Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2017-12-21 17:12:45 +0000

Alex_0 gravatar image

Port Unreachable

Hello, I have an issue with resolving webpages on my network. I have couple of network on my infrastructure. 192.168.150.0/24 for my servers 192.168.160.0/24 for my workstation and more

I checked with Microsoft, MS engineer checked my DNS servers and confirmed they are working fine. I checked with Cisco, Cisco Eng. created TCP Bypass on my ASA and added my computer on the access-list, so it seems the ASA and IPS do not inspect all the traffic generated by my computer. I installed Wire Shark on my computer and tried to open https://My.t-mobile.com I noticed some "Destination unreachable (Port unreachable)" from my computer to my internal DNS server. I can ping my internal DNS server Any idea? Thank you in Advance for your time Alex

1071 2017-12-21 11:15:14.373439 192.168.160.99 192.168.150.1 ICMP 123 Destination unreachable (Port unreachable) Frame 1071: 123 bytes on wire (984 bits), 123 bytes captured (984 bits) on interface 0 Interface id: 0 (\Device\NPF_{EB87B223-29FF-4EE6-AE98-E08E7F0B8A39}) Interface name: \Device\NPF_{EB87B223-29FF-4EE6-AE98-E08E7F0B8A39} Encapsulation type: Ethernet (1) Arrival Time: Dec 21, 2017 11:15:14.373439000 Eastern Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1513872914.373439000 seconds [Time delta from previous captured frame: 0.000032000 seconds] [Time delta from previous displayed frame: 0.000032000 seconds] [Time since reference or first frame: 8.893324000 seconds] Frame Number: 1071 Frame Length: 123 bytes (984 bits) Capture Length: 123 bytes (984 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns] [Coloring Rule Name: ICMP errors] [Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4] Ethernet II, Src: Dell_33:31:4b (18:03:73:33:31:4b), Dst: Cisco_aa:17:47 (e4:d3:f1:aa:17:47) Destination: Cisco_aa:17:47 (e4:d3:f1:aa:17:47) Address: Cisco_aa:17:47 (e4:d3:f1:aa:17:47) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Dell_33:31:4b (18:03:73:33:31:4b) Address: Dell_33:31:4b (18:03:73:33:31:4b) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 192.168.160.99, Dst: 192.168.150.1 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 109 Identification: 0x041f (1055) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: ICMP (1) Header checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source: 192.168.160.99 Destination: 192.168.150.1 [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Internet Control Message Protocol Type: 3 (Destination unreachable) Code: 3 (Port unreachable) Checksum: 0xb501 [correct] [Checksum Status: Good] Unused: 00000000 Internet Protocol Version 4, Src: 192.168.150.1, Dst: 192.168.160.99 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 81 Identification: 0x2483 (9347) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: UDP (17) Header checksum: 0x5f63 [validation disabled] [Header checksum status: Unverified] Source: 192.168.150.1 Destination: 192.168.160.99 [Source GeoIP: Unknown] [Destination GeoIP: Unknown] User Datagram Protocol, Src Port: 53, Dst Port: 59522 Source Port: 53 Destination Port: 59522 Length: 61 Checksum: 0xd5b5 [unverified] [Checksum Status: Unverified] [Stream index: 47] Domain Name System (response) Transaction ID: 0xe74a Flags: 0x8182 Standard query response, Server failure 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...0 .... = Non-authenticated data: Unacceptable .... .... .... 0010 = Reply code: Server failure (2) Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries geover-prod.do.dsp.mp.microsoft.com: type A, class IN Name: geover-prod.do.dsp.mp.microsoft.com [Name Length: 35] [Label Count: 6] Type: A (Host Address) (1) Class: IN (0x0001)

Port Unreachable

Hello, I have an issue with resolving webpages on my network. I have couple of network on my infrastructure. 192.168.150.0/24 for my servers 192.168.160.0/24 for my workstation and more

I checked with Microsoft, MS engineer checked my DNS servers and confirmed they are working fine. I checked with Cisco, Cisco Eng. created TCP Bypass on my ASA and added my computer on the access-list, so it seems the ASA and IPS do not inspect all the traffic generated by my computer. I installed Wire Shark on my computer and tried to open https://My.t-mobile.com I noticed some "Destination unreachable (Port unreachable)" from my computer to my internal DNS server. I can ping my internal DNS server server

Unfortunately I cannot upload the result as a text file, I need to have 60 points (???)

Any idea? Thank you in Advance for your time Alex

1071 2017-12-21 11:15:14.373439 192.168.160.99 192.168.150.1 ICMP 123 Destination unreachable (Port unreachable) Frame 1071: 123 bytes on wire (984 bits), 123 bytes captured (984 bits) on interface 0 Interface id: 0 (\Device\NPF_{EB87B223-29FF-4EE6-AE98-E08E7F0B8A39}) Interface name: \Device\NPF_{EB87B223-29FF-4EE6-AE98-E08E7F0B8A39} Encapsulation type: Ethernet (1) Arrival Time: Dec 21, 2017 11:15:14.373439000 Eastern Standard Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1513872914.373439000 seconds [Time delta from previous captured frame: 0.000032000 seconds] [Time delta from previous displayed frame: 0.000032000 seconds] [Time since reference or first frame: 8.893324000 seconds] Frame Number: 1071 Frame Length: 123 bytes (984 bits) Capture Length: 123 bytes (984 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns] [Coloring Rule Name: ICMP errors] [Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4] Ethernet II, Src: Dell_33:31:4b (18:03:73:33:31:4b), Dst: Cisco_aa:17:47 (e4:d3:f1:aa:17:47) Destination: Cisco_aa:17:47 (e4:d3:f1:aa:17:47) Address: Cisco_aa:17:47 (e4:d3:f1:aa:17:47) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Dell_33:31:4b (18:03:73:33:31:4b) Address: Dell_33:31:4b (18:03:73:33:31:4b) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 192.168.160.99, Dst: 192.168.150.1 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 109 Identification: 0x041f (1055) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 128 Protocol: ICMP (1) Header checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source: 192.168.160.99 Destination: 192.168.150.1 [Source GeoIP: Unknown] [Destination GeoIP: Unknown] Internet Control Message Protocol Type: 3 (Destination unreachable) Code: 3 (Port unreachable) Checksum: 0xb501 [correct] [Checksum Status: Good] Unused: 00000000 Internet Protocol Version 4, Src: 192.168.150.1, Dst: 192.168.160.99 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) 0000 00.. = Differentiated Services Codepoint: Default (0) .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) Total Length: 81 Identification: 0x2483 (9347) Flags: 0x00 0... .... = Reserved bit: Not set .0.. .... = Don't fragment: Not set ..0. .... = More fragments: Not set Fragment offset: 0 Time to live: 127 Protocol: UDP (17) Header checksum: 0x5f63 [validation disabled] [Header checksum status: Unverified] Source: 192.168.150.1 Destination: 192.168.160.99 [Source GeoIP: Unknown] [Destination GeoIP: Unknown] User Datagram Protocol, Src Port: 53, Dst Port: 59522 Source Port: 53 Destination Port: 59522 Length: 61 Checksum: 0xd5b5 [unverified] [Checksum Status: Unverified] [Stream index: 47] Domain Name System (response) Transaction ID: 0xe74a Flags: 0x8182 Standard query response, Server failure 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...0 .... = Non-authenticated data: Unacceptable .... .... .... 0010 = Reply code: Server failure (2) Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries geover-prod.do.dsp.mp.microsoft.com: type A, class IN Name: geover-prod.do.dsp.mp.microsoft.com [Name Length: 35] [Label Count: 6] Type: A (Host Address) (1) Class: IN (0x0001)

click to hide/show revision 3
None

updated 2017-12-21 18:01:16 +0000

sindy gravatar image

Port Unreachable

Hello, I have an issue with resolving webpages on my network. I have couple of network on my infrastructure. 192.168.150.0/24 for my servers 192.168.160.0/24 for my workstation and more

I checked with Microsoft, MS engineer checked my DNS servers and confirmed they are working fine. I checked with Cisco, Cisco Eng. created TCP Bypass on my ASA and added my computer on the access-list, so it seems the ASA and IPS do not inspect all the traffic generated by my computer. I installed Wire Shark on my computer and tried to open https://My.t-mobile.com I noticed some "Destination unreachable (Port unreachable)" from my computer to my internal DNS server. I can ping my internal DNS server

Unfortunately I cannot upload the result as a text file, I need to have 60 points (???)

Any idea? Thank you in Advance for your time Alex

1071    2017-12-21 11:15:14.373439  192.168.160.99  192.168.150.1   ICMP    123 Destination unreachable (Port unreachable)
Frame 1071: 123 bytes on wire (984 bits), 123 bytes captured (984 bits) on interface 0
    Interface id: 0 (\Device\NPF_{EB87B223-29FF-4EE6-AE98-E08E7F0B8A39})
        Interface name: \Device\NPF_{EB87B223-29FF-4EE6-AE98-E08E7F0B8A39}
    Encapsulation type: Ethernet (1)
    Arrival Time: Dec 21, 2017 11:15:14.373439000 Eastern Standard Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1513872914.373439000 seconds
    [Time delta from previous captured frame: 0.000032000 seconds]
    [Time delta from previous displayed frame: 0.000032000 seconds]
    [Time since reference or first frame: 8.893324000 seconds]
    Frame Number: 1071
    Frame Length: 123 bytes (984 bits)
    Capture Length: 123 bytes (984 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns]
    [Coloring Rule Name: ICMP errors]
    [Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4]
Ethernet II, Src: Dell_33:31:4b (18:03:73:33:31:4b), Dst: Cisco_aa:17:47 (e4:d3:f1:aa:17:47)
    Destination: Cisco_aa:17:47 (e4:d3:f1:aa:17:47)
        Address: Cisco_aa:17:47 (e4:d3:f1:aa:17:47)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Dell_33:31:4b (18:03:73:33:31:4b)
        Address: Dell_33:31:4b (18:03:73:33:31:4b)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 192.168.160.99, Dst: 192.168.150.1
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 109
    Identification: 0x041f (1055)
    Flags: 0x00
        0... .... = Reserved bit: Not set
        .0.. .... = Don't fragment: Not set
        ..0. .... = More fragments: Not set
    Fragment offset: 0
    Time to live: 128
    Protocol: ICMP (1)
    Header checksum: 0x0000 [validation disabled]
    [Header checksum status: Unverified]
    Source: 192.168.160.99
    Destination: 192.168.150.1
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
Internet Control Message Protocol
    Type: 3 (Destination unreachable)
    Code: 3 (Port unreachable)
    Checksum: 0xb501 [correct]
    [Checksum Status: Good]
    Unused: 00000000
    Internet Protocol Version 4, Src: 192.168.150.1, Dst: 192.168.160.99
        0100 .... = Version: 4
        .... 0101 = Header Length: 20 bytes (5)
        Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
            0000 00.. = Differentiated Services Codepoint: Default (0)
            .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
        Total Length: 81
        Identification: 0x2483 (9347)
        Flags: 0x00
            0... .... = Reserved bit: Not set
            .0.. .... = Don't fragment: Not set
            ..0. .... = More fragments: Not set
        Fragment offset: 0
        Time to live: 127
        Protocol: UDP (17)
        Header checksum: 0x5f63 [validation disabled]
        [Header checksum status: Unverified]
        Source: 192.168.150.1
        Destination: 192.168.160.99
        [Source GeoIP: Unknown]
        [Destination GeoIP: Unknown]
    User Datagram Protocol, Src Port: 53, Dst Port: 59522
        Source Port: 53
        Destination Port: 59522
        Length: 61
        Checksum: 0xd5b5 [unverified]
        [Checksum Status: Unverified]
        [Stream index: 47]
    Domain Name System (response)
        Transaction ID: 0xe74a
        Flags: 0x8182 Standard query response, Server failure
            1... .... .... .... = Response: Message is a response
            .000 0... .... .... = Opcode: Standard query (0)
            .... .0.. .... .... = Authoritative: Server is not an authority for domain
            .... ..0. .... .... = Truncated: Message is not truncated
            .... ...1 .... .... = Recursion desired: Do query recursively
            .... .... 1... .... = Recursion available: Server can do recursive queries
            .... .... .0.. .... = Z: reserved (0)
            .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
            .... .... ...0 .... = Non-authenticated data: Unacceptable
            .... .... .... 0010 = Reply code: Server failure (2)
        Questions: 1
        Answer RRs: 0
        Authority RRs: 0
        Additional RRs: 0
        Queries
            geover-prod.do.dsp.mp.microsoft.com: type A, class IN
                Name: geover-prod.do.dsp.mp.microsoft.com
                [Name Length: 35]
                [Label Count: 6]
                Type: A (Host Address) (1)
                Class: IN (0x0001)
(0x0001)            .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0010 = Reply code: Server failure (2)
    Questions: 1
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0
    Queries
        geover-prod.do.dsp.mp.microsoft.com: type A, class IN
            Name: geover-prod.do.dsp.mp.microsoft.com
            [Name Length: 35]
            [Label Count: 6]
            Type: A (Host Address) (1)
            Class: IN (0x0001)