staedtlerx wrote:
Hello All,
I thank you ahead of time if you read all this - I'm having a very
strange network problem and someone recommended Wireshark for
debugging it - and it's quite amazing! It's provided some insight but
I am not that familiar with low-level TCP/IP stuff so I don't know
what to make of it all. I was hoping someone could provide some more
insight or any hints for further debugging.
I am using a Sony Vaio Laptop with Windows XP SP2. It has internal
WiFi, which works fine; Goes on the internet, etc. I'm sending this
email with it right now. I have 4 other ways of connecting the laptop
to the internet: 2 PCMCIA wifi cards and 2 wired ethernet connections.
These 4 other connections all behave exactly the same: They *appear*
to not have DNS (more on that later) and and they cannot access any
remove server by hostname. They CAN access any remote server by IP
address e.g. can browse to http://74.125.45.100 but not
http://google.com. However, they CAN access remote server by name if I
put an entry in my hosts file. This would lead most people to believe
that my DNS is not working correctly. I also get "Ping request could
not find host" when trying to ping a hostname. Again, would make you
think DNS was not working. However, the problem is not that simple.
All 5 connections have the same gateway, dns, etc - yet the internal
wifi works and the 4 others don't. I've tried every sort of winsock
reset, reinstalling, dns cache clearing, etc. I've tried driver
upgrades, downgrades, etc. I've tried everything in safe mode. I've
tried connecting my laptop to my cable modem directly and I've also
tried through my Wifi router. The problem definitely lies within my
Windows software - not hardware, router, firewall, or ISP. The monkey
wrench is that I have the one internal wifi connection thats works!
Now, more on the part about *appearing* not to have DNS: I figured
something, somewhere, was messing with my DNS (lord knows why on only
4/5 connections). This is when I got Wireshark for some deeper
insight. Snooping with Wireshark, I can see that hostnames actually DO
resolve to their IP. I can see a response from my gateway with the IP
address then I get an ICMP failure "Destination Unreachable":
192.168.0.2 -> 192.168.0.1 - DNS Standard query A google.com
<http://google.com>
192.168.0.1 -> 192.168.0.2 - DNS Standard query response A
72.14.205.100 A 74.125.45.100 A 209.85.171.100
192.168.0.2 -> 192.168.0.1 - ICMP Destination unreachable (Port
unreachable)
Stange thing is that when pining, it shows no sign of the hostname
ever getting resolved:
c:\>ping google.com <http://google.com>
Ping request could not find host google.com <http://google.com>.
Please check the name and try again.
When pinging from the WORKING connection, instead of the ICMP failure,
I get:
192.168.0.2 -> 192.168.0.1 - DNS Standard query A google.com
<http://google.com>
192.168.0.1 -> 192.168.0.2 - DNS Standard query response A
72.14.205.100 A 74.125.45.100 A 209.85.171.100
192.168.0.2 -> 72.14.205.100 - ICMP Echo (ping) request
etc
I'm looking for insight into what "Destination unreachable" means
exactly, where the message from (laptop or remote host), and leads on
more research.
ANY insight would be most helpful. However, please skip over the basic
"ipconfig" debugging please - I've been going through that for over a
week.
Thank you!
Looks like a firewall is blocking the response from the gateway
John
