MacOS Big Sur Macbook does not respond to ping on neither ethernet or WiFi

firewallNetworkping

I cannot ping my mac that is running macOS Big Sur 11.0.1
It seems to receive the ping packages but does not respond to them, and yes:

  • Firewall is off
  • I have tried turning stealth mode on and off
  • I have even reinstalled/restored the OS from recovery mode
  • They both have the same subnet mask 255.255.255.0

To check if I receive any packages I ran:

sudo tcpdump 'icmp[icmptype] = icmp-echo or icmp[icmptype] = icmp-echoreply'

When I ping the ethernet IP from my router (192.168.0.1 / 95.XX.XX.168) I get the following:

tcpdump: data link type PKTAP
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on pktap, link-type PKTAP (Apple DLT_PKTAP), capture size 262144 bytes
01:16:56.067149 IP 95.XX.XX.168 > 192.168.0.52: ICMP echo request, id 25956, seq 0, length 72
01:16:57.074797 IP 95.XX.XX.168 > 192.168.0.52: ICMP echo request, id 25956, seq 1, length 72
01:16:58.084733 IP 95.XX.XX.168 > 192.168.0.52: ICMP echo request, id 25956, seq 2, length 72

From the same router, I can ping my iPhone and it responds.

PING 192.168.0.80 (192.168.0.80) from 95.XX.XX.168: 64 data bytes
72 bytes from 192.168.0.80: seq=0 ttl=64 time=120.000 ms
72 bytes from 192.168.0.80: seq=1 ttl=64 time=130.000 ms
72 bytes from 192.168.0.80: seq=2 ttl=64 time=40.000 ms
--- 192.168.0.80 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max = 40.000/96.666/130.000 ms

And I can ping other machines from my macbook, for example, my iPhone:

ping -t 3 192.168.0.80
PING 192.168.0.80 (192.168.0.80): 56 data bytes
64 bytes from 192.168.0.80: icmp_seq=0 ttl=64 time=211.346 ms
64 bytes from 192.168.0.80: icmp_seq=1 ttl=64 time=961.203 ms
64 bytes from 192.168.0.80: icmp_seq=2 ttl=64 time=11.140 ms

--- 192.168.0.80 ping statistics ---
3 packets transmitted, 3 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 11.140/394.563/961.203/408.926 ms

And the tcpdump for it:

01:28:03.524898 IP 192.168.0.52 > 192.168.0.80: ICMP echo request, id 1288, seq 0, length 64
01:28:03.736146 IP 192.168.0.80 > 192.168.0.52: ICMP echo reply, id 1288, seq 0, length 64
01:28:04.529410 IP 192.168.0.52 > 192.168.0.80: ICMP echo request, id 1288, seq 1, length 64
01:28:05.490506 IP 192.168.0.80 > 192.168.0.52: ICMP echo reply, id 1288, seq 1, length 64
01:28:05.529564 IP 192.168.0.52 > 192.168.0.80: ICMP echo request, id 1288, seq 2, length 64
01:28:05.540622 IP 192.168.0.80 > 192.168.0.52: ICMP echo reply, id 1288, seq 2, length 64

On the other hand, when I ping my macbook from my iPhone:

PING 192.168.0.52 (192.168.0.52)
Request timeout for icmp_seq 0
Request timeout for icmp_seq 1
Request timeout for icmp_seq 2
Request timeout for icmp_seq 3
Request timeout for icmp_seq 4
Request timeout for icmp_seq 5
Request timeout for icmp_seq 6
Request timeout for icmp_seq 7
--- 192.168.0.52 ping statistics ---
9 packets transmitted, 0 packets received, lost 100.0 %

But the macbook seems to receive them, only it doesn't respond:

01:25:54.267776 IP 192.168.0.80 > 192.168.0.52: ICMP echo request, id 12, seq 0, length 24
01:25:56.269888 IP 192.168.0.80 > 192.168.0.52: ICMP echo request, id 12, seq 1, length 24
01:25:58.261587 IP 192.168.0.80 > 192.168.0.52: ICMP echo request, id 12, seq 2, length 24
01:26:00.270944 IP 192.168.0.80 > 192.168.0.52: ICMP echo request, id 12, seq 3, length 24
01:26:02.269110 IP 192.168.0.80 > 192.168.0.52: ICMP echo request, id 12, seq 4, length 24
01:26:04.266884 IP 192.168.0.80 > 192.168.0.52: ICMP echo request, id 12, seq 5, length 24
01:26:06.264448 IP 192.168.0.80 > 192.168.0.52: ICMP echo request, id 12, seq 6, length 24
01:26:08.266868 IP 192.168.0.80 > 192.168.0.52: ICMP echo request, id 12, seq 7, length 24
01:26:10.264863 IP 192.168.0.80 > 192.168.0.52: ICMP echo request, id 12, seq 8, length 24

There doesn't seem to be any firewall rules on my machine after running sudo pfctl -s all:

No ALTQ support in kernel
ALTQ related functions disabled
TRANSLATION RULES:
nat-anchor "com.apple/*" all
rdr-anchor "com.apple/*" all

FILTER RULES:
scrub-anchor "com.apple/*" all fragment reassemble
anchor "com.apple/*" all

DUMMYNET RULES:
dummynet-anchor "com.apple/*" all

INFO:
Status: Disabled                              Debug: Urgent

State Table                          Total             Rate
  current entries                        0               
  searches                               0            0.0/s
  inserts                                0            0.0/s
  removals                               0            0.0/s
Counters
  match                                  0            0.0/s
  bad-offset                             0            0.0/s
  fragment                               0            0.0/s
  short                                  0            0.0/s
  normalize                              0            0.0/s
  memory                                 0            0.0/s
  bad-timestamp                          0            0.0/s
  congestion                             0            0.0/s
  ip-option                              0            0.0/s
  proto-cksum                            0            0.0/s
  state-mismatch                         0            0.0/s
  state-insert                           0            0.0/s
  state-limit                            0            0.0/s
  src-limit                              0            0.0/s
  synproxy                               0            0.0/s
  dummynet                               0            0.0/s

TIMEOUTS:
tcp.first                   120s
tcp.opening                  30s
tcp.established           86400s
tcp.closing                 900s
tcp.finwait                  45s
tcp.closed                   90s
tcp.tsdiff                   30s
udp.first                    60s
udp.single                   30s
udp.multiple                 60s
icmp.first                   20s
icmp.error                   10s
grev1.first                 120s
grev1.initiating             30s
grev1.estblished           1800s
esp.first                   120s
esp.estblished              900s
other.first                  60s
other.single                 30s
other.multiple               60s
frag                         30s
interval                     10s
adaptive.start             6000 states
adaptive.end              12000 states
src.track                     0s

LIMITS:
states        hard limit    10000
app-states    hard limit    10000
src-nodes     hard limit    10000
frags         hard limit     5000
tables        hard limit     1000
table-entries hard limit   200000

OS FINGERPRINTS:
696 fingerprints loaded

And my ifconfig looks like this:

ifconfig -a
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> mtu 16384
    options=1203<RXCSUM,TXCSUM,TXSTATUS,SW_TIMESTAMP>
    inet 127.0.0.1 netmask 0xff000000 
    inet6 ::1 prefixlen 128 
    inet6 fe80::1%lo0 prefixlen 64 scopeid 0x1 
    nd6 options=201<PERFORMNUD,DAD>
gif0: flags=8010<POINTOPOINT,MULTICAST> mtu 1280
stf0: flags=0<> mtu 1280
en5: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    ether ac:de:48:00:11:22 
    inet6 fe80::aede:48ff:fe00:1122%en5 prefixlen 64 scopeid 0x4 
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect (100baseTX <full-duplex>)
    status: active
ap1: flags=8802<BROADCAST,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether 3a:f9:d3:83:18:e6 
    media: autoselect
    status: inactive
en0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether 38:f9:d3:83:18:e6 
    inet6 fe80::14f2:ebf3:1101:67bc%en0 prefixlen 64 secured scopeid 0x6 
    inet 192.168.0.124 netmask 0xffffff00 broadcast 192.168.0.255
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
awdl0: flags=8943<UP,BROADCAST,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether 7a:88:46:2c:f0:b2 
    inet6 fe80::7888:46ff:fe2c:f0b2%awdl0 prefixlen 64 scopeid 0x7 
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
llw0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=400<CHANNEL_IO>
    ether 7a:88:46:2c:f0:b2 
    inet6 fe80::7888:46ff:fe2c:f0b2%llw0 prefixlen 64 scopeid 0x8 
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect
    status: active
en3: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=460<TSO4,TSO6,CHANNEL_IO>
    ether 82:53:be:a4:44:05 
    media: autoselect <full-duplex>
    status: inactive
en4: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=460<TSO4,TSO6,CHANNEL_IO>
    ether 82:53:be:a4:44:04 
    media: autoselect <full-duplex>
    status: inactive
en1: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=460<TSO4,TSO6,CHANNEL_IO>
    ether 82:53:be:a4:44:01 
    media: autoselect <full-duplex>
    status: inactive
en2: flags=8963<UP,BROADCAST,SMART,RUNNING,PROMISC,SIMPLEX,MULTICAST> mtu 1500
    options=460<TSO4,TSO6,CHANNEL_IO>
    ether 82:53:be:a4:44:00 
    media: autoselect <full-duplex>
    status: inactive
en7: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=6467<RXCSUM,TXCSUM,VLAN_MTU,TSO4,TSO6,CHANNEL_IO,PARTIAL_CSUM,ZEROINVERT_CSUM>
    ether 48:65:ee:1d:59:23 
    inet6 fe80::1caa:45bf:3aec:20de%en7 prefixlen 64 secured scopeid 0xd 
    inet 192.168.0.52 netmask 0xffffff00 broadcast 192.168.0.255
    nd6 options=201<PERFORMNUD,DAD>
    media: autoselect (100baseTX <full-duplex>)
    status: active
bridge0: flags=8863<UP,BROADCAST,SMART,RUNNING,SIMPLEX,MULTICAST> mtu 1500
    options=63<RXCSUM,TXCSUM,TSO4,TSO6>
    ether 82:53:be:a4:44:01 
    Configuration:
        id 0:0:0:0:0:0 priority 0 hellotime 0 fwddelay 0
        maxage 0 holdcnt 0 proto stp maxaddr 100 timeout 1200
        root id 0:0:0:0:0:0 priority 0 ifcost 0 port 0
        ipfilter disabled flags 0x0
    member: en1 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 11 priority 0 path cost 0
    member: en2 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 12 priority 0 path cost 0
    member: en3 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 9 priority 0 path cost 0
    member: en4 flags=3<LEARNING,DISCOVER>
            ifmaxaddr 0 port 10 priority 0 path cost 0
    nd6 options=201<PERFORMNUD,DAD>
    media: <unknown type>
    status: inactive
utun0: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::60fa:19f1:c750:5337%utun0 prefixlen 64 scopeid 0xf 
    nd6 options=201<PERFORMNUD,DAD>
utun1: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 2000
    inet6 fe80::49fb:f35f:566c:6246%utun1 prefixlen 64 scopeid 0x10 
    nd6 options=201<PERFORMNUD,DAD>
pktap0: flags=1<UP> mtu 0
utun2: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::7d94:7b40:79c1:a260%utun2 prefixlen 64 scopeid 0x12 
    nd6 options=201<PERFORMNUD,DAD>
utun3: flags=8051<UP,POINTOPOINT,RUNNING,MULTICAST> mtu 1380
    inet6 fe80::7e34:be6:af87:77b2%utun3 prefixlen 64 scopeid 0x13 
    nd6 options=201<PERFORMNUD,DAD>

Any ideas what should I look into?
Thanks!

Best Answer

Checkpoint Endpoint Security VPN does block this as noted. Their explanation (from the web site) is that they include a built-in firewall because the VPN connection can have firewall rules that are defined by the VPN site administrator.

Another note - The Checkpoint VPN is compatible with 10.15 Catalina and 11.0 Big Sur. When you install it, you MUST go to the System Preferences->Privacy and allow their extensions. Then reboot before trying to use it.

Note on the previous answer - launchctl changed in newer MacOS releases. Previously, you could edit the *.plist file and change the RunAtLoad and KeepAlive directly. But this is no longer recommended. Instead, you should use launchctl to set the status to enable or For example: launchctl disable system/com.checkpoint.epc.service

To list services available, use the print system or print user or print gui options: launchctl print system

launchctl print gui/501 ### Where 501 is the User UID number, 501 is the first account created.

launchctl print login/myname ### Where byname is the User login name

Related Question