Bad Pings from Windows, Good from Linux
-
@notverypunny said in Bad Pings from Windows, Good from Linux:
Subnet masks set properly across the board?
Definitely (it's just /24 so easy to get right.)
-
@notverypunny said in Bad Pings from Windows, Good from Linux:
Multiple IP addresses set on the adapters on the windows hosts?
Nope, looked for that on both sides.
-
@notverypunny said in Bad Pings from Windows, Good from Linux:
Ping by hostname vs ping by ip?
Only testing IP. Don't believe any DNS entry even exists for the machines in question.
-
@scottalanmiller Corrupt Arp Table (cache)?
-
@Dashrender said in Bad Pings from Windows, Good from Linux:
is there there a speed difference at which Linux pings vs Windows?
https://feelingsec.wordpress.com/2018/01/04/fingerprinting-with-ping/
-
@Dashrender said in Bad Pings from Windows, Good from Linux:
is there there a speed difference at which Linux pings vs Windows?
Not sure why @DustinB3403 downvoted this, but you are correct.
-
@scottalanmiller said in Bad Pings from Windows, Good from Linux:
Weird networking issue. We have some Windows machines (mostly server VMs, but desktops too) and some Linux servers on a network with some print servers (old IOGear stuff.) The Linux machines can ping the print servers no problem, 100% success. Linux can ping Windows and vice versa. No network problems at all, until the Windows machines try to ping the print servers. Then there is 15-40% packet loss. We have no idea what could be wrong.
There are only two switches and we can't find any correlation there. Nothing is on wifi. Nothing crosses a router boundary.
Same physical adapter with Linux vs. Windows VMs the Linux can ping reliably and the Windows cannot!
Not many companies even use ping anymore. I'm sure you are testing this because of network performance issues not just solely based on ping.
What's the performance issue specifically?
-
@JasGot said in Bad Pings from Windows, Good from Linux:
@scottalanmiller Corrupt Arp Table (cache)?
In the same vein as this: could there be duplicate MAC addresses in play? Cloned VMs? P2V? Restored / Replicated VMs.... Or someone just trying to get around MAC security somewhere?
I assume that physical cables and connections have been checked / swapped / ruled out?
-
@IRJ said in Bad Pings from Windows, Good from Linux:
@scottalanmiller said in Bad Pings from Windows, Good from Linux:
Weird networking issue. We have some Windows machines (mostly server VMs, but desktops too) and some Linux servers on a network with some print servers (old IOGear stuff.) The Linux machines can ping the print servers no problem, 100% success. Linux can ping Windows and vice versa. No network problems at all, until the Windows machines try to ping the print servers. Then there is 15-40% packet loss. We have no idea what could be wrong.
There are only two switches and we can't find any correlation there. Nothing is on wifi. Nothing crosses a router boundary.
Same physical adapter with Linux vs. Windows VMs the Linux can ping reliably and the Windows cannot!
Not many companies even use ping anymore. I'm sure you are testing this because of network performance issues not just solely based on ping.
What's the performance issue specifically?
Who doesn't use ping? That's weird. Hard to get more basic than that for layer 2 testing.
Yes, the print servers routinely fail from Windows.
-
@notverypunny said in Bad Pings from Windows, Good from Linux:
I assume that physical cables and connections have been checked / swapped / ruled out?
Same ones as the pings that work. So physically connections are ruled out.
-
@notverypunny said in Bad Pings from Windows, Good from Linux:
Cloned VMs? P2V? Restored / Replicated VMs
I believe that this is the case, but the old ones are definitely powered down.
-
@scottalanmiller said in Bad Pings from Windows, Good from Linux:
@notverypunny said in Bad Pings from Windows, Good from Linux:
I assume that physical cables and connections have been checked / swapped / ruled out?
Same ones as the pings that work. So physically connections are ruled out.
I’m curious. Is there a physical Cisco switch in play?
-
@EddieJennings said in Bad Pings from Windows, Good from Linux:
@scottalanmiller said in Bad Pings from Windows, Good from Linux:
@notverypunny said in Bad Pings from Windows, Good from Linux:
I assume that physical cables and connections have been checked / swapped / ruled out?
Same ones as the pings that work. So physically connections are ruled out.
I’m curious. Is there a physical Cisco switch in play?
Nope, checked for any rogue devices. Didn't find any.
-
@scottalanmiller said in Bad Pings from Windows, Good from Linux:
@notverypunny said in Bad Pings from Windows, Good from Linux:
Cloned VMs? P2V? Restored / Replicated VMs
I believe that this is the case, but the old ones are definitely powered down.
Hmmmm.... if they're powered down and not unplugged with WoL enabled?
-
@scottalanmiller said in Bad Pings from Windows, Good from Linux:
@notverypunny said in Bad Pings from Windows, Good from Linux:
I assume that physical cables and connections have been checked / swapped / ruled out?
Same ones as the pings that work. So physically connections are ruled out.
Actually - I wouldn't be so quick there.
I had a situation 20 years ago where a Windows server would print OK to a printer, but as AS/400 refused to.
Turned out the cable on the printer was less than good. Windows could handle the latency of the traffic to the printer, the AS/400 could not.
-
@notverypunny said in Bad Pings from Windows, Good from Linux:
@scottalanmiller said in Bad Pings from Windows, Good from Linux:
@notverypunny said in Bad Pings from Windows, Good from Linux:
Cloned VMs? P2V? Restored / Replicated VMs
I believe that this is the case, but the old ones are definitely powered down.
Hmmmm.... if they're powered down and not unplugged with WoL enabled?
How does that work for VMs?
And this wouldn't explain the PCs having the same issue.
-
Do the Windows PCs print direct or through a Windows print server?
-
@Dashrender said in Bad Pings from Windows, Good from Linux:
Do the Windows PCs print direct or through a Windows print server?
Neither. IOGear
-
@Dashrender said in Bad Pings from Windows, Good from Linux:
@notverypunny said in Bad Pings from Windows, Good from Linux:
@scottalanmiller said in Bad Pings from Windows, Good from Linux:
@notverypunny said in Bad Pings from Windows, Good from Linux:
Cloned VMs? P2V? Restored / Replicated VMs
I believe that this is the case, but the old ones are definitely powered down.
Hmmmm.... if they're powered down and not unplugged with WoL enabled?
How does that work for VMs?
And this wouldn't explain the PCs having the same issue.
Was thinking P2V. If the VM kept the MAC from the source physical box and the source box is still plugged it but has WoL enabled the MAC will be on the network 2x, right?
I'll concede the point about the PCs...... Although it's not impossible that depending on the size of the organization, the P2V source could have been repurposed as an endpoint, or the NIC been salvaged and put into service in a desktop.
A quick scan with nmap or advanced ip scanner and sort the results by MAC to see if there's anything funky going on.
I've had a couple of machines with Asus boards and Intel NICs blank the MAC to all 0s. Strangely they kept on working and no conflicts since they weren't on the same L2 but it's something that can happen. Not just Asus boards either, I had found the fix on an MSI site or forum if my memory is correct.
-
@scottalanmiller said in Bad Pings from Windows, Good from Linux:
@Dashrender said in Bad Pings from Windows, Good from Linux:
Do the Windows PCs print direct or through a Windows print server?
Neither. IOGear
So the Windows client print direct to the IOGear, I assume because the printer itself doesn't have a built in network stack.
so - direct.