Wireshark-users: Re: [Wireshark-users] How to find the application sending a namerequest?

From: "Jack Daniel" <jdaniel@xxxxxxxxxxxxxxxxxxxxx>
Date: Tue, 31 Oct 2006 06:59:38 -0500
I have not reliably come up with a solution, but I believe you have nailed the core of the problem-

>Perhaps windows previously accessed a network location
>that has become unavailable.

If Windows "sees" a share or other resource, it remembers it and keeps looking long after you would expect it to give up.  Flushing every name cache (netbios, WINS, DNS, etc.) may help, but usually doesn't.  If you remember to un-map drives before removing a device from the network before it is disconnected it will help minimize the problem- but that's not always realistic.

Jack



---------- Original Message ----------------------------------
From: Seymour Dupa <grumpy_44134@xxxxxxxxx>
Reply-To: Community support list for Wireshark <wireshark-users@xxxxxxxxxxxxx>
Date:  Sun, 29 Oct 2006 17:05:00 -0800 (PST)

>Something similar (but not network related) happens to
>me.
>I will use a file from my A: drive.  I finish using
>the floppy and remove it.  In explorer, the A: is
>still highlighted/selected/reverse video.  When I
>click on a C: drive file or folder, I get an A: drive
>(Please insert a disk into drive A:) error sometimes. 
>
>Even though I don't want the floppy anymore, windows
>tries to access it before going to where I clicked.
>Perhaps windows previously accessed a network location
>that has become unavailable.
>
>John
>
>--- Bob Frottner <frotty22@xxxxxxxxx> wrote:
>
>> Thanks again, Jim!
>> 
>> It is indeed my own PC sending these name requests
>> (but it seems like most of the computers of my
>> colleagues are set up like this). Thus, I have to
>> find out which application or service is doing that.
>> 
>> I have tried out all service which could potentially
>> be the culprits but without success.
>> 
>> I describe the annoying behavior again, which makes
>> me doing this:
>> Whenever one tries to open a file or right click on
>> it, it takes like 10-20 seconds before something
>> happens. I noticed that right after the event there
>> is a lot of network activity. 
>> Using Wireshark I found that some application or
>> service is sending name requests regarding a server
>> which does not exist any more through the DNS
>> service. There are also request via netbios NBNS.
>> Now I need to know the application or service which
>> in whose name DNS searches for the name resolution.
>> 
>> I've also searched the registry in hope that there
>> is some entry containing that old servers name but
>> also without success.
>> 
>> If somebody has another idea about this, please let
>> me know!
>> 
>> Many thanks,
>>   Bob
>> 
>>  __________________________________________________
>> Do You Yahoo!?
>> Tired of spam?  Yahoo! Mail has the best spam
>> protection around 
>> http://mail.yahoo.com >
>_______________________________________________
>> Wireshark-users mailing list
>> Wireshark-users@xxxxxxxxxxxxx
>>
>http://www.wireshark.org/mailman/listinfo/wireshark-users
>> 
>
>
>Endings must come
>before new beginnings.
>_______________________________________________
>Wireshark-users mailing list
>Wireshark-users@xxxxxxxxxxxxx
>http://www.wireshark.org/mailman/listinfo/wireshark-users
>
 




________________________________________________________________
Sent via the WebMail system at mail.voodooelectronics.com