC Insured * Are Not Bank 
Guaranteed * May Lose Value * Are Not a Bank Deposit * Are Not a Condition to Any Banking Service or Activity * Are Not 
Insured by Any Federal Government Agency. Past performance is no guarantee of future results. Attachments that are part 
of this E-communication may have additional important disclosures and disclaimers, which you should read. This message 
is subject to terms available at the following link: http://www.ml.com/e-communications_terms/. By messaging with 
Merrill Lynch you consent to the foregoing.
--------------------------------------------------------------------------
 
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe