Wireshark-users: Re: [Wireshark-users] DNS Working but can't connect to anything

From: staedtlerx <staedtlerx@xxxxxxxxx>
Date: Sun, 25 Jan 2009 18:33:11 -0500
@Sake: Yes, I always tested with all other adapters disabled. I will try to send capture info. Are attachments koshers here or should I upload it somewhere?

@Frank:: I will look into this, thank you

@John: It does seems like that and I know that firewalls can target specific network adapters but I don't have any firewall running that I know of. I've tested in safe mode as well, which would hopefully disable any firewalls. But AFAICT, I've disabled anything that might be acting as a firewall.



On Sun, Jan 25, 2009 at 5:34 PM, John Mason Jr <john.mason.jr@xxxxxxx> wrote:
staedtlerx wrote:
> Hello All,
>
> I thank you ahead of time if you read all this - I'm having a very
> strange network problem and someone recommended Wireshark for
> debugging it - and it's quite amazing! It's provided some insight but
> I am not that familiar with low-level TCP/IP stuff so I don't know
> what to make of it all. I was hoping someone could provide some more
> insight or any hints for further debugging.
>
> I am using a Sony Vaio Laptop with Windows XP SP2. It has internal
> WiFi, which works fine; Goes on the internet, etc. I'm sending this
> email with it right now. I have 4 other ways of connecting the laptop
> to the internet: 2 PCMCIA wifi cards and 2 wired ethernet connections.
> These 4 other connections all behave exactly the same: They *appear*
> to not have DNS (more on that later) and and they cannot access any
> remove server by hostname. They CAN access any remote server by IP
> address e.g. can browse to http://74.125.45.100 but not
> http://google.com. However, they CAN access remote server by name if I
> put an entry in my hosts file. This would lead most people to believe
> that my DNS is not working correctly. I also get "Ping request could
> not find host" when trying to ping a hostname. Again, would make you
> think DNS was not working. However, the problem is not that simple.
> All 5 connections have the same gateway, dns, etc - yet the internal
> wifi works and the 4 others don't. I've tried every sort of winsock
> reset, reinstalling, dns cache clearing, etc. I've tried driver
> upgrades, downgrades, etc. I've tried everything in safe mode. I've
> tried connecting my laptop to my cable modem directly and I've also
> tried through my Wifi router. The problem definitely lies within my
> Windows software - not hardware, router, firewall, or ISP. The monkey
> wrench is that I have the one internal wifi connection thats works!
>
> Now, more on the part about *appearing* not to have DNS: I figured
> something, somewhere, was messing with my DNS (lord knows why on only
> 4/5 connections). This is when I got Wireshark for some deeper
> insight. Snooping with Wireshark, I can see that hostnames actually DO
> resolve to their IP. I can see a response from my gateway with the IP
> address then I get an ICMP failure "Destination Unreachable":
>
> 192.168.0.2 -> 192.168.0.1 - DNS Standard query A google.com
> <http://google.com>
> 192.168.0.1 -> 192.168.0.2 - DNS Standard query response A
> 72.14.205.100 A 74.125.45.100 A 209.85.171.100
> 192.168.0.2 -> 192.168.0.1 - ICMP Destination unreachable (Port
> unreachable)
>
> Stange thing is that when pining, it shows no sign of the hostname
> ever getting resolved:
>
> c:\>ping google.com <http://google.com>
> Ping request could not find host google.com <http://google.com>.
> Please check the name and try again.
>
>
> When pinging from the WORKING connection, instead of the ICMP failure,
> I get:
>
> 192.168.0.2 -> 192.168.0.1 - DNS Standard query A google.com
> <http://google.com>
> 192.168.0.1 -> 192.168.0.2 - DNS Standard query response A
> 72.14.205.100 A 74.125.45.100 A 209.85.171.100
> 192.168.0.2 -> 72.14.205.100 - ICMP Echo (ping) request
> etc
>
>
> I'm looking for insight into what "Destination unreachable" means
> exactly, where the message from (laptop or remote host), and leads on
> more research.
> ANY insight would be most helpful. However, please skip over the basic
> "ipconfig" debugging please - I've been going through that for over a
> week.
>
> Thank you!
>
Looks like a firewall  is blocking the response from the gateway

John

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe