Re: SMB problems when ICMP is blocked?

["John Martin [john.martin () invan com]" <John.Martin () invan com>]

Short answer:

1)       Yes

2)       I never tried.  We allowed ICMP with the following types-0
(echo request) and 8 (echo reply) and only from certain machines or
subnets.  SMB requires ping to go through.  I read something that said
as much in SMB documentation some time ago, can't remember when or what
was specifically said.  Don't know if there is a way to turn it off.  My
guess is no.  

 

________________________________

From: wireshark-users-bounces () wireshark org
[mailto:wireshark-users-bounces () wireshark org] On Behalf Of Feeny,
Michael (GWMT-TASCS)
Sent: Thursday, March 04, 2010 5:25 PM
To: wireshark-users () wireshark org
Subject: [Wireshark-users] SMB problems when ICMP is blocked?

 

Hello,

 

I'm troubleshooting a problem where a Windows XP user has problems with
a certain mapped drive (file share).  Specifically, after mapping, a
file copy from the mapped drive fails, after 10-15 seconds, with a ""The
specified network name is no longer available" message.

 

As I have dug into this, I was told that ICMP has been blocked between
the user's site and the site of the remote  file share.

 

Then, after capturing packets, I found that, in addition to the SMB
packets between the 2 endpoints, the user's workstation was sending
PINGs to the remote site.  Due to the blocking of ICMP these PINGs are
never answered.

 

My suspicion is that, when the PINGs are unanswered, the file system
decides that the remote file share host is unavailable, and the file
copy is terminated.  (In reality, the file copy seemed to be proceeding
just fine.)

 

So...  My questions are...

 

1)      Has anyone else run into this?

2)      Assuming that allowing ICMP between these sites is not an
option, does anyone know if one can disable this PING mechanism, so that
file sharing operations can proceed successfully?

 

Thx,

Michael

 

Michael Feeny 
Bank of America / Merrill Lynch

Global Wealth Management Technology 
Technology Architecture, Strategy & Core Services 

Application Infrastructure Services

Office: 609-274-2761 
Mobile:  484-995-1745 
AOL IM: feenyman99 

 

________________________________

This message w/attachments (message) may be privileged, confidential or
proprietary, and if you are not an intended recipient, please notify the
sender, do not use or share it and delete it. The information contained
in this e-mail was obtained from sources believed to be reliable;
however, the accuracy or completeness of this information is not
guaranteed. Unless specifically indicated, this message is not an offer
to sell or a solicitation of any investment products or other financial
product or service, an official confirmation of any transaction, or an
official statement of Merrill Lynch.  Subject to applicable law, Merrill
Lynch may monitor, review and retain e-communications (EC) traveling
through its networks/systems. The laws of the country of each
sender/recipient may impact the handling of EC, and EC may be archived,
supervised and produced in countries other than the country in which you
are located. This message cannot be guaranteed to be secure or
error-free.  References to "Merrill Lynch" are references to any company
in the Merrill Lynch & Co., Inc. group of companies, which are
wholly-owned by Bank of America Corporation.  Securities and Insurance
Products: * Are Not FDIC Insured  * Are Not Bank Guaranteed  *  May Lose
Value  *  Are Not a Bank Deposit * Are Not a Condition to Any Banking
Service or Activity * Are Not Insured by Any Federal Government Agency.
Past performance is no guarantee of future results. Attachments that are
part of this E-communication may have additional important disclosures
and disclaimers, which you should read. This message is subject to terms
available at the following link:
http://www.ml.com/e-communications_terms/.  By messaging with Merrill
Lynch you consent to the foregoing.

________________________________

 

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe