Wireshark-users: Re: [Wireshark-users] SMB problems when ICMP is blocked?

From: ronnie sahlberg <ronniesahlberg@xxxxxxxxx>
Date: Sat, 6 Mar 2010 16:27:43 +1100
Blocking ICMP will usually break TCP completely.
Things like path mtu discovery will no longer work,
routing loops can no longer be detected, etc etc.
This leads to tcp connections hanging indefinitely and other bad things.


Please tell the person blocking icmp in the firewall he is
"misinformed" (better than saying he is stupid) and should stop
blocking icmp if he wants the network to work.

Dont block icmp. icmp is a vital part of the ip stack and blocking it
will break things.


ronnie



On Fri, Mar 5, 2010 at 9:25 AM, Feeny, Michael (GWMT-TASCS)
<michael_feeny@xxxxxx> wrote:
> Hello,
>
>
>
> I’m troubleshooting a problem where a Windows XP user has problems with a
> certain mapped drive (file share).  Specifically, after mapping, a file copy
> from the mapped drive fails, after 10-15 seconds, with a ““The specified
> network name is no longer available” message.
>
>
>
> As I have dug into this, I was told that ICMP has been blocked between the
> user’s site and the site of the remote  file share.
>
>
>
> Then, after capturing packets, I found that, in addition to the SMB packets
> between the 2 endpoints, the user’s workstation was sending PINGs to the
> remote site.  Due to the blocking of ICMP these PINGs are never answered.
>
>
>
> My suspicion is that, when the PINGs are unanswered, the file system decides
> that the remote file share host is unavailable, and the file copy is
> terminated.  (In reality, the file copy seemed to be proceeding just fine.)
>
>
>
> So…  My questions are…
>
>
>
> 1)      Has anyone else run into this?
>
> 2)      Assuming that allowing ICMP between these sites is not an option,
> does anyone know if one can disable this PING mechanism, so that file
> sharing operations can proceed successfully?
>
>
>
> Thx,
>
> Michael
>
>
>
> Michael Feeny
> Bank of America / Merrill Lynch
>
> Global Wealth Management Technology
> Technology Architecture, Strategy & Core Services
>
> Application Infrastructure Services
>
> Office: 609-274-2761
> Mobile:  484-995-1745
> AOL IM: feenyman99
>
>
>
> ________________________________
> This message w/attachments (message) may be privileged, confidential or
> proprietary, and if you are not an intended recipient, please notify the
> sender, do not use or share it and delete it. The information contained in
> this e-mail was obtained from sources believed to be reliable; however, the
> accuracy or completeness of this information is not guaranteed. Unless
> specifically indicated, this message is not an offer to sell or a
> solicitation of any investment products or other financial product or
> service, an official confirmation of any transaction, or an official
> statement of Merrill Lynch.  Subject to applicable law, Merrill Lynch may
> monitor, review and retain e-communications (EC) traveling through its
> networks/systems. The laws of the country of each sender/recipient may
> impact the handling of EC, and EC may be archived, supervised and produced
> in countries other than the country in which you are located. This message
> cannot be guaranteed to be secure or error-free.  References to "Merrill
> Lynch" are references to any company in the Merrill Lynch & Co., Inc. group
> of companies, which are wholly-owned by Bank of America Corporation.
> Securities and Insurance Products: * Are Not FDIC Insured  * Are Not Bank
> Guaranteed  *  May Lose Value  *  Are Not a Bank Deposit * Are Not a
> Condition to Any Banking Service or Activity * Are Not Insured by Any
> Federal Government Agency.  Past performance is no guarantee of future
> results. Attachments that are part of this E-communication may have
> additional important disclosures and disclaimers, which you should read.
> This message is subject to terms available at the following link:
> http://www.ml.com/e-communications_terms/.  By messaging with Merrill Lynch
> you consent to the foregoing.
> ________________________________
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
>