Question

Has ping / tracert been blocked on 5g network?

  • 18 October 2022
  • 79 replies
  • 3913 views
S
Badge

Before yesterday (10/17/2022), I’ve always had a command prompt window (MS Windows) up running a constant ping at 3 second interval - so I can tell when the network starts to degrade or just stops responding (which has become very frequent in the last few months).

As of yesterday morning, both ping and tracert commands consistently fail.  As in no longer any response.  So it appears the ports used for those commands are now being blocked on the 5g network?  

I have a 5g phone on Tmobile, and I see the same result.  On 5g with hotspot turned on, with computer connected, ping and tracert fail 100%.  If I force the phone to use LTE and stay off 5g, ping and tracert start working again.  Don’t really understand why Tmobile would block such a basic network analysis command.

This is in downtown Scottsdale AZ.  As a sidenote, service on the 5g network degrades consistently  every day after about 8am, and usually is consistently bad all weekend long.  Works great before 8am most days.

79 replies

iTinkeralot
Rank
Userlevel 7
Badge +8

I am in east TN with the Nokia gateway and I ran a quick test with a Macbook Pro and a Linux client. With the Macbook Pro the pings have a significant delay where several request time out messages were reported prior to an actual response typically 140+ ms between responses. I went to a Linux client and did a forced ipv6 ping based upon a prior test. I get a similar response performing IPv6 and IPv4. Both have extreme delay times and are not very useful Of the forced 23 ipv6 ping packets 5 were received with a ~78% loss. So, yes it appears T-Mobile has jacked up the use of ICMP as a trouble shooting tool. 

Based upon the two tests I ran it appears pings with IPv4 fail much worse than IPv6 pings but the use of pings now is pretty much useless.

I fail to see why they feel this would be positive for users. Make it more difficult for users to identify potential issues so they are totally blind. It just makes calls to TMO support less productive when users with such basic knowledge cannot tell support what they do not see. 

R

Same here in Littlerock AR.  I am a Citrix Admin (Working remote 100% of the time); I always have the end user ping our NetScaler gateway to see that the response time is when they say their remote session is sluggish.

Now even I cannot get a reliable ping response, but I am still able to work remotely.

Seems like ICMP has been throttled.

Not good.

Might have to go back to SuddenLink.

Cannot use this connection if I cannot even ping a remote site.

On the bright side, a new ISP is coming to my area with fiber, still under construction but fingers crossed they are better than SuddenLink and Century Link

 

Example:

Pinging google.com [142.250.72.46] with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Reply from 142.250.72.46: bytes=32 time=117ms TTL=110
Request timed out.
Request timed out.
Request timed out.

 

With all the Request time outs, my Internet is fine.

 

If I RDP into a computer at work and ping a remote site, I get great ping responses.

 

M

I noticed about 4 days ago that most pings now fail.  If I do a continuous ping(-t) roughly 1 in 20 gets a response, and all are over 100 ms.  Using pinginfoview, I can set the port it uses, and they work.

 

TMobile needs to fix this.  Lots of people use ping to check connectivity, and it’s just going to make them look bad.

iTinkeralot
Rank
Userlevel 7
Badge +8

Testing with a Garuda Linux client with a verbose ping to 8.8.8.8 currently it runs with roughly 100 ms latency but out of 43 packets sent 13 received responses so roughly 70% packet loss. Running a speedtest I am still obtaining 275-300 down and meh… 21 mbps upload so the bandwidth is there but the ICMP traffic is impaired or throttled. I sort of suspect it has something to do with throttling for one reason or another. I suppose it may be related to changes with the CGNAT solution but probably a throttling of the traffic. Testing with a MacBook Pro via a thunderbolt to ethernet adapter the response times are worse than with either of the Linux clients I have used but still bad either way. 

traceroute to 8.8.8.8 (8.8.8.8), 64 hops max, 52 byte packets

1  www.webgui.nokiawifi.com (192.168.12.1)  2.145 ms  0.376 ms  0.279 ms

2  192.0.0.1 (192.0.0.1)  0.533 ms  0.698 ms  0.449 ms

3  * 192.0.0.1 (192.0.0.1)  27.721 ms  29.890 ms

4  * * 192.0.0.1 (192.0.0.1)  35.968 ms

5  192.0.0.1 (192.0.0.1)  30.243 ms *  46.172 ms

6  * * *

7  * * *

8  * * *

9  * * *

10  10.164.162.176 (10.164.162.176)  509.603 ms * *

11  * * *

12  * * *

13  * * *

14  * * *

15  * * *

16  *^C

Pretty clear it is useless without using a VPN.

S
Badge

Found out after doing a factory reset (arcadyan version) today, that the ability to separate the 2.4ghz and 5ghz bands into separate SSIDs has been removed from the webGui (192.168.12.1).   Seems odd they would remove that ability from the user.

iTinkeralot
Rank
Userlevel 7
Badge +8

Now the Arcadyan and also the Sagemcon gateway both require the T-Mobile home internet mobile application ONLY for administrative management as the go to. It is the go forward T-Mobile seems to have decided upon. Probably due to cost reductions for device code development and etc… It does not feel like an improvement for the end user. 

I
Userlevel 1

Yes, as of my post it seems T-Mobile is actively blocking Ping, Tracert, Traceroute and ICMP in addition if they do go through at all, they are deprioritized to the point that they are not effective to use in any capacity.

This sucks really bad... 

I use multiple uplinks and depending on the RTT, RTTSD, Loss it switches providers to balance connections across them… 

This behavior from the ISP breaks tons of functions as well as my link down failover automations. I hope T-Mobile realizes that ping and tracert/tracroute are 1000% necessary for proper network management and trouble shooting.

 

Verizon and AT&T don't have this problem of blocking pings, it is a T-Mobile specific issue and really makes the brand look cheap and the network mismanaged. 

You can have a secure network without blocking normal and essential network tools that have existed since before I was born.

iTinkeralot
Rank
Userlevel 7
Badge +8

Ping and Trace Route both leverage ICMP to function so it just makes sense that both fail. I would guess with a VPN open both would work fine. It is hard to say what T-Mobile will do next with their solution. I have been getting more apprehensive since the gateway has now transitioned from the n71 to the n41 frequency. I have seen so many reports of users on the n41 where the throttling T-Mobile does pretty much cripples the cell beyond use. The prioritization for mobile handsets over the home gateways and the extra client loading in the urban locations just seems to be a bad mess. On the bright side my speeds have doubled or better on downloads much of the time. 

Choking the ICMP traffic as they have makes no sense to me. Bad move. I used ports 8080 and 443 pinging and it still behaves the same. It looks like they just throttled ICMP to death. For users that do much more than check email, browser the web, or stream a few select services they will eventually jump ship and get another solution that is more reliable and capable.

W

My ping to google.com works fine via Mac Terminal. I’m in Los Angeles.

 

PING google.com (142.250.72.238): 56 data bytes
64 bytes from 142.250.72.238: icmp_seq=0 ttl=50 time=21.246 ms
64 bytes from 142.250.72.238: icmp_seq=1 ttl=50 time=24.115 ms
64 bytes from 142.250.72.238: icmp_seq=2 ttl=50 time=23.327 ms
64 bytes from 142.250.72.238: icmp_seq=3 ttl=50 time=49.096 ms

And this is my speed test:

 

iTinkeralot
Rank
Userlevel 7
Badge +8

So maybe in some locations it works but in others zip. You are among the fortunate. Nice download speed. You must be close in on an n41 frequency. I am on n41 but best I have seen is ~400 down.

ping google.com

PING google.com (108.177.122.138): 56 data bytes

Request timeout for icmp_seq 0

Request timeout for icmp_seq 1

Request timeout for icmp_seq 2

Request timeout for icmp_seq 3

Request timeout for icmp_seq 4

64 bytes from 108.177.122.138: icmp_seq=5 ttl=102 time=146.403 ms

Request timeout for icmp_seq 6

Request timeout for icmp_seq 7

Request timeout for icmp_seq 8

Request timeout for icmp_seq 9

64 bytes from 108.177.122.138: icmp_seq=10 ttl=102 time=76.933 ms

64 bytes from 108.177.122.138: icmp_seq=11 ttl=102 time=114.437 ms

Request timeout for icmp_seq 12

Request timeout for icmp_seq 13

Request timeout for icmp_seq 14

64 bytes from 108.177.122.138: icmp_seq=15 ttl=102 time=129.560 ms

Request timeout for icmp_seq 16

64 bytes from 108.177.122.138: icmp_seq=17 ttl=102 time=104.947 ms

Request timeout for icmp_seq 18

Request timeout for icmp_seq 19

Request timeout for icmp_seq 20

Request timeout for icmp_seq 21

Request timeout for icmp_seq 22…

--- google.com ping statistics ---

49 packets transmitted, 10 packets received, 79.6% packet loss

round-trip min/avg/max/stddev = 76.933/110.130/146.403/22.334 ms

iTinkeralot
Rank
Userlevel 7
Badge +8

--- 142.250.72.238 ping statistics ---

55 packets transmitted, 4 packets received, 92.7% packet loss

round-trip min/avg/max/stddev = 129.473/154.139/168.004/14.654 ms

Pinging from terminal on MacBook Pro through the Nokia gateway via n41 frequency

B66 on primary and n41 on secondary 

Traffic is heavier tonight so speeds are down a bit but not bad. 

Not sure what is going on with the ICMP as it is pretty useless here.

J

ICMP is all but obliterated in Queen Creek AZ. Trace route and ping can’t be used starting 10/17/22. 

B

ICMP is not working in Appleton, WI either.

 

ping 1.1.1.1 -n 10

Pinging 1.1.1.1 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 1.1.1.1:
    Packets: Sent = 10, Received = 0, Lost = 10 (100% loss),

 

This might be a deal breaker.  Hopefully, T-Mobile gets this working again.

iTinkeralot
Rank
Userlevel 7
Badge +8

You should be able to trace route to it but not be able to ping it. 

iTinkeralot
Rank
Userlevel 7
Badge +8

That is assuming trace route is working in your location. Recently ping and trace route have been problematic for users in a number of locations over the T-Mobile CGNAT solution. 

P

Other than phone call, which does not get anyone high enough up the technical food chain, is there another way to contact t-mobile to complain about blocking of ICMP?

 

iTinkeralot
Rank
Userlevel 7
Badge +8

It is doubtful you will find someone invested in that. Really serious users will use a VPN solution and avoid the port forwarding issues. Being able to use trace routing or the ping utility to troubleshoot is helpful but I guess T-Mobile is not after the serious technical users. It will just result in more calls to customer support which probably will provide little traction on the problems most of the time. If it garners a lot of negative press that might have an influence but the bulk of the users probably don’t have a clue what ping or trace route is. As long as the solution is up and running properly it is not often I go there. 

P

My primary beef (the only one actually) is the loss of ping packets.

We will be using these devices as failover internet connections.

What I’ve observed is up to 90% packet loss with ICMP.

At that rate, it will continue to see that as a loss of internet connectivity when it is actually fine.

iTinkeralot
Rank
Userlevel 7
Badge +8

I can understand that. Another user was using the T-Mobile solution as a back up and doing a similar tactic with his negate firewall. In order to insure the failover could take place he had to disable the ping processing. When the Starlink fell it still transitioned to the backup. I don’t mean to lessen the importance of being able to have ICMP packets passed. I have seen the excessive loss and latency of the ICMP responses to 150 ms or more so I get it. 

I just don’t think T-Mobile will be invested in resolving it right away. It is hard to tell how extensive the behavior is but it is generating some noise. Maybe with lots more noise they will pay attention.

B
Badge

I’m in Gulf shores, AL.  Having the same issue as others, not get a ping back.

 

Spent over an hour with T-Mobile tech support and at one pint was told there is no way to turn off ping blocking on the gateway.  My problem started just a few days ago also.  Had worked fine for months.  Except for this have had zero issues and getting 350+ down and 65+ up.

J
Userlevel 1

Having same problem as others, in OC NY. Using TMHI as secondary WAN, with opnsense cluster behind it. Use ICMP to detect gateway outage. 

 

Got a sagemcom modem a week & a half ago, integrated it into my network. Worked fine for a day or two, then suddenly couldn't ping through it. Didn't take metrics; figured something went sideways & that 611 would make it right. Tech support swore up & down that they didn't block ICMP, that it must be "a problem with my computer, and that I should contact my computer manufacturer about ICMP issues." (That would be pcengines & freebsd; they're not the problem.)

 

Sent me a new modem (another sagemcom), again worked fine for a few days, then back to nope. Have switched the gateway monitor IP to that of the modem - not optimal, since it can only tell if the device is responding, not whether it's routing packets to the outside. 

 

Since both modems [briefly] worked as expected, it makes me think it's a firmware update that's causing the problem; whether it's a bug or a new policy, I can't say. Either that, or they took exception to my pings, though I would argue that 1pps isn't excessive. 

S

This is really bad. This breaks Microsoft Teams among other services I am sure. MS Teams requires ping to verify connectivity to work (pings teams.microsoft.com). If ping fails then Teams will go offline. 

Ping fails from my T-Mobile router gateway and from my T-Mobile phone. 

A

I’m seeing the same thing with my T-Mobile Home Internet.  Can’t ping out.

I’ve had decent experience so far except for some work VPN issues and gaming but blocking or deprioritizing ICMP until it’s not usable is kind of crazy.

Luckily, Verizon is turning up a brand new tower in my town next month with their 5GUW / C-Band gear.  They also support IP passthrough so your own router can have public IP address.

S

Yeah we have probably 5 users that have reported issues with Teams connecting since yesterday (probably started before on the weekend). After looking at it found they all have T-Mobile home internet. I also have T-Mobile home internet as a second ISP. Cox works fine, ping fails on T-Mobile. 

J

Here in the S.F. Bay Area I had a similar ping problem for about a week -- about 70-80% lost packets.  Starting two days ago, I’ve had no problems.  Tried half a dozen sites, all respond with 0% loss.  Hopefully the issue gets resolved where you’re at...

Reply


New badge winners

  • Curious George
    IshyHhas earned the badge Curious George
  • Curious George
    terabyte950has earned the badge Curious George
  • Curious George
    vrajguruhas earned the badge Curious George
  • Curious George
    mark11has earned the badge Curious George
  • Curious George
    Jadenchas earned the badge Curious George
Show all badges
Terms & Conditions