Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.

Wireshark-users: Re: [Wireshark-users] DNS Working but can't connect to

From: "Ioannis Kiriazis XI" <ioannis.xi.kiriazis@xxxxxxxxxxxx>
Date: Mon, 26 Jan 2009 08:40:20 +0100

Hi,

Check your IP address and default gateway if they are ok !
You'll maybe need to "refresh" them with ipconfig/release and ipconfig/renew.

cheers,

Ioannis

 

Message: 1

Date: Sun, 25 Jan 2009 15:04:23 -0500

From: staedtlerx <staedtlerx@xxxxxxxxx>

Subject: [Wireshark-users] DNS Working but can't connect to anything

To: wireshark-users@xxxxxxxxxxxxx

Message-ID:

<b66269850901251204p7a23d3d2w3b708e58ef2a72e0@xxxxxxxxxxxxxx>

Content-Type: text/plain; charset="iso-8859-1"

Hello All,

I thank you ahead of time if you read all this - I'm having a very strange network problem and someone recommended Wireshark for debugging it - and it's quite amazing! It's provided some insight but I am not that familiar with low-level TCP/IP stuff so I don't know what to make of it all. I was hoping someone could provide some more insight or any hints for further debugging.

I am using a Sony Vaio Laptop with Windows XP SP2. It has internal WiFi, which works fine; Goes on the internet, etc. I'm sending this email with it right now. I have 4 other ways of connecting the laptop to the internet: 2 PCMCIA wifi cards and 2 wired ethernet connections. These 4 other connections all behave exactly the same: They *appear* to not have DNS (more on that later) and and they cannot access any remove server by hostname.

They CAN access any remote server by IP address e.g. can browse to http://74.125.45.100 but not http://google.com. However, they CAN access remote server by name if I put an entry in my hosts file. This would lead most people to believe that my DNS is not working correctly. I also get "Ping request could not find host" when trying to ping a hostname. Again, would make you think DNS was not working. However, the problem is not that simple. All 5 connections have the same gateway, dns, etc - yet the internal wifi works and the 4 others don't. I've tried every sort of winsock reset, reinstalling, dns cache clearing, etc. I've tried driver upgrades, downgrades, etc. I've tried everything in safe mode. I've tried connecting my laptop to my cable modem directly and I've also tried through my Wifi router. The problem definitely lies within my Windows software - not hardware, router, firewall, or ISP. The monkey wrench is that I have the one internal wifi connection thats works!

Now, more on the part about *appearing* not to have DNS: I figured something, somewhere, was messing with my DNS (lord knows why on only 4/5 connections). This is when I got Wireshark for some deeper insight. Snooping with Wireshark, I can see that hostnames actually DO resolve to their IP. I can see a response from my gateway with the IP address then I get an ICMP failure "Destination Unreachable":

192.168.0.2 -> 192.168.0.1 - DNS Standard query A google.com

192.168.0.1 -> 192.168.0.2 - DNS Standard query response A 72.14.205.100 A 74.125.45.100 A 209.85.171.100

192.168.0.2 -> 192.168.0.1 - ICMP Destination unreachable (Port unreachable)

Stange thing is that when pining, it shows no sign of the hostname ever getting resolved:

c:\>ping google.com

Ping request could not find host google.com. Please check the name and try again.

 

When pinging from the WORKING connection, instead of the ICMP failure, I

get:

192.168.0.2 -> 192.168.0.1 - DNS Standard query A google.com

192.168.0.1 -> 192.168.0.2 - DNS Standard query response A 72.14.205.100 A 74.125.45.100 A 209.85.171.100

192.168.0.2 -> 72.14.205.100 - ICMP Echo (ping) request etc

 

I'm looking for insight into what "Destination unreachable" means exactly, where the message from (laptop or remote host), and leads on more research.

ANY insight would be most helpful. However, please skip over the basic "ipconfig" debugging please - I've been going through that for over a week.

Thank you!