Hi,
I've got Windows98se2nd edition and Sygate Personal firewall 5.0 1150.
My backtracing function (in logs>Traffic logs) don't run : I obtain this message "Unable to get whois information for this IP address."
whereas with an other computer (Windows Xp and the same Sygate) it runs very well.
Any idea ?
Thx,
regards

Hi babyhack,

Do you by any chance have Socketlock (or any similar program) installed on the computer where the backtrace won't work?
In this case you'll have to turn it off when using the backtrace option.

Regards,

Pieter

Well, indeed in the past I ever installed neotrace pro and Visual route evaluations (tracer programs too). I have uninstalled them for a long time but maybe the uninstall hasn't been so effective. I'm using Regcleaner and I didn't see any signs of presence of these programs.

Do you know how to find the remaining files to delete ?
thx for your help,
regards

There's an easy way to test if this is the problem.
Download SocketToMe (http://grc.com/dos/sockettome1.htm) to see if raw sockets are available.

Let me know,

Pieter

I followed your instructions and (I didn't understand the aim of the process) I obtained :

Safe (partial) raw sockets available

What does it mean ? What is a raw socket ?

regards,

Can't explain it better then this: http://www.linuxchix.org/content/courses/security/raw_sockets
Since I was obviously on the wrong track in solving your problem, you may also want to take a look here: http://forums.sygatetech.com/ if you can find anything related.
Or wait untill our own firewall experts show up.

Regards,

Pieter

babyhack

-{ Quote: "I obtain this message "Unable to get whois information for this IP address."" }-

Is the querry getting through and just no information available? Or is the outbound request not getting through?

Not that familiar with Sygate, but do you have anything in your advanced rules that might be blocking/not allowing the Who Is querry?

(it would require outbound to remote service/port 43).

This thread looks a little old, but you do you get this everytime? I am using Sygate Pro 5 as well, and I believe I have seen this message as well from time to time just as I get something similar when using trace functions in TDS-3. Some addresses are registered in databases other than ARIN or some such nonesense.

Sometimes you have to scracth a little harder to backtrace an IP (i.e. seach in databases for other parts of the world)