Browser times out but ping, nslookup, and tracert work (WinXP). Why?
May 29, 2006 7:37 AM   Subscribe

On my WinXP Pro laptop I can ping, nslookup, and tracert to whatever address I like, but no browser can load any pages, even by IP address. I get connection timeouts 100% of the time. Why, and how can I fix it?

I have broadband access, shared in my home network via a router. Other machines are working as normal via this router. I'm running Kerio Personal Firewall but it makes no difference if I disable it. I've tried disabling and re-enabling the network adapter, I've tried flushing the DNS cache, I've tried releasing and renewing, I've tried "repairing" the connection. No dice. I have a perfectly good IP address assigned from my router (which I've tried rebooting). As stated above I can run "nslookup" and get an IP address, and I can tracert and ping by domain name or IP address, but when I try to browse to either a name or IP address I get a connection timeout. I've tried Firefox (my usual browser) and IE, both of which worked before.

Grudging admission #1, which will make some of you dismiss this as a wireless networking, issue: everything works fine when I try a wired connection. However, I'm sure it's not an issue with WiFi per se, because I can see the net, just not in a browser.

Grudging admission #2: Everything worked fine until I used the same machine to connect to a shared connection via Bluetooth the other day. The notebook has a built-in Bluetooth adapter, which I normally disable unless I'm using my Bluetooth mouse. I recently used a USB dongle to share an internet connection from another machine when I had no other way to get my notebook online. That worked just fine, and I didn't have to change any settings outside of those specific to the Bluetooth adapter and connection. I suspect, however, that as a side effect and to spite me for messing with an otherwise stable configuration, something has gone awry with the WiFi network connection/adapter in somewhere in Windows, even though I didn't directly change this adapter. How can I change it back?

Since it seems like the solution might be the same, I'm going to ask about a second problem: a friend of mine just asked for my help fixing her network, which is similarly afflicted: she also has broadband and WinXP, though she has one machine and no router. She can ping, nslookup, and tracert as well. But Firefox can't load any pages. IE can load some pages but bombs out on others (notably all secure HTTP connections). She can run her AOL client and access email. I'm hoping that fixing one of our problems will illuminate the solution to the other.

I have been all over in Google looking for answers to this sort of problem but I'm apparently not clever enough to find such answers, though they must exist somewhere. When I learn the solution to this myself I'll shout it from the rooftops!
posted by Songdog to Computers & Internet (14 answers total)
Sounds like you or someone else is messing with the MTU (packet size). Small packets, such as those sent by ping, are getting through. Large packets, such as occur in web browsing, are getting fragmented or dropped.

Try this, specifically the ping commands listed (which tell ping to send large packets):

Your MTU *should* be set to something high, like 1492 or 1500. It's probably set to something too low.

Ah! Bluetooth uses a default MTU of 672. I'm holding the sealed envelope up to my forehead and saying, "Your MTU is now set to 672 after using Bluetooth when it should be 1500".
posted by jellicle at 7:49 AM on May 29, 2006

Response by poster: That's a great idea, jellicle. I tried ping -f -l n at 1500, 1492, and 1454. 1500 and 1492 both result in "Packet needs to be fragmented but DF set," but 1454 worked fine, producing 4ms pings from my gateway (the router).
posted by Songdog at 8:02 AM on May 29, 2006

Response by poster: These are deep and uncharted waters for me (Windows TCP/IP internals, that is). There are six keys under Tcpip/Parameters/Interfaces in my registry. I would have expected four: LAN, WiFi, Bluetooth, and IEEE 1394, though the Bluetooth one disappears when I disable the Bluetooth radio. I opened up Network Connections and found an oddity which I don't recall seeing before: In addition to the "Wireless Network Connection" listed as "Connected" under "LAN or High-Speed Internet" there is also an "Internet Gateway" group under which I see "WAN-1 on SMC2804WBR" (my router). I could swear that wasn't there before. I'm almost certain that in the past when I connected via WiFi I just saw the Wireless Network Connection entry. Could using Windows connection sharing via Bluetooth have forced my computer to expect a different sort of a gateway?
posted by Songdog at 8:09 AM on May 29, 2006

Well, when I was suffering from the same symptoms, it turned out to be a port issue.
posted by ludwig_van at 8:12 AM on May 29, 2006

Response by poster: To see whether it could be a port 80 issue I tried making IM connections. That doesn't work either. So the command-line tools tracert, nslookup, and ping can get out, but other client applications cannot. On a whim I tried telnetting from the commandline to and on port 80 and I couldn't reach them that way either.

I found my wireless connection in the registry and added an MTU value of 1500 (decimal), and rebooted, per the instructions at jellicle's Annoyances link, but sadly this did not resolve my problem.
posted by Songdog at 8:19 AM on May 29, 2006

A port issue? Then that's definitely the router. Check the router and see if it's doing something unusual with the private IP address assigned to your computer, like, say, blocking outgoing port 80 connections.

Probably you get a different private IP address when you connect wired, so that's why wired works.
posted by jellicle at 12:59 PM on May 29, 2006

Response by poster: jellicle, you misunderstood. It's not a port issue. I did that test to make sure after ludvig_van made the suggestion. I'm getting the same private IP via WiFi that I've always gotten. (x.x.x.101; my desktop gets x.x.x.100).
posted by Songdog at 5:03 PM on May 29, 2006

...there is also an "Internet Gateway" group under which I see "WAN-1 on SMC2804WBR" (my router).

Double-click this and watch the status window while you try surfing. If the sent packets increases, that means it's trying to use this for the internet connection. If so, delete it & reboot. Hell, try deleting it and rebooting anyway - it's a hangover from when you used ICS via Bluetooth the other day.

As to why ping / nslookup work & browsing doesn't : Don't know. ICS is like that sometimes. Looking at the routing table ("route print") might give a clue, if the metrics for both routes are the same. I keep forgetting to do this when I strike the problem...

Your friend's problem sounds like a straightforward MTU issue. Note that it is possible for the MTU to be set too large.
posted by Pinback at 6:14 PM on May 29, 2006

Best guess is UPNP (Universal plug and play) on the router and ICS (internet connection sharing) are causing some very wacky bit of asymetrical routing. It looks like you're able to use ICMP and UDP protocols just fine, however anything requiring a TCP socket is failing.

Check and see if you can telnet to port 80 of, if you can then you know you have a valid path and the likelihood of routing asymetry being the culprit is lowered.

I don't think you have a MTU problem, it is conceivable that you have a conflict between MTU and MSS (Maximum Segment Size) but this is more common on cisco routers and would be demonstrable on all devices connecting through the router, you will sometimes see this with HTTPS connections as the applications often require the do not fragment bit to be set. If you're seriously concerned lower the MTU to 1200 or so and see if you can connect.

Seting your MTU low (usually) does not hurt your ability to connect, it means that you don't send packets that are too large for the transport. MTU problems used to occur frequently when DSL was first rolled out due to the frame size on the transport. Since your connection works when you're wired and it shares the transport with other functioning machines it's probably not anything due to the router or it's settings.

Everything working on a wired connection is interesting, wired connections generally have a higher interface priority when both wired and wireless is available, consequently that route will have a lower metric in the routing table.

If possible, disable ICS and disable UPNP on your router, you may have to set up your wireless connection again via windows wireless connection wizard to get it to play nice with others, I've encountered situations like this where wireless wasn't working and there was no reasonable explanation for it and setting up the network via the wizard resolved the issue.
posted by iamabot at 11:41 PM on May 29, 2006

Response by poster: More excellent ideas! I'm at work and will try these things when I get back to the router. I'll check out the gateway item in Network Connections as Pinback suggested and see if deleting it fixes things. And iamabot is ringing a bell. At some point in the not-too-distant past I might have turned UPnP on on the router in part of an (unsuccessful) attempt to resolve a video chat issue. I had forgotten about this until you mentioned it, and I'll see how things are set on the router. iamabot, I did already try telnetting to on port 80, as I mentioned in one of my longwinded comments above. No dice.
posted by Songdog at 5:36 AM on May 30, 2006

Response by poster: I disabled UPnP on the router and got the spurious gateway entry to go away on the computer. After rebooting it's still not working. In a spot check I am able to load a web page over a neighbor's open wireless router, but even after doing this I cannot reach the web through my own, though my connection is otherwise good as described above. I'm about to go on a trip, and so the good news is that it looks like my notebook will probably get online everywhere else.
posted by Songdog at 8:31 PM on May 30, 2006

Response by poster: It turned out I had cabled Ethernet in my room on the trip I mentioned, so I didn't have to futz around with WiFi. Now I'm home and still hacking away without success.
posted by Songdog at 10:31 AM on June 19, 2006

Response by poster: Update: I fixed it, but I'm sorry to say that I did so without ever fully understanding the problem. I used the System Restore function to go back to an earlier configuration. If I come to understand what happened I'll come back and flag the best answer, or add the explanation if it hasn't already been suggested. Thank you all for your advice!
posted by Songdog at 7:59 AM on August 2, 2006

Response by poster: Update again: The problem has recurred and this time a system restore does not help.
posted by Songdog at 4:57 PM on August 7, 2006

« Older A Marine who went to war, how to publish his...   |   OMG 21 Jump Street that show rocked!! LOL Newer »
This thread is closed to new comments.