If you are a person managing or using systems running Windows Operating Systems, you would know that starting from Windows XP, Microsoft has provided built in firewall and is by default enabled blocking ICMP response to PING. Though blocking PING response is considered a security best practice when connected to network, it is a general practice by many SysAdmins to disable Windows Firewall whenever a system is built, leaving it vulnerable with all ports open.
Today we will see how to enable ICMP response on Windows machines without disabling firewall.
From Command Line
On Windows 7 and Windows 2008 R2 run the following command to enable ICMP response without disabling the firewall
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request – ICMPv4-In)" new enable=yes
If you ever want to disable ICMP response run below command
netsh advfirewall firewall set rule name="File and Printer Sharing (Echo Request – ICMPv4-In)" new enable=no
Refer screenshot below for output from both the commands
Using Graphical User Interface (GUI)
Open Windows Firewall with Advanced Security, click on Inbound Rules in the left hand side pane, scroll down and enable rules named File and Printer Sharing (Echo Request – ICMPv4-IN)
Follow anyone of the 4 methods below to open Windows Firewall with Advanced Settings management console (Method 4 is fastest of all)
Method 1 – If Control Panel View is set as Small or Large icons
Start –> Control Panel –> Windows Firewall –> Advanced Settings
Method 2 – If Control Panel view is set as Category
Start –> Control Panel –> System and Security –> Windows Firewall –> Advanced Settings
Method 3 – If using Windows Search
Start –> Type Windows Firewall –> Select Windows Firewall with Advanced Security from seach results
Method 4 – Launch directly from Run
Start –> Run –> wf.msc
Windows + R –> wf.msc
PING acronym for Packet Internet or Inter-Network Groper is used for troubleshooting network related issues and works by sending an Internet Control Message Protocol (ICMP) Echo Request to a specified interface on the network and waiting for a reply.