I have recently downloaded Ethereal in the hope that I can use it to
diagnose a problem I'm having on my Windows NT 4.0 network. I have a
bridged network of about 100 PCs. My Internet connection is a T-1 line and
a Cisco PIX firewall sits between outside router and my Cisco Catalyst
Ethernet switch. I would like to ask if you could tell me what to look for
in order to troubleshoot the following specific problem.
Several times a week, my Microsoft DNS Server service stops functioning
properly, resulting in my users being unable to access the Internet via our
LAN. When I look at the DNS Manager applet, I see that the DNS service is
receiving more UDP queries than it can respond to. The display shows
"Udpqueries" to be some number that is always higher than the
"Udpresponses."
Right now I solve the problem by stopping the Microsoft DNS service for
about 5 minutes and then restarting it. The 5 minute pause is required or
else the problem picks right back up when I restart the service. These
periods of dysfunction seem to me almost like a denial of service attack on
my DNS server. I do not have any viruses on my LAN and I cannot figure out
where these UPD requests are coming from.
I would like to use Ethereal to determine where the abnormally high number
of UDP queries are coming from during these episodes.
I have never used a packet analyzer before, but I would like to learn and I
do pick up technical concepts very quickly. If you could help me use this
tool to troubleshoot this very specific problem it would both assist me in
finding the problem and jumpstart my learning regarding how Ethereal can be
used for network analysis.
Thank you.
-Chad