WRV200 diagnostics - ping

Discussion in 'Cisco Small Business Routers and VPN Solutions' started by Sfor, Feb 8, 2007.

  1. Sfor

    Sfor Network Guru Member

    I've got a question about the WRV200 ping option.

    Does it send the ping through the default gateway? Because, I do not believe it does.

    I received several successfull pings from the router GUI interface, while pinging from a LAN connected computer returned timeout condition.

    I do believe someone is doing ARP poisoning attacks in the WAN my WRV200 router is connected to. The pinging from inside of my LAN shows TTL 127, while it always was 63. I can ping the WAN gateway, but there is a timeout while pinging some internet address. The interesting thing happens, when I do a ping from the router itself. The ping to an internet address works, while pinging from LAN does not.

    More interesting effect is, in the moment I do the ping from the router, the LAN pinging starts to work for a while returning TTL 63. After a while it is back to 128, again.

    Or, perhaps, the router ping ignores the current ARP table settings, or perhaps it resets the ARP table. I want to know more about the router ping feature. Because, it will let me understand what is going on in my WAN.

    Also, a router's ARP table check would be a nice feature. As, I will have to connect a comuter to the WAN directly, in order to check, if the MAC address of the gateway serwer was changed. Information about gateway's MAC address changed would be a very nice addition to the router syslog feature, as well.
  2. ifican

    ifican Network Guru Member

    Though arp poisoning is possible I find it unlikely. As to your question about the default gateway the answer would be yes. No matter what the router or your computer think the default gateway is it is sending it to the default gateway. You may be getting or seeing goofy things because the isp side is using proxy arp and some packets are going one way and others are going someother way. Then again all of this might be because the wrv200 likes to go goofy things when it has been running unrebooted for sometime.

    If you really want to see what is going on put a switch on the wan side and use a packet sniffer to monitor traffic. I have not played with the 200 in sometime but i will put it back in the network and have a look, i think under the route table button it shows next hop address, though i could be wrong.
  3. Sfor

    Sfor Network Guru Member

    The problem with internet connection is not only mine problem. The same time other user had the same ping from LAN response while working on Digitus router. So, the problem is not caused by the WRV200 router.

    I do believe the WRV200 ping does trigger ARP discover packets, before sending the ping. So, it does reset the WAN gateway ARP entry, that way.

    A true improvement of the router firmware would be a feature of manual setting of the WAN gateway MAC. So, the WAN internet access would be immune to ARP poisoning. I saw no such a feature in any low cost router, so far. And to be true, the static ARP entry possibility is the best argument for using a computer based router, for me, so far.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice