Ethereal-users: RE: [Ethereal-users] Using Ethereal to Troubleshoot DNS Server Problem
Chad,
Use a capture filter like: udp port 53. You can start a capture via the menu
by using Capture > Start. After stopping the trace ethereal lets you view
what has been captured, assuming that there is no display filter active,
which is at bottom of the screen. You'll find that ethereal dissects the dns
requests pretty well.
Maybe the following link is of interest to you:
http://support.microsoft.com/default.aspx?scid=kb;en-us;245646&Product=nts40
Regards,
Marco Rommelse
> -----Oorspronkelijk bericht-----
> Van: ethereal-users-bounces@xxxxxxxxxxxx [mailto:ethereal-users-
> bounces@xxxxxxxxxxxx] Namens Chad Holmes
> Verzonden: maandag 19 april 2004 21:35
> Aan: 'ethereal-users@xxxxxxxxxxxx'
> Onderwerp: [Ethereal-users] Using Ethereal to Troubleshoot DNS Server
> Problem
>
> I have recently downloaded Ethereal in the hope that I can use it to
> diagnose a problem I'm having on my Windows NT 4.0 network. I have a
> bridged network of about 100 PCs. My Internet connection is a T-1 line
> and
> a Cisco PIX firewall sits between outside router and my Cisco Catalyst
> Ethernet switch. I would like to ask if you could tell me what to look
> for
> in order to troubleshoot the following specific problem.
>
> Several times a week, my Microsoft DNS Server service stops functioning
> properly, resulting in my users being unable to access the Internet via
> our
> LAN. When I look at the DNS Manager applet, I see that the DNS service is
> receiving more UDP queries than it can respond to. The display shows
> "Udpqueries" to be some number that is always higher than the
> "Udpresponses."
>
> Right now I solve the problem by stopping the Microsoft DNS service for
> about 5 minutes and then restarting it. The 5 minute pause is required or
> else the problem picks right back up when I restart the service. These
> periods of dysfunction seem to me almost like a denial of service attack
> on
> my DNS server. I do not have any viruses on my LAN and I cannot figure
> out
> where these UPD requests are coming from.
>
> I would like to use Ethereal to determine where the abnormally high number
> of UDP queries are coming from during these episodes.
>
> I have never used a packet analyzer before, but I would like to learn and
> I
> do pick up technical concepts very quickly. If you could help me use this
> tool to troubleshoot this very specific problem it would both assist me in
> finding the problem and jumpstart my learning regarding how Ethereal can
> be
> used for network analysis.
>
> Thank you.
>
> -Chad
>
> _______________________________________________
> Ethereal-users mailing list
> Ethereal-users@xxxxxxxxxxxx
> http://www.ethereal.com/mailman/listinfo/ethereal-users