ping -a not resolving name anymore

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements
Please sign in to see details of an important advisory in our Customer Advisories area.

ping -a not resolving name anymore

L3 Networker

Hello Bro,

             In our network we used to be in the same vlan of our employees endpoint and we used to use the command ping -a x.x.x.x

to resolve the name of the pinged IP.

after we have moved our PCs "admins" to a different zone, now we can't use this command anymore, the ping is working but the paramenter -a is not getting any names.

knowing that we have a full access to the dns still.

I belive this is firewall matter and as I read ping -a uses some layer 2 staff.

things are not clear, so how to have ping -a getting the names with the command output again?

TIA

MR
10 REPLIES 10

Cyber Elite
Cyber Elite

@MRamadanAHafiez,

This option works perfectly fine through security zones on my firewall without any issues. If this only started happening after you moved these machines into a new security zone, try enabling logging on your interzone-default to ensure your capturing denied traffic and see if anything is getting blocked due to not being included in your rulebase.

L3 Networker

Thank you @BPry so much for the reply.

We are not blocked from anything from our new zone, and the monitor logs says nothing denied.

I will double check but if you tell me how ping-a works that may help me resolving it.

Any ideas appreciated.

MR

L1 Bithead

Was the name resolution working via DNS or Netbios? It’s possible it was Netbios and reason it worked prior to the move. 

@aortiz name resolution working via dns no problem after and before zones separation, this is for dns.

But after changing to the new zone ping -a x.x.x.x  Not working "was working before Changing zone".

MR

If it worked via DNS and your DNS traffic is not being blocked, then it should still work. I suspect the name resolution was working via Netbios which uses broadcast destination address and most likely not being forwarded across. You can test ping -a from new zone to verify it still works on same broadcast domain and play with nslookups to test DNS. 

L1 Bithead

Hi, 1. can you check interface setting and its zone protection configuration. It may be possible ping is blocked on interface level.

 

2. can you check output of tracert and check where it gets dropped . It will give you idea about the hop which comes in between source and destination. You can check all devices if you are sure that PA configuration is fine.

 

2. Is ping not working for specific subnet or whole network

 

 

 

 

@MRamadanAHafiez,

Offhand I don't know how ping -a functions in the background and whether it uses netbios or DNS for the name resolution. The only thing that I can tell you for sure is that I can do it successfully across security zones without any issues. This is the first time that I've actually even heard of ping -a, and it's not extremely useful personally, but it's perfectly functional across L3 security zones without any issue. 

L3 Networker

Hi,

 I hope any one tell me how this ping -a works.

is it working by querring the name "from the DNS" so I need to have access to the DNS which is already provided.

is it using the netbios name? how to enable this app in the security rules?

"by the way, just now I found the ping -a is working to other zone"

MR

L3 Networker

Hello Bro,

              After using the packet capture, I have discovered that the commanf ping -a x.x.x.x uses the LLMNR "Linl-Layer Multicast name resolution", Kindly anyone correct me or tell me how to allow this kind of multicast app " abit risky app, but i need to POC it"

MR

L1 Bithead

Use of LLMNR is not recommended. I suggest you use DNS for name resolution. 

  • 4172 Views
  • 10 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!