>>> staedtlerx <staedtlerx@xxxxxxxxx> 1/26/2009 11:16 PM >>>
> I tried NetMon - it appears to output the same exact info that Wireshark
> does. Should I somehow be invoking more info?
The two traces you sent both indicate that the Sony system (192.168.0.2)
--- the system that initiated the DNS queries --- is actually rejecting the DNS
replies it asked for!
The two ICMP "Destination Unreachable (Port unreachable)" messages
within each trace are responses generated by your host (192.168.0.2) in
response the DNS response packets.
I've seen similar behavior when someone's workstation based firewall is
mis-configured, when multiple NIC cards are installed and mis-configured
or also (rarely) when the application that initiated the DNS request is no
longer listening on the UDP port that the request was initiated from.
FWIW: I doubt that your ping or tracert initiated DNS requests resulted
in the UDP port itself to be closed so soon after the requests was sent.
Generally speaking the Windows DNS stub resolver uses the same
ephemeral UDP port for all requests until the system is rebooted. The
nslookup tool on the other hand uses a new ephemeral UDP port
for each DNS request.
It's seems somewhat odd that your system sends two DNS requests
so close in time to one other, but these are NOT duplicate packets,
each DNS request has a unique incrementing ip.id value.
Someone suggested that you show us a copy of how routing in
configured on this Windows machine. You can generate this report
from a Windows cmd shell with the either of the following commands:
route print
or
netstat -r
Also a complete copy of your workstation's complete ip setup might
be useful: e.g.
ipconfig /all
Perhaps attaching the output of these two reports might shed some
light on what may be going on.
Best regards,
Jim Y.
