Wireshark-users: Re: [Wireshark-users] need help - strange DNS query
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: Jaap Keuter <jaap.keuter@xxxxxxxxx>
Date: Fri, 16 Dec 2011 11:51:20 +0100
Hi,

What issue? A program doing a host lookup is an issue?
What cell phone is that? What carrier is it using? It it providing a VPN? What laptop is hooked up? How is it hooked up? What Operating system is it running? 
What programs are installed? What daemons/services are running?
Doesn't the name none.mycompany.com ring a bell? What this server for?
Does the laptop do the same when connected natively to your network?
These are all questions you have to ask yourself to find out what is going on. 

Thanks,
Jaap

On 2011-12-16 04:49, Wang, Kang wrote:
During a test I found a strange behavior. I used a cell phone as a modem for the PC and tried to browse an internal webpage. The URL was given in 
IP format, i.e., something like 10.x.x.x/test.php.

However, I found that the laptop continuously sent 'DNS: Standard
query'. I don't believe I have DNS server configured and it could take more than 10 seconds for the DNS query to timeout. I do not understand 
why the laptop would make such a DNS query.
Could someone please take a look at this and let me know what could be 
causing the issue? The following is a snippet of the wireshark log.
Thanks!
1533 29.796875 186.16.61.155 13.2.0.53 TCP 54 http > dxmessagebase2 [ACK] Seq=50489 Ack=383 Win=6912 Len=0
1534 29.796875 186.16.61.155 13.2.0.53 TCP 54 http > dxmessagebase1 [ACK] Seq=51216 Ack=383 Win=6912 Len=0
1535 30.031250 13.2.0.53 172.18.3.2 DNS 75 Standard query A none.mycompany.com
1536 31.031250 13.2.0.53 172.18.3.1 DNS 75 Standard query A none.mycompany.com
1537 33.031250 13.2.0.53 172.18.3.1 DNS 75 Standard query A none.mycompany.com
1538 33.031250 13.2.0.53 172.18.3.2 DNS 75 Standard query A none.mycompany.com
1539 37.031250 13.2.0.53 172.18.3.1 DNS 75 Standard query A none.mycompany.com
1540 37.031250 13.2.0.53 172.18.3.2 DNS 75 Standard query A none.mycompany.com
1541 43.484375 13.2.0.53 255.255.255.255 UDP 506 Source port: evtp Destination port: ew-disc-cmd
1542 44.046875 13.2.0.53 172.18.3.1 DNS 75 Standard query A none.mycompany.com
1543 44.046875 13.2.0.53 186.16.61.155 TCP 78 sps-tunnel > http [SYN] Seq=0 Win=65535 Len=0 MSS=1460 WS=8 TSval=0 TSecr=0 SACK_PERM=1