Two test devices, 192.168.104.100 and 192.168.3.100, need to test mutual access. It is found that time out occurs when the former pings the latter, and the latter pings the former normally. As shown below:
Strange, the reason for time out:
It is divided into forward problems and backward problems. There is a problem with the forward transmission, resulting in the destination party not receiving it. The forward destination device opens the firewall, and interception causes the destination party not to receive it. There is a problem with the backward return, causing the forward return not to be received and other reasons.
1. There is a problem with the routing of the ping request and it is sent to other places, resulting in the other party not receiving it.
2. The other party received the request message, but turned on the firewall and intercepted the ping request message. As a result, the upper layer did not receive the request message, so it did not reply to the ping reply message, causing the sender to wait for a timeout and display time out.
3. There is a routing problem on the destination side. The request message is received, but the reply is returned to other places. As a result, the sender cannot receive the reply and the timeout is displayed. Or there is no backhaul route, mask error and other problems.
4. There is an IP conflict in a cross-network segment environment, and the mac address cache of the destination gateway is updated. This causes the gateway to send the ping request message to other mac addresses, causing the destination device to not receive the ping request message at all.
5. The incoming interface and the backhaul outgoing interface of the ping message are not the same interface of the device, etc.
192.168.3.100 can ping 192.168.104.100. It seems that it is a one-way ping problem. Check whether the firewall on 192.168.3.100 is turned on?
Run friewall.cpl and find that the firewall is turned off, so possibility 2 is eliminated.
Decide to capture packets at the sender and receiver at the same time to see if the forward request is received by the other party?
The packet capture revealed that when pinging started, 192.1683.3.100 did not receive any icmp message packets. Is this consistent with possibility 1?
Check the packet capture on the 192.168.104.100 side:
Dual network cards, enable packet capture for both network cards
It is found that the source mac that cannot be pinged out and the destination mac that can be pinged are inconsistent, as shown below:
The destination mac that cannot ping is sent to this mac address.
When the check failed, I found that it was sent to this IP address.
192.168.209.1 c8-50-e9-67-fa-0c
Instead, use this network card:
The source mac for pinging is mac192.168.104.1 c4-a5-59-3d-b3-38 in the picture above, and the destination mac is 00-E0-4C-68-05-D5
Check the route:
In line with situation 1, the forward message was sent to the wrong place.
Use forced IP specification and find it normal.
Watch wireshark capture packets:
Apparently, the problem is caused by the fact that the rule in the Windows operating system that routes with low hops are used first does not take effect. The specific reason is unknown.