Re: SMB problems when ICMP is blocked?

[Martin Visser <martinvisser99 () gmail com>]

I'm not aware of Windows using regular ICMP echos (PINGs) to determine
whether a remote host is up or not for the purpose of file sharing. ICMP as
connectivity as far as I know would not be required, and would only be a
trouble shooting tool.

The fact that you said ICMP was blocked would indicate that there is an
intervening firewall. I would be looking at whether that is configured
appropriately , as far as session idle time and so on.

Also as this is a Wireshark list, you should be using the tool to help
research the problem. Look for unexpected RST or FIN packets coming from the
server - RSTs might be coming from the firewall.

Also if the intervening firewall is in fact a HA pair, there may be an issue
where an active session on one of the pair is not being passed over to the
other, resulting in a dropped session.


Regards, Martin

MartinVisser99 () gmail com


On Fri, Mar 5, 2010 at 9:25 AM, Feeny, Michael (GWMT-TASCS) <
michael_feeny () ml com> wrote:

>   Hello,
>
>
>
> I’m troubleshooting a problem where a Windows XP user has problems with a
> certain mapped drive (file share).  Specifically, after mapping, a file copy
> from the mapped drive fails, after 10-15 seconds, with a ““The specified
> network name is no longer available” message.
>
>
>
> As I have dug into this, I was told that ICMP has been blocked between the
> user’s site and the site of the remote  file share.
>
>
>
> Then, after capturing packets, I found that, in addition to the SMB packets
> between the 2 endpoints, the user’s workstation was sending PINGs to the
> remote site.  Due to the blocking of ICMP these PINGs are never answered.
>
>
>
> My suspicion is that, when the PINGs are unanswered, the file system
> decides that the remote file share host is unavailable, and the file copy is
> terminated.  (In reality, the file copy seemed to be proceeding just fine.)
>
>
>
> So…  My questions are…
>
>
>
> 1)      Has anyone else run into this?
>
> 2)      Assuming that allowing ICMP between these sites is not an option,
> does anyone know if one can disable this PING mechanism, so that file
> sharing operations can proceed successfully?
>
>
>
> Thx,
>
> Michael
>
>
>
> Michael Feeny
> Bank of America / Merrill Lynch
>
> Global Wealth Management Technology
> Technology Architecture, Strategy & Core Services
>
> Application Infrastructure Services
>
> Office: 609-274-2761
> Mobile:  484-995-1745
> AOL IM: feenyman99
>
>
>   ------------------------------
>  This message w/attachments (message) may be privileged, confidential or
> proprietary, and if you are not an intended recipient, please notify the
> sender, do not use or share it and delete it. The information contained in
> this e-mail was obtained from sources believed to be reliable; however, the
> accuracy or completeness of this information is not guaranteed. Unless
> specifically indicated, this message is not an offer to sell or a
> solicitation of any investment products or other financial product or
> service, an official confirmation of any transaction, or an official
> statement of Merrill Lynch.  Subject to applicable law, Merrill Lynch may
> monitor, review and retain e-communications (EC) traveling through its
> networks/systems. The laws of the country of each sender/recipient may
> impact the handling of EC, and EC may be archived, supervised and produced
> in countries other than the country in which you are located. This message
> cannot be guaranteed to be secure or error-free.  References to "Merrill
> Lynch" are references to any company in the Merrill Lynch & Co., Inc. group
> of companies, which are wholly-owned by Bank of America Corporation.
> Securities and Insurance Products: * Are Not FDIC Insured  * Are Not Bank
> Guaranteed  *  May Lose Value  *  Are Not a Bank Deposit * Are Not a
> Condition to Any Banking Service or Activity * Are Not Insured by Any
> Federal Government Agency.  Past performance is no guarantee of future
> results. Attachments that are part of this E-communication may have
> additional important disclosures and disclaimers, which you should read.
> This message is subject to terms available at the following link:
> http://www.ml.com/e-communications_terms/.  By messaging with Merrill
> Lynch you consent to the foregoing.
>  ------------------------------
>
>
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request () wireshark org
> ?subject=unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe