Hi,I have no experience in network analysis. However, there is a network problem here and I think I have found it using Wireshark: Some Windows application or service is sending name queries asking for a server which has been removed from the net.Now my question: How can I find out which
One way to narrow it down would be to use Wireshark to identify the source IP
and port. So on that particular Windows box, you could then use either netstat
-ano (believe only 2003 and XP add the -o option) or you could use fport from
Foundstone:
Thanks James, that's great help!I found out that - ok, I should have expected that - svchost (registering dnscache.dll) is sending the DNS name query and getting the response "no such name". But I still cannot figure out which application initiated the DNS request, which application sits at the
I just received my new MBP today, and the first thing I did was
install Wireshark (via Macports, which works perfectly for me on my
current Powerbook G4)
http://www.macports.org/
Specifically...
http://svn.macports.org/repository/macports/trunk/dports/net/
wireshark/Portfile
The interesting
Bob,
If the query is coming from a remote
machine, you should be able to run Wireshark on that system and see the source of
the original query to the DNS server. If thats not the case and
the query is initiated from the local machine than Im not sure. You
could try this tool from