Ethereal-users: RE: [Ethereal-users] Using Ethereal to Troubleshoot DNS Server Pr oblem
As DNS can also run on top of TCP, I'd use 'port 53' for the capture filter
as this will match both TCP and UDP traffic over port 53 (the standard DNS
service port).
Regards,
Olivier
|-----Original Message-----
|From: Marco Rommelse
|
|Chad,
|
|Use a capture filter like: udp port 53. You can start a
|capture via the menu
|by using Capture > Start. After stopping the trace ethereal
|lets you view
|what has been captured, assuming that there is no display
|filter active,
|which is at bottom of the screen. You'll find that ethereal
|dissects the dns
|requests pretty well.
|
|Maybe the following link is of interest to you:
|http://support.microsoft.com/default.aspx?scid=kb;en-us;245646&
|Product=nts40
|
|Regards,
|Marco Rommelse
|
|
|> -----Oorspronkelijk bericht-----
|> Van: Chad Holmes
|>
|> I have recently downloaded Ethereal in the hope that I can use it to
|> diagnose a problem I'm having on my Windows NT 4.0 network. I have a
|> bridged network of about 100 PCs. My Internet connection is
|a T-1 line
|> and
|> a Cisco PIX firewall sits between outside router and my
|Cisco Catalyst
|> Ethernet switch. I would like to ask if you could tell me
|what to look
|> for
|> in order to troubleshoot the following specific problem.
|>
|> Several times a week, my Microsoft DNS Server service stops
|functioning
|> properly, resulting in my users being unable to access the
|Internet via
|> our
|> LAN. When I look at the DNS Manager applet, I see that the
|DNS service is
|> receiving more UDP queries than it can respond to. The display shows
|> "Udpqueries" to be some number that is always higher than the
|> "Udpresponses."
|>
|> Right now I solve the problem by stopping the Microsoft DNS
|service for
|> about 5 minutes and then restarting it. The 5 minute pause
|is required or
|> else the problem picks right back up when I restart the
|service. These
|> periods of dysfunction seem to me almost like a denial of
|service attack
|> on
|> my DNS server. I do not have any viruses on my LAN and I
|cannot figure
|> out
|> where these UPD requests are coming from.
|>
|> I would like to use Ethereal to determine where the
|abnormally high number
|> of UDP queries are coming from during these episodes.
|>
|> I have never used a packet analyzer before, but I would like
|to learn and
|> I
|> do pick up technical concepts very quickly. If you could
|help me use this
|> tool to troubleshoot this very specific problem it would
|both assist me in
|> finding the problem and jumpstart my learning regarding how
|Ethereal can
|> be
|> used for network analysis.
|>
|> Thank you.
|>
|> -Chad