Wireshark-users: Re: [Wireshark-users] DNS Working but can't connect to anything

From: Wes <wes_r@xxxxxxxxx>
Date: Sun, 25 Jan 2009 12:56:15 -0800 (PST)
Because of the ICMP Port Unreachable message, this indicates the response is never making it to the DNS software in your computer (or that software is rejecting it for some reason. It is either being blocked (firewall or something) or the DNS software is giving up on a response and closing the port prior to receiving the response. Check the time between the Request and Response to see if it's excessive.

Also, look at the source port of the Query and make sure the destination port of the response is the same.

If you have any type of firewall, you could try disabling it as a test...

Another thing you can try is on you gateway router, see if there is a DNS pass-through or DNS proxy type of config that you can enable or disable.

As always, if you could include a small portion of the trace, it's usually helpful.

Wes


--- On Sun, 1/25/09, staedtlerx <staedtlerx@xxxxxxxxx> wrote:

> From: staedtlerx <staedtlerx@xxxxxxxxx>
> Subject: [Wireshark-users] DNS Working but can't connect to anything
> To: wireshark-users@xxxxxxxxxxxxx
> Date: Sunday, January 25, 2009, 3:04 PM
> Hello All,
> 
> I thank you ahead of time if you read all this - I'm
> having a very strange
> network problem and someone recommended Wireshark for
> debugging it - and
> it's quite amazing! It's provided some insight but
> I am not that familiar
> with low-level TCP/IP stuff so I don't know what to
> make of it all. I was
> hoping someone could provide some more insight or any hints
> for further
> debugging.
> 
> I am using a Sony Vaio Laptop with Windows XP SP2. It has
> internal WiFi,
> which works fine; Goes on the internet, etc. I'm
> sending this email with it
> right now. I have 4 other ways of connecting the laptop to
> the internet: 2
> PCMCIA wifi cards and 2 wired ethernet connections. These 4
> other
> connections all behave exactly the same: They *appear* to
> not have DNS (more
> on that later) and and they cannot access any remove server
> by hostname.
> They CAN access any remote server by IP address e.g. can
> browse to
> http://74.125.45.100 but not http://google.com. However,
> they CAN access
> remote server by name if I put an entry in my hosts file.
> This would lead
> most people to believe that my DNS is not working
> correctly. I also get
> "Ping request could not find host" when trying to
> ping a hostname. Again,
> would make you think DNS was not working. However, the
> problem is not that
> simple. All 5 connections have the same gateway, dns, etc -
> yet the internal
> wifi works and the 4 others don't. I've tried every
> sort of winsock reset,
> reinstalling, dns cache clearing, etc. I've tried
> driver upgrades,
> downgrades, etc. I've tried everything in safe mode.
> I've tried connecting
> my laptop to my cable modem directly and I've also
> tried through my Wifi
> router. The problem definitely lies within my Windows
> software - not
> hardware, router, firewall, or ISP. The monkey wrench is
> that I have the one
> internal wifi connection thats works!
> 
> Now, more on the part about *appearing* not to have DNS: I
> figured
> something, somewhere, was messing with my DNS (lord knows
> why on only 4/5
> connections). This is when I got Wireshark for some deeper
> insight. Snooping
> with Wireshark, I can see that hostnames actually DO
> resolve to their IP. I
> can see a response from my gateway with the IP address then
> I get an ICMP
> failure "Destination Unreachable":
> 
> 192.168.0.2 -> 192.168.0.1 - DNS Standard query A
> google.com
> 192.168.0.1 -> 192.168.0.2 - DNS Standard query response
> A 72.14.205.100 A
> 74.125.45.100 A 209.85.171.100
> 192.168.0.2 -> 192.168.0.1 - ICMP Destination
> unreachable (Port unreachable)
> 
> Stange thing is that when pining, it shows no sign of the
> hostname ever
> getting resolved:
> 
> c:\>ping google.com
> Ping request could not find host google.com. Please check
> the name and try
> again.
> 
> 
> When pinging from the WORKING connection, instead of the
> ICMP failure, I
> get:
> 
> 192.168.0.2 -> 192.168.0.1 - DNS Standard query A
> google.com
> 192.168.0.1 -> 192.168.0.2 - DNS Standard query response
> A 72.14.205.100 A
> 74.125.45.100 A 209.85.171.100
> 192.168.0.2 -> 72.14.205.100 - ICMP Echo (ping) request
> etc
> 
> 
> I'm looking for insight into what "Destination
> unreachable" means exactly,
> where the message from (laptop or remote host), and leads
> on more research.
> ANY insight would be most helpful. However, please skip
> over the basic
> "ipconfig" debugging please - I've been going
> through that for over a week.
> 
> Thank you!
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list
> <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe:
> https://wireshark.org/mailman/options/wireshark-users
>             
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe