Wireshark-users: Re: [Wireshark-users] DNS Working but can't connect to anything

From: Satish Chandra <satishchandracms@xxxxxxxxx>
Date: Tue, 27 Jan 2009 12:40:30 +0530
Hi,

The error "ICMP Destination unreachable (Port unreachable)" means that the machine is not having a listening port for that particular message.

First of all check whether the interface you are trying to use is UP or not. From your email it seems you are hardcoding the IP address, please check the DNS configurations and subnet configurations for each of the interfaces. Configure both same as the configurations you have on the working wifi interface. Lastly, please check the configurations of Windows firewall. You can even try for a while by disabling the windows firewall.

Thanks Regards,
Satish

On Mon, Jan 26, 2009 at 1:34 AM, staedtlerx <staedtlerx@xxxxxxxxx> wrote:
Hello All,

I thank you ahead of time if you read all this - I'm having a very strange network problem and someone recommended Wireshark for debugging it - and it's quite amazing! It's provided some insight but I am not that familiar with low-level TCP/IP stuff so I don't know what to make of it all. I was hoping someone could provide some more insight or any hints for further debugging.

I am using a Sony Vaio Laptop with Windows XP SP2. It has internal WiFi, which works fine; Goes on the internet, etc. I'm sending this email with it right now. I have 4 other ways of connecting the laptop to the internet: 2 PCMCIA wifi cards and 2 wired ethernet connections. These 4 other connections all behave exactly the same: They *appear* to not have DNS (more on that later) and and they cannot access any remove server by hostname. They CAN access any remote server by IP address e.g. can browse to http://74.125.45.100 but not http://google.com. However, they CAN access remote server by name if I put an entry in my hosts file. This would lead most people to believe that my DNS is not working correctly. I also get "Ping request could not find host" when trying to ping a hostname. Again, would make you think DNS was not working. However, the problem is not that simple. All 5 connections have the same gateway, dns, etc - yet the internal wifi works and the 4 others don't. I've tried every sort of winsock reset, reinstalling, dns cache clearing, etc. I've tried driver upgrades, downgrades, etc. I've tried everything in safe mode. I've tried connecting my laptop to my cable modem directly and I've also tried through my Wifi router. The problem definitely lies within my Windows software - not hardware, router, firewall, or ISP. The monkey wrench is that I have the one internal wifi connection thats works!

Now, more on the part about *appearing* not to have DNS: I figured something, somewhere, was messing with my DNS (lord knows why on only 4/5 connections). This is when I got Wireshark for some deeper insight. Snooping with Wireshark, I can see that hostnames actually DO resolve to their IP. I can see a response from my gateway with the IP address then I get an ICMP failure "Destination Unreachable":

192.168.0.2 -> 192.168.0.1 - DNS Standard query A google.com
192.168.0.1 -> 192.168.0.2 - DNS Standard query response A 72.14.205.100 A 74.125.45.100 A 209.85.171.100
192.168.0.2 -> 192.168.0.1 - ICMP Destination unreachable (Port unreachable)

Stange thing is that when pining, it shows no sign of the hostname ever getting resolved:

c:\>ping google.com
Ping request could not find host google.com. Please check the name and try again.


When pinging from the WORKING connection, instead of the ICMP failure, I get:

192.168.0.2 -> 192.168.0.1 - DNS Standard query A google.com
192.168.0.1 -> 192.168.0.2 - DNS Standard query response A 72.14.205.100 A 74.125.45.100 A 209.85.171.100
192.168.0.2 -> 72.14.205.100 - ICMP Echo (ping) request
etc


I'm looking for insight into what "Destination unreachable" means exactly, where the message from (laptop or remote host), and leads on more research.
ANY insight would be most helpful. However, please skip over the basic "ipconfig" debugging please - I've been going through that for over a week.

Thank you!


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe



--
Satish Chandra