Wireshark-users: Re: [Wireshark-users] DNS Working but can't connect to anything
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: John Mason Jr <john.mason.jr@xxxxxxx>
Date: Sun, 25 Jan 2009 19:29:49 -0500
staedtlerx wrote:
@Sake: Yes, I always tested with all other adapters disabled. I will try to send capture info. Are attachments koshers here or should I upload it somewhere? 

@Frank:: I will look into this, thank you
@John: It does seems like that and I know that firewalls can target specific network adapters but I don't have any firewall running that I know of. I've tested in safe mode as well, which would hopefully disable any firewalls. But AFAICT, I've disabled anything that might be acting as a firewall
Might look at settings for Anti Virus or anti malware software as well as firewall software 

John
On Sun, Jan 25, 2009 at 5:34 PM, John Mason Jr <john.mason.jr@xxxxxxx <mailto:john.mason.jr@xxxxxxx>> wrote: 

    staedtlerx wrote:
    > Hello All,
    >
    > I thank you ahead of time if you read all this - I'm having a very
    > strange network problem and someone recommended Wireshark for
    > debugging it - and it's quite amazing! It's provided some
    insight but
    > I am not that familiar with low-level TCP/IP stuff so I don't know
    > what to make of it all. I was hoping someone could provide some more
    > insight or any hints for further debugging.
    >
    > I am using a Sony Vaio Laptop with Windows XP SP2. It has internal
    > WiFi, which works fine; Goes on the internet, etc. I'm sending this
    > email with it right now. I have 4 other ways of connecting the
    laptop
    > to the internet: 2 PCMCIA wifi cards and 2 wired ethernet
    connections.
    > These 4 other connections all behave exactly the same: They *appear*
    > to not have DNS (more on that later) and and they cannot access any
    > remove server by hostname. They CAN access any remote server by IP
    > address e.g. can browse to http://74.125.45.100 but not
    > http://google.com. However, they CAN access remote server by
    name if I
    > put an entry in my hosts file. This would lead most people to
    believe
    > that my DNS is not working correctly. I also get "Ping request could
    > not find host" when trying to ping a hostname. Again, would make you
    > think DNS was not working. However, the problem is not that simple.
    > All 5 connections have the same gateway, dns, etc - yet the internal
    > wifi works and the 4 others don't. I've tried every sort of winsock
    > reset, reinstalling, dns cache clearing, etc. I've tried driver
    > upgrades, downgrades, etc. I've tried everything in safe mode. I've
    > tried connecting my laptop to my cable modem directly and I've also
    > tried through my Wifi router. The problem definitely lies within my
    > Windows software - not hardware, router, firewall, or ISP. The
    monkey
    > wrench is that I have the one internal wifi connection thats works!
    >
    > Now, more on the part about *appearing* not to have DNS: I figured
    > something, somewhere, was messing with my DNS (lord knows why on
    only
    > 4/5 connections). This is when I got Wireshark for some deeper
    > insight. Snooping with Wireshark, I can see that hostnames
    actually DO
    > resolve to their IP. I can see a response from my gateway with
    the IP
    > address then I get an ICMP failure "Destination Unreachable":
    >
    > 192.168.0.2 -> 192.168.0.1 - DNS Standard query A google.com
    <http://google.com>
    > <http://google.com>
    > 192.168.0.1 -> 192.168.0.2 - DNS Standard query response A
    > 72.14.205.100 A 74.125.45.100 A 209.85.171.100
    > 192.168.0.2 -> 192.168.0.1 - ICMP Destination unreachable (Port
    > unreachable)
    >
    > Stange thing is that when pining, it shows no sign of the hostname
    > ever getting resolved:
    >
    > c:\>ping google.com <http://google.com> <http://google.com>
    > Ping request could not find host google.com <http://google.com>
    <http://google.com>.
    > Please check the name and try again.
    >
    >
    > When pinging from the WORKING connection, instead of the ICMP
    failure,
    > I get:
    >
    > 192.168.0.2 -> 192.168.0.1 - DNS Standard query A google.com
    <http://google.com>
    > <http://google.com>
    > 192.168.0.1 -> 192.168.0.2 - DNS Standard query response A
    > 72.14.205.100 A 74.125.45.100 A 209.85.171.100
    > 192.168.0.2 -> 72.14.205.100 - ICMP Echo (ping) request
    > etc
    >
    >
    > I'm looking for insight into what "Destination unreachable" means
    > exactly, where the message from (laptop or remote host), and
    leads on
    > more research.
    > ANY insight would be most helpful. However, please skip over the
    basic
    > "ipconfig" debugging please - I've been going through that for
    over a
    > week.
    >
    > Thank you!
    >
    Looks like a firewall  is blocking the response from the gateway

    John

    ___________________________________________________________________________
    Sent via:    Wireshark-users mailing list
    <wireshark-users@xxxxxxxxxxxxx
    <https://mail.google.com/a/unformatt.com/mail?view=cm&tf=0&to=wireshark-users@xxxxxxxxxxxxx>>
    Archives:    http://www.wireshark.org/lists/wireshark-users
    Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
                mailto:wireshark-users-request@xxxxxxxxxxxxx
    <https://mail.google.com/a/unformatt.com/mail?view=cm&tf=0&to=wireshark-users-request@xxxxxxxxxxxxx>?subject=unsubscribe


------------------------------------------------------------------------

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe