ICS trouble, please help

By mephisto_007
Feb 23, 2009
Topic Status:
Not open for further replies.
  1. Hi, guy I have this issue I can't figure it out unless you guyz help me... I want to enable Internet Connection Sharing for our wifi-billing software, I thought everything is setting up correctly but it's always turn out the Clients can't use the internet but to my amaze its can ping every site/address? (of course DNS are corrects)

    How do I correct this issue help me guyz... I am really really frustrated..

    Thanx in advance

    Attached Files:

    • ICS.JPG
      ICS.JPG
      File size:
      17.5 KB
      Views:
      8
  2. jobeard

    jobeard TS Ambassador Posts: 13,026   +221

    this is a routing issue.

    you show the ICS Comp with Nic#1+2 but also connected to router at x.1.2;
    if precisely correct, then there's a thrid nic in the ICS Computer --
    what's it's address?

    The issues is to add or change the DEFAULT Route to be your top level router at 192.168.1.2.

    PING? You're pinging what? Your client systems need to be successful when using run->cmd and entering:

    1. nslookup www.google.com
    2. ping www.google.com
    if (1) fails, then so will (2), showing that access to the DNS is failing which is a requirement for all browser to access any website or email server.
  3. mephisto_007

    mephisto_007 Newcomer, in training Topic Starter Posts: 304

    Hi, jobeard

    Clients computer can ping google.com or router no problem, but cannot use browser or application that's require internet. Our ICS comp only has 2 NICs 1 is connected to TOP router (for internet) and second NIC connect to WiFi-Repeater for clients.

    When you're said what is the address for #3 NICs, is that's mean I needed to obtains the 3rd NICs for ICS comp? also by add or change the DEFAULT Route to be our top level router simply mean replacing current router IP? please clear this for me I really need this :-(
  4. jobeard

    jobeard TS Ambassador Posts: 13,026   +221

    Your drawing (very good btw) but IMPLIES three nics by the way it is drawn.
    the NIC on the ICS, connected to the router then, must apparently be 192.168.1.x
    NO!
    NO.
    hum; If all clients can ping www.google.com then the browsers should work too.
    here's how ping works;
    1) given a name like www.google.com, it first accesses the DNS to convert to an IP address
    Code:
    lookup [url]www.google.com[/url] ---> DNS
    returns ip address <---- DNS
    2) using the ip address, it starts the ping protocol
    Code:
    send icmp data ------> google's ip address
    return timing data <----- google's website
    if your clients get back data like
    Code:
    ping www.google.com
    
    Pinging www.google.com [74.125.19.47] with 32 bytes of data:
    
    Reply from 74.125.19.47: bytes=32 time=30ms TTL=244
    Reply from 74.125.19.47: bytes=32 time=32ms TTL=244
    Reply from 74.125.19.47: bytes=32 time=31ms TTL=244
    Reply from 74.125.19.47: bytes=32 time=31ms TTL=244
    
    Ping statistics for 74.125.19.47:
        Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
        Minimum = 30ms, Maximum = 32ms, Average = 31ms
    (your specific address may vary)
    then you should be getting website data too.

    When a client enters
    Code:
    http://www.google.com/
    in the browser address bar, what comes back?
  5. mephisto_007

    mephisto_007 Newcomer, in training Topic Starter Posts: 304

    Hi

    The return pings from the clients is

    Pinging www.google.com [74.125.45.100] with 32 bytes of data:

    Reply from 74.125.45.100: bytes=32 time=600ms TTL=239
    Reply from 74.125.45.100: bytes=32 time=820ms TTL=239
    Reply from 74.125.45.100: bytes=32 time=530ms TTL=239
    Reply from 74.125.45.100: bytes=32 time=350ms TTL=239

    Ping statistics for 74.125.45.100:
    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
    Approximate round trip times in milli-seconds:
    Minimum = 350ms, Maximum = 820ms, Average = 575ms

    I know its sound weird but that's issue really got me on my nerve for day...

    The return browser for Clients seem to be very very in slow process to accessing the sites (I could see the loading bars) but its never get there so it's just stuck there. without saying there is no internet connection or page cannot display... I' also have disable firewall on ICS as well. What seem to be the problem, I can't figure it out... arggg :(
  6. jobeard

    jobeard TS Ambassador Posts: 13,026   +221

    >>Reply from 74.125.45.100: bytes=32 time=600ms TTL=239
    >>Reply from 74.125.45.100: bytes=32 time=820ms TTL=239
    >>Reply from 74.125.45.100: bytes=32 time=530ms TTL=239
    >>Reply from 74.125.45.100: bytes=32 time=350ms TTL=239

    OUCH! not only are the times highly variable (ie +- 300ms from best to worst), but they're 10x what is expected!

    you've got a node in the path that is terrible; find it with
    pathping 74.125.45.100
    make sure the last two lines read
    ## yx-in-f100.google.com [74.125.19.47]
    Computing statistics for xxx seconds...​
    I suspect you'll have trouble getting to the f100.google.com due to timeouts (which will not show in the display)
  7. mephisto_007

    mephisto_007 Newcomer, in training Topic Starter Posts: 304

    Hi,
    Here is the result... and what is the command do? do I have to run this command everytime clients connected? is it the NICs issue? and how do I resolve this problem? and thank for replying I thought you've abandon me :)


  8. jobeard

    jobeard TS Ambassador Posts: 13,026   +221

    Tracing route to yx-in-f100.google.com [74.125.45.100]
    over a maximum of 30 hops:
    0 5eb2bc987810499 [192.168.0.15]
    1 yx-in-f100.google.com [74.125.45.100]​
    quiet impossible! (you must have edited the data)
    If true, this says your LAN is DIRECTLY attached to Google :(

    this should have looked something like
    Code:
      0  LTbeard [192.168.0.4]
      1  localRouter [192.168.0.1]
      2  cpe-ww-xx-yy-zz.socal.res.rr.com [ww-xx-yy-zz]
      3  gig11-14.vntrca1-rtr1.socal.rr.com [76.167.3.85]
      4  tge9-3.lamdca1-swt1.socal.rr.com [76.167.2.52]
      5     *        *     tge4-0-0.lsanca1-rtr1.socal.rr.com [76.167.2.56]
      6  ae-5-0.cr0.lax00.tbone.rr.com [66.109.6.102]
      7  ae-0-0.pr0.lax10.tbone.rr.com [66.109.6.133]
      8  72.14.197.157
      9  216.239.46.180
     10  216.239.43.125
     11  72.14.232.213
     12  209.85.253.133
     13  yx-in-f100.google.com [74.125.45.100]
    
    [COLOR="DarkOrange"]Hop [/COLOR] RTT    Lost/Sent = Pct  Lost/Sent = Pct  Address
      0                                           LTbeard [192.168.0.4]
                                    0/ 100 =  0%   |
      1    0ms     0/ 100 =  0%     [COLOR="DarkOrange"]0/ 100 =  0%[/COLOR]  localRouter [192.168.0.1]
                                    [COLOR="DarkOrange"]0/ 100 =  0%[/COLOR]   |
      2    9ms     0/ 100 =  0%     0/ 100 =  0%  cpe-ww-xx-yy-zz.socal.res.rr.com [ww-xx-yy-zz]
                                    0/ 100 =  0%   |
      3   10ms     0/ 100 =  0%     0/ 100 =  0%  gig11-14.vntrca1-rtr1.socal.rr.com [76.167.3.85]
                                    0/ 100 =  0%   |
      4   18ms     0/ 100 =  0%     0/ 100 =  0%  tge9-3.lamdca1-swt1.socal.rr.com [76.167.2.52]
                                    0/ 100 =  0%   |
      5   25ms     0/ 100 =  0%     0/ 100 =  0%  tge4-0-0.lsanca1-rtr1.socal.rr.com [76.167.2.56]
                                    0/ 100 =  0%   |
      6   26ms     0/ 100 =  0%     0/ 100 =  0%  ae-5-0.cr0.lax00.tbone.rr.com [66.109.6.102]
                                    0/ 100 =  0%   |
      7   26ms     0/ 100 =  0%     0/ 100 =  0%  ae-0-0.pr0.lax10.tbone.rr.com [66.109.6.133]
                                    0/ 100 =  0%   |
      8   24ms     0/ 100 =  0%     0/ 100 =  0%  72.14.197.157
                                    0/ 100 =  0%   |
      9   24ms     0/ 100 =  0%     0/ 100 =  0%  216.239.46.180
                                    0/ 100 =  0%   |
     10   91ms     0/ 100 =  0%     0/ 100 =  0%  216.239.43.125
                                    0/ 100 =  0%   |
     11  103ms     0/ 100 =  0%     0/ 100 =  0%  72.14.232.213
                                    0/ 100 =  0%   |
     12  103ms     0/ 100 =  0%     0/ 100 =  0%  209.85.253.133
                                    0/ 100 =  0%   |
     13   98ms     0/ 100 =  0%     0/ 100 =  0%  yx-in-f100.google.com [74.125.45.100]
    
    Trace complete.
    each HOP is a system in the path to google and
    we look for ANYTHING that is not 0/ 100 = 0%
    which would say TCP packets are being dropped at the node.
  9. mephisto_007

    mephisto_007 Newcomer, in training Topic Starter Posts: 304

    Hi, I have no reason why to edit the data but this is what I got when entering the command... I just did it again and there is no long list code that look similar to your... I dont know what's should I do next...
  10. mephisto_007

    mephisto_007 Newcomer, in training Topic Starter Posts: 304

    ok so here is what I got from computers in the office, and I dont know why the clients still display what its seem to be even if I change it's to pathping google.com

  11. jobeard

    jobeard TS Ambassador Posts: 13,026   +221

    hum; I just performed tracert to wallstreet journal (wsj.com) from LA and it is
    20 hops (nodes or systems) from me and got replies in 100ms

    your 300-600ms timings are bogus.

    a) does this occur (ie huge delays) for ALL your clients or just one?

    On the system that has ICS active
    Code:
    modem --- MajorSystem--(ics)--router--othersystems
    eg the MajorSystem,

    suggest you start diagnosis shown here

    I suspect an infected proxy in the system ...
  12. jobeard

    jobeard TS Ambassador Posts: 13,026   +221

    did you notice the inconsistency?
    Code:
    Tracing route to [B]yx-in-f100.google.com [74.125.45.100][/B]
    over a maximum of 30 hops:
    0 diablo-01 [192.168.1.150]
    1 192.168.1.2
    2 124.108.51.1
    ....
    [COLOR="Red"]12 * * *[/COLOR] [COLOR="Purple"]<<ERROR[/COLOR]
    Computing statistics for 300 seconds...
    Source to Here This Node/Link
    Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
    0 diablo-01 [192.168.1.150]
    0/ 100 = 0% |
    1 0ms 0/ 100 = 0% 0/ 100 = 0% 192.168.1.2
    0/ 100 = 0% |
    2 137ms 0/ 100 = 0% 0/ 100 = 0% 124.108.51.1
    0/ 100 = 0% |
    ...
    12 --- 100/ 100 =100% 0/ 100 = 0% [COLOR="Red"]diablo-01 [0.0.0.0][/COLOR]
    
    Trace complete.
    you did NOT reach google.com but the <<ERROR above prematurely terminated the test!
  13. mephisto_007

    mephisto_007 Newcomer, in training Topic Starter Posts: 304

    I don't know but all computer in Offices can access Internet ok and here is the result from another comp from Offices

     
  14. mephisto_007

    mephisto_007 Newcomer, in training Topic Starter Posts: 304

    I've re-setup ICS but stil the same things happen (every computers can access Internet, of course ICS has no problem either) the client computers both from WiFi and Cable can't access internet through browser or other application but all get ping replied from websites, here is another result from the client comp

    what's the next step I should do?
  15. jobeard

    jobeard TS Ambassador Posts: 13,026   +221

    This link has massive losses:
    • 1-2 from your router to your ISP
    These links (ie the wires) between systems have small losses:
    • 6-7
      8-9
      13-14
    Node 14 has heavy losses too, but you can't fix that.
    Code:
    Hop RTT Lost/Sent = Pct Lost/Sent = Pct Address
    0                         NARY-01 [192.168.1.180]
                             0/ 100 = 0% |
    1        0ms 0/ 100 = 0% 0/ 100 = 0% 192.168.1.2
                            [color="Red"]28/ 100 = 28% |[/color]
    2 785ms 32/ 100 = 32% 4/ 100 = 4% 124.108.51.1  [B]<<would appear to be your ISP connection[/B]
                             0/ 100 = 0% |
    3 836ms 28/ 100 = 28% 0/ 100 = 0% 120.136.31.129
                             0/ 100 = 0% |
    4 796ms 30/ 100 = 30% 2/ 100 = 2% 124.108.48.19
                             0/ 100 = 0% |
    5 909ms 28/ 100 = 28% 0/ 100 = 0% 203.113.185.245
                             0/ 100 = 0% |
    6 844ms 28/ 100 = 28% 0/ 100 = 0% 203.113.158.138
                             1/ 100 = 1% |
    7 882ms 30/ 100 = 30% 1/ 100 = 1% 74.125.50.245
                             0/ 100 = 0% |
    8 915ms 29/ 100 = 29% 0/ 100 = 0% 72.14.233.27
                             1/ 100 = 1% |
    9 908ms 30/ 100 = 30% 0/ 100 = 0% 209.85.249.236
                             0/ 100 = 0% |
    10 1048ms 31/ 100 = 31% 1/ 100 = 1% 216.239.43.212
                             0/ 100 = 0% |
    11 976ms 31/ 100 = 31% 1/ 100 = 1% 216.239.46.204
                             0/ 100 = 0% |
    12 955ms 31/ 100 = 31% 1/ 100 = 1% 64.233.174.127
                             0/ 100 = 0% |
    13 993ms 30/ 100 = 30% 0/ 100 = 0% 209.85.251.129
                             1/ 100 = 1% |
    14 1042ms 43/ 100 = 43%  [color="Red"]12/ 100 = 12%[/color] 74.125.30.6
                             0/ 100 = 0% |
    15 1021ms 31/ 100 = 31% 0/ 100 = 0% cg-in-f100.google.com [209.85.171.100]
    
    your total losses exceed 50%
    Recommendation:
    1. Replace all wires from the phone jack to the ADSL modem and to the 192.168.1.2 router.
    2. update the firmware in that router
    3. move the A/P to directly connect to the router and bypass ICS altogether
    Monitor the response time from node 1-2, 785ms is just terrible!
  16. LookinAround

    LookinAround TechSpot Chancellor Posts: 8,281   +152

    Totally agree with jobeard.

    Also, another way to look at these results is that approx. 75% of the latency is between you and your ISP!!!

    I also note that you're originating in Southeast Asia which may or may not be relevant to the quality of your phone lines but it issue is certainly something you should address with your ISP
  17. jobeard

    jobeard TS Ambassador Posts: 13,026   +221

    Here's how
    run -> cmd /k ping -t 124.108.51.1​
    just let it run and watch the timings change.
    On a good link, they should not change more the +-1%
    results from Los Angeles, CA, U.S.A
    Pinging 124.108.51.1 with 32 bytes of data:

    Reply from 124.108.51.1: bytes=32 time=497ms TTL=242
    Reply from 124.108.51.1: bytes=32 time=503ms TTL=242
    Reply from 124.108.51.1: bytes=32 time=497ms TTL=242
    Reply from 124.108.51.1: bytes=32 time=494ms TTL=242
    ...
    Reply from 124.108.51.1: bytes=32 time=499ms TTL=242
    Reply from 124.108.51.1: bytes=32 time=506ms TTL=242
    Reply from 124.108.51.1: bytes=32 time=501ms TTL=242
    Reply from 124.108.51.1: bytes=32 time=495ms TTL=242
    Reply from 124.108.51.1: bytes=32 time=495ms TTL=242
    Reply from 124.108.51.1: bytes=32 time=494ms TTL=242
    Reply from 124.108.51.1: bytes=32 time=495ms TTL=242
    Reply from 124.108.51.1: bytes=32 time=500ms TTL=242
    This makes the point that the ISP at this address STINKS!
    as an example of another long-haul from L.A. to Milan, IT (18 hops)
    18 188 ms 189 ms 187 ms ae-4-4.car2.Milan1.Level3.net [4.69.133.137]

    Pinging 4.69.133.137 with 32 bytes of data:
    Reply from 4.69.133.137: bytes=32 time=191ms TTL=243
    Reply from 4.69.133.137: bytes=32 time=188ms TTL=243
    Reply from 4.69.133.137: bytes=32 time=190ms TTL=243
    Reply from 4.69.133.137: bytes=32 time=189ms TTL=243
    Reply from 4.69.133.137: bytes=32 time=188ms TTL=243
    Reply from 4.69.133.137: bytes=32 time=190ms TTL=243
    Reply from 4.69.133.137: bytes=32 time=187ms TTL=243
    Reply from 4.69.133.137: bytes=32 time=190ms TTL=243
    Reply from 4.69.133.137: bytes=32 time=189ms TTL=243
    Reply from 4.69.133.137: bytes=32 time=190ms TTL=243
    Reply from 4.69.133.137: bytes=32 time=187ms TTL=243​
    Notice from best (187) to worst(191), is a change of only 4ms​

    I fully appreciate that COST to you may be very expensive for any Internet access,
    but suggestion you google for satellite isp providers as an alternative service.
  18. mephisto_007

    mephisto_007 Newcomer, in training Topic Starter Posts: 304

    I am consider of changing our current ISP but before I do so, I want to ask you is it possible that the issue I am encounting with caused by Hardware (eg: NICs, Router, Switch, Computers itself) or Software or the way I've setup the network (I've had 2 Switchs pickiback each other) and cause delay or lag? because I dont want to make the same mistake after we change to a new ISP. Neverthless thank you very much for your times and effort to help, I' truly appreciate that..
  19. LookinAround

    LookinAround TechSpot Chancellor Posts: 8,281   +152

    I think the simplest test is to connect one computer directly to the ADSL Modem. Then run the same tests on the computer.

    If you still have the same latency issues, then the problem is the ADSL Modem, your ISP, anything in between the two. And in that case, is worth reporting the problem to ISP as for all we know it might simply be a bad ADSL modem (for example, that need be replaced)
  20. jobeard

    jobeard TS Ambassador Posts: 13,026   +221

    it could be your Wi-Max device. Just yesterday a friend had his cable modem fail and
    it had very similar symptoms --- food for thought
  21. mephisto_007

    mephisto_007 Newcomer, in training Topic Starter Posts: 304

    Hi, I've notice a very very steady ping reply from our ISP gateway (124.108.51.1) between 40ms to 50ms but if I try to access internet either using browser or application require internet than the ping reply will spike to 400ms to 1500 ms... any idea what is goin on?

    How does your friend fix this? by replacing a new device or just simply remove it or switch off the option!?
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.