 | 1 | initial version |
The icmp you've posted has been sent by the client in response to a received DNS answer. This usually happens when the DNS answer arrives so late that the client does not expect it any more. So I would try to find the DNS query and the answer itself in the capture and assess the time distance between the two. Apply display filter dns.id == 0xe74a on that capture to find out. I don't remember exactly but more than a few seconds is too much. If, however, the answer comes within a second from the query, either the client or the firewall between the client and the DNS is too impatient.
