-
PingPlotter Professional
Troubleshoot unlimited connections from your computer.
Troubleshoot with Pro Edition -
PingPlotter for Contact Centers
PingPlotter Cloud
Monitor and troubleshoot remote connections anywhere from a centralized online dashboard.
Monitor with PingPlotter Cloud
PingPlotter Insights
Misconfigured Firewall Discovered
Based on the evaluated destinate and hop information it appears that your firewall may be improperly configured and is limiting PingPlotter's ability to test the network. As in the example below a firewall can allow a connection to the target host while hiding all performance data to and from the destination.
Solution
The final destination reports back with an ICMP echo reply, while all the intermediate hops report back with ICMP TTL Expired packets. These different types of packets can be filtered differently by routers and/or firewalls. In the case that you have here, where only the final destination is showing up, it's pretty likely that something very close to your computer is dropping all ICMP TTL Expired packets. Without getting these packets back, there's no way we can determine which router is working at each hop, or what the latency or packet loss is.
Before we dig into the details of this, keep in mind that any time spent getting PingPlotter to report intermediate hops is only helpful if we're seeing packet loss or unreasonable latency at the final destination.
That said, the fact that none of the hops are showing up gives us some clue of where the 'culprit' is - something close to your computer. This could be firewall software on your computer itself; it could be some firewall or router between your computer and the first hop that *should* be reporting, or it could be a handful of other things.
If you're running a firewall or VPN software of some kind, try disabling that (making sure you don't leave your computer vulnerable to some kind of network attack while doing so). This might require disabling one of the services attached to your network card or accessing your software to disable that.
If disabling software changes the behavior, it's possible that there might be an option in that software to allow things to work. We've also heard reports of updating the software version changing things to work (this was particularly the AT&T Network Client VPN software, which has a built-in firewall component).
If you find that this isn't a local PC software issue (which you might also be able to eliminate by using a different computer without some of the possible software components on it), then your next point of possible blockage is your router or local firewall hardware. This might be a DSL modem or some NATing device that serves your local network. This device might have options to block/enable ICMP TTL Expired packets, or it may require a firmware/bios update to get things working.
These same symptoms might appear, but only the first and/or second hops work. If this is the case, then you know it's not your local computer causing the problem.
Known problem firewalls:
- Norton Internet Security 2010 is known to cause this problem. It has a default general rule to block all ICMP inbound and outbound requests. Turn off (uncheck) that rule to enable the full route to show up in PingPlotter.
- If you have a Cisco ASA Firewall, you may need to add an inbound Allow ACL. You can find some background information and instructions here
- If you have a FortiGate Firewall, you may need to create a simple "Permit ICMP Any" ACL. Consult your command manual for information on correct syntax.
If you have a piece of hardware or software causing this problem, please let us know about it so we can list it here.