Help with a tracert rule

I am using Smart Security 4.2.64.12 - but need to DISABLE the firewall to see the results of a tracert. Not Quite true - the trace to the actual destination gets reported but all of the traces that hit the TTL do not show up.

Code:

C:\Windows\system32>tracert -d -w 100 -h 15 google.com

Tracing route to google.com [74.125.226.114]
over a maximum of 15 hops:

  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11    14 ms    15 ms    13 ms  74.125.226.114

Trace complete.

With firewall disabled:

Code:

C:\Windows\system32>tracert -d -w 100 -h 15 google.com

Tracing route to google.com [74.125.226.148]
over a maximum of 15 hops:

  1     1 ms    <1 ms    <1 ms  192.168.1.1
  2     3 ms     2 ms     2 ms  10.9.44.119
  3     4 ms     5 ms     3 ms  130.81.133.166
  4     4 ms     5 ms     3 ms  130.81.29.252
  5     5 ms     6 ms     5 ms  152.63.16.137
  6    35 ms    14 ms    15 ms  152.63.0.166
  7    15 ms    16 ms    15 ms  152.63.21.121
  8    17 ms    17 ms    17 ms  152.179.72.62
  9    14 ms    14 ms    14 ms  216.239.43.114
 10    13 ms    14 ms     *     216.239.48.44
 11    14 ms    14 ms    13 ms  74.125.226.148

Trace complete.

C:\Windows\system32>

Ping to a host works (Ie it is the same as the last hop in a tracert).

It is like the fire wall is seeing the TTL error reply and filtering that out.

Any help will be appreciated.

Bob

 

Try disabling Personal firewall -> IDS and advanced options -> ICMP protocol message checking.

 

That's the ticket - Thank you very much!