This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hello experts,

I need help troubleshooting an issue I never ever had before.

I can’t get only a specific Windows 7 PC to reach a new WatchGuard XTM device. Currently it is statically-configured using a temporary IP address 192.168.1.2/24. The old WatchGuard Firebox X Edge is configured using IP address 192.168.1.1/24.

For the love of god, I can’t get only that specific Windows 7 PC to even ping the new WatchGuard XTM device using the temporary IP address 192.168.1.2/24. Apart from this issue, everything is working just fine. Believe me, we have tried almost everything to figure out this issue and no luck.

From within the new WatchGuard XTM device, you downloaded a packet capture file to help us diagnose the problem. When sending out a continuous ping from another computer on the same network (using IP address 192.168.1.252/24), the packet capture file downloaded from the new WatchGuard XTM device shows ARP Requests from host 192.168.1.252 and ARP Replies from host 192.168.1.2 as we would normally expect. When sending out a continuous ping from the affected computer (using IP address 192.168.1.114/24 or another IP address on the same network), however the packet capture file downloaded from the new WatchGuard XTM device does not even show any ARP Request from host 192.168.1.114 (or whatever) and, as a result, no ARP Replies from host 192.168.1.2 as we would normally expect.

Even more strange, all packet capture files downloaded from the new WatchGuard XTM device are quite large (several hundred MB) as we would normally expect, while packet capture files generated from within the affected computer are very small (less 30 KB // 254 packets captured with no capture filter).

Any help would be greatly appreciated.

Thanks and Regards,

Massimiliano

asked 01 Dec '14, 10:30

mrizzi2's gravatar image

mrizzi2
11112
accept rate: 0%


the new WatchGuard XTM device does not even show any ARP Request from host 192.168.1.114 (or whatever) and, as a result, no ARP Replies from host 192.168.1.2

One possible reason for that behaviour could be a static ARP entry on your PC (192.168.1.114) for 192.168.1.2, for whatever reason. Please check that.

What do you get, if you run the following command:

arp -a | find "192.168.1.2"

Another option would be: 192.168.1.2 is configured as an additional IP address on the Windows PC, possibly on a different (removable) network adapter. What do you get if you run the following commands:

route print | find "192.168.1.2"

and

ifconfig -a | find "192.168.1.2"

Regards
Kurt

permanent link

answered 01 Dec '14, 17:21

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×254
×78
×74
×43

question asked: 01 Dec '14, 10:30

question was seen: 2,446 times

last updated: 01 Dec '14, 17:21

p​o​w​e​r​e​d by O​S​Q​A