DNS & ICMP
Mark Andrews
Mark_Andrews at isc.org
Thu Oct 20 22:40:27 UTC 2005
> Frame 15 (70 bytes on wire, 70 bytes captured)
> Arrival Time: Oct 20, 2005 16:15:42.583051000
> Time delta from previous packet: 0.156957000 seconds
> Time relative to first packet: 56.875494000 seconds
> Frame Number: 15
> Packet Length: 70 bytes
> Capture Length: 70 bytes
> Ethernet II, Src: 00:0f:24:c9:5a:c2, Dst: 00:30:48:52:7e:6c
> Destination: 00:30:48:52:7e:6c (Supermic_52:7e:6c)
> Source: 00:0f:24:c9:5a:c2 (00:0f:24:c9:5a:c2)
> Type: IP (0x0800)
> Internet Protocol, Src Addr: 207.162.16x.197 (207.162.16x.197), Dst Addr:
> 207.162.16x.11 (207.162.16x.11)
> Version: 4
> Header length: 20 bytes
> Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
> 0000 00.. = Differentiated Services Codepoint: Default (0x00)
> .... ..0. = ECN-Capable Transport (ECT): 0
> .... ...0 = ECN-CE: 0
> Total Length: 56
> Identification: 0x42bf
> Flags: 0x00
> .0.. = Don't fragment: Not set
> ..0. = More fragments: Not set
> Fragment offset: 0
> Time to live: 126
> Protocol: ICMP (0x01)
> Header checksum: 0x13f0 (correct)
> Source: 207.162.166.197 (207.162.166.197)
> Destination: 207.162.160.11 (207.162.160.11)
> Internet Control Message Protocol
> Type: 3 (Destination unreachable)
> Code: 3 (Port unreachable)
> Checksum: 0x3c0d (correct)
> Internet Protocol, Src Addr: 207.162.16x.11 (207.162.16x.11), Dst Addr:
> 207.162.16x.197 (207.162.16x.197)
> Version: 4
> Header length: 20 bytes
> Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
> 0000 00.. = Differentiated Services Codepoint: Default (0x00)
> .... ..0. = ECN-Capable Transport (ECT): 0
> .... ...0 = ECN-CE: 0
> Total Length: 238
> Identification: 0x0000
> Flags: 0x04
> .1.. = Don't fragment: Set
> ..0. = More fragments: Not set
> Fragment offset: 0
> Time to live: 62
> Protocol: UDP (0x11)
> Header checksum: 0x55e9 (correct)
> Source: 207.162.16x.11 (207.162.160.11)
> Destination: 207.162.16x.197 (207.162.166.197)
> User Datagram Protocol, Src Port: domain (53), Dst Port: kermit (1649)
> Source port: domain (53)
> Destination port: kermit (1649)
> Length: 218
> Checksum: 0xb96f
>
>
>
>
> 16:14:37.968636 207.162.16x.197 -> 207.162.16x.11 DNS Standard query A
> img-cdn.mediaplex.com
> 16:14:37.969040 207.162.16x.11 -> 207.162.16x.197 DNS Standard query
> response CNAME img.mediaplex.com.edgesuite.net CNAME a1470.g.akamai.net A
> 84.53.144.136 A 84.53.144.151
> 16:14:38.018391 207.162.16x.197 -> 207.162.16x.11 ICMP Destination
> unreachable
>
>
> 16:14:45.707557 207.162.16x.197 -> 207.162.16x.11 ICMP Destination
> unreachable
> 16:14:51.708089 207.162.16x.197 -> 207.162.16x.11 ICMP Destination
> unreachable
> 16:14:55.543456 207.162.16x.197 -> 207.162.16x.11 ICMP Destination
> unreachable
> 16:15:26.850696 207.162.16x.197 -> 207.162.16x.11 DNS Standard query A
> m2.2mdn.net
The DNS use UDP. Port unreachables are expected when the
client stops listening for replies.
Note a badly configured firewall can also produce similar
symptoms.
As for why you are getting multiple ICMP messages I don't
know. A bit more detail on all the ICMP messages may shed
some more light.
Mark
P.S. Obscuring detail just makes it hard for anyone trying to help you. All you are hiding is that there is a DNS client on one
address (just about all machines on the net are DNS clients) and
that there is a DNS server on the other address. Woopie.
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark_Andrews at isc.org
More information about the bind-users
mailing list