Ping!

  • Article

When it comes to troubleshooting networking problems nothing is more trusted then ping.  It is probably the first networking utility that everybody masters.  When you want know if communication works between point A and B ping is your friend.  Often times when working with PNRP I have used ping to make sure that I could ping the seed server.  I use ping to ping the Teredo server, the router.  I use ping to ping the IPv6 address of other hosts on the network.

However in Vista the windows firewall blocks ICMP traffic by default.  A friend of mine called me last week and said that he couldn't ping from one machine to another.  He disabled the Windows Firewall service so he knows that is not the problem.  In fact that was causing the problem.  When you disable that service the operating system thinks something might be wrong and goes into a shields up mode, not letting any traffic through.  Also turning off the firewall (either by stopping the service or just turning it off) causes the Teredo client to turn off.

So how do you enable ICMP traffic through the firewall?  In XP it was easy.  In the firewall user interface there was a checkbox that turns it on and off.  In Vista, it is a bit more complicated.  There are two ways.  The easiest is from the command line using NETSH.  From an elevated prompt run:

For ICMPv4:

netsh advfirewall firewall add rule name="ICMPv4 Inbound" dir=in action=allow enable=yes profile=any localip=any remoteip=any protocol=icmpv4:8,any interfacetype=any edge=yes

For ICMPv6:

netsh advfirewall firewall add rule name="ICMPv6 Inbound" dir=in action=allow enable=yes profile=any localip=any remoteip=any protocol=icmpv6:128,any interfacetype=any edge=yes

From the user interface:

  • Open the Windows Firewall with Advanced Security user interface. (This can be done by searching for "advanced" on the start menu search.)
  • Except the elevated permission.
  • Select Inbound Rules on the left side panel
  • Select New Rule on the right hand actions panel
  • Select a custom rule. Hit next
  • Select All programs. Hit next
  • Select Protocol Type ICMPv4 (or ICMPv6).
  • Select Customize
  • Select Specific ICMP Type
  • Select Echo Request. Select OK. Select Next
  • Select Next to allow all addresses
  • Select next to allow this connection.
  • Select next to allow all profiles
  • Give it a name such as "ICMPv4 Inbound"
  • Select Finish
  • Right click on the exception that was created and select properties.
  • Select the advanced tab
  • Click Allow edge traversal (this allows ICMP traffic to go through NATs)

At this point you the firewall should allow ICMP traffic for ping.

-Travis