Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

asked 2019-10-10 12:58:34 +0000

J.-Christophe gravatar image

DNS Query answer with ICMP Code 3 - Type

Hi Gurus,

I have a very strange issue with our DNS server (Windows AD). Most of the DNS request works well, but from time to time I have the following (in Wireshark) "ICMP Destination unreachable - Port unreachable).

The request goes from a user workstation to a server through both a router and a firewall (which might be reponsible for those issues).

Below is the trace I can see from my own workstation: [4024] @128.639686: DNS query (type A) for nexus.mydomain.tld from 172.16.23.28 (Workstation Windows 10) to 172.16.37.30 (M$ AD 2016) [4027] @128.678021: DNS response for nexus.mydomain.tld from 172.16.37.30 to 172.16.23.28 [4028] @128.678033: ICMP Destination unreachbable (Port unreachable) from 172.16.23.28 to 172.16.37.30

The ICMP paquet contains the following information:

Frame 4024: 85 bytes on wire (680 bits), 85 bytes captured (680 bits) on interface 0 Ethernet II, Src: Dell_44:df:33 (d8:9e:f3:44:df:33), Dst: All-HSRP-routers_7b (00:00:0c:07:ac:7b) Internet Protocol Version 4, Src: 172.16.23.28, Dst: 172.16.37.30 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 71 Identification: 0xa923 (43299) Flags: 0x0000 Time to live: 128 Protocol: UDP (17) Header checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source: 172.16.23.28 Destination: 172.16.37.30 User Datagram Protocol, Src Port: 52715, Dst Port: 53 Source Port: 52715 Destination Port: 53 Length: 51 Checksum: 0x949f [unverified] [Checksum Status: Unverified] [Stream index: 50] Domain Name System (query) Transaction ID: 0x5da1 Flags: 0x0100 Standard query 0... .... .... .... = Response: Message is a query .000 0... .... .... = Opcode: Standard query (0) .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... .0.. .... = Z: reserved (0) .... .... ...0 .... = Non-authenticated data: Unacceptable Questions: 1 Answer RRs: 0 Authority RRs: 0 Additional RRs: 0 Queries nexus.domain.tld: type A, class IN Name: nexus.domain.tld [Name Length: 25] [Label Count: 4] Type: A (Host Address) (1) Class: IN (0x0001) [Response In: 4027]

My understanding about ICMP Code 3 - Type 3 is that it happens when you have some "timeout session" in UDP traffic. But according to the below trace, the response to the query is pretty much immediate.

Anyone can explain why this is happening and where shoud I look to fix this "error".

Thanks a lot for your explanation.

Cheers, Jean-Christophe

DNS Query answer with ICMP Code 3 - Type

Hi Gurus,

I have a very strange issue with our DNS server (Windows AD). Most of the DNS request works well, but from time to time I have the following (in Wireshark) "ICMP Destination unreachable - Port unreachable).

The request goes from a user workstation to a server through both a router and a firewall (which might be reponsible for those issues).

Below is the trace I can see from my own workstation: [4024] @128.639686: workstation:

[1262] @30.722130: DNS query (type A) for nexus.mydomain.tld ssl-google-analytics.l.google.com from 172.16.23.28 (Workstation Windows 10) to 172.16.37.30 (M$ AD 2016) [4027] [1264] @128.678021: DNS response for nexus.mydomain.tld ssl-google-analytics.l.google.com from 172.16.37.30 to 172.16.23.28 [4028] 172.16.23.28 [1265] @128.678033: ICMP Destination unreachbable (Port unreachable) from 172.16.23.28 to 172.16.37.30

The ICMP paquet contains the following information:

Frame 4024: 85 1265: 149 bytes on wire (680 (1192 bits), 85 149 bytes captured (680 (1192 bits) on interface 0 Interface id: 0 (\Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F}) Interface name: \Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F} Encapsulation type: Ethernet (1) Arrival Time: Oct 10, 2019 14:58:33.236365000 W. Europe Daylight Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1570712313.236365000 seconds [Time delta from previous captured frame: 0.000013000 seconds] [Time delta from previous displayed frame: 0.000013000 seconds] [Time since reference or first frame: 30.723610000 seconds] Frame Number: 1265 Frame Length: 149 bytes (1192 bits) Capture Length: 149 bytes (1192 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns] [Coloring Rule Name: ICMP errors] [Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4] Ethernet II, Src: Dell_44:df:33 (d8:9e:f3:44:df:33), Dst: All-HSRP-routers_7b (00:00:0c:07:ac:7b) Destination: All-HSRP-routers_7b (00:00:0c:07:ac:7b) Address: All-HSRP-routers_7b (00:00:0c:07:ac:7b) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Dell_44:df:33 (d8:9e:f3:44:df:33) Address: Dell_44:df:33 (d8:9e:f3:44:df:33) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 172.16.23.28, 172.16.23.28, Dst: 172.16.37.30 172.16.37.31 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 71 135 Identification: 0xa923 (43299) 0x0916 (2326) Flags: 0x0000 Time to live: 128 Protocol: UDP (17) ICMP (1) Header checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source: 172.16.23.28 Destination: 172.16.37.30 172.16.37.31 Internet Control Message Protocol Type: 3 (Destination unreachable) Code: 3 (Port unreachable) Checksum: 0x91c1 [correct] [Checksum Status: Good] Unused: 00000000 Internet Protocol Version 4, Src: 172.16.37.31, Dst: 172.16.23.28 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 107 Identification: 0x3e30 (15920) Flags: 0x0000 Time to live: 125 Protocol: UDP (17) Header checksum: 0x6af6 [validation disabled] [Header checksum status: Unverified] Source: 172.16.37.31 Destination: 172.16.23.28 User Datagram Protocol, Src Port: 52715, 53, Dst Port: 53 55469 Source Port: 52715 53 Destination Port: 53 55469 Length: 51 87 Checksum: 0x949f 0xb7b8 [unverified] [Checksum Status: Unverified] [Stream index: 50] 37] Domain Name System (query) (response) Transaction ID: 0x5da1 0x4747 [Expert Info (Warning/Protocol): DNS response retransmission. Original response in frame 1264] [DNS response retransmission. Original response in frame 1264] [Severity level: Warning] [Group: Protocol] Flags: 0x0100 0x8180 Standard query 0... query response, No error 1... .... .... .... = Response: Message is a query response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...0 .... = Non-authenticated data: Unacceptable .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 0 1 Authority RRs: 0 Additional RRs: 0 Queries nexus.domain.tld: ssl-google-analytics.l.google.com: type A, AAAA, class IN Name: nexus.domain.tld ssl-google-analytics.l.google.com [Name Length: 25] 33] [Label Count: 4] Type: A (Host AAAA (IPv6 Address) (1) (28) Class: IN (0x0001) [Response In: 4027] Answers [Retransmitted response. Original response in: 1264]

My understanding about ICMP Code 3 - Type 3 is that it happens when you have some "timeout session" in UDP traffic. But according to the below trace, the response to the query is pretty much immediate.

Anyone can explain why this is happening and where shoud I look to fix this "error".

Thanks a lot for your explanation.

Cheers, Jean-Christophe

DNS Query answer with ICMP Code 3 - Type

Hi Gurus,

I have a very strange issue with our DNS server (Windows AD). Most of the DNS request works well, but from time to time I have the following (in Wireshark) "ICMP Destination unreachable - Port unreachable).

The request goes from a user workstation to a server through both a router and a firewall (which might be reponsible for those issues).

Below is the trace I can see from my own workstation:

[1262] @30.722130: DNS query (type A) for ssl-google-analytics.l.google.com from 172.16.23.28 (Workstation Windows 10) to 172.16.37.30 (M$ AD 2016) [1264] @128.678021: @30.723597: DNS response for ssl-google-analytics.l.google.com from 172.16.37.30 to 172.16.23.28 [1265] @128.678033: @30.723610: ICMP Destination unreachbable (Port unreachable) from 172.16.23.28 to 172.16.37.30

The ICMP paquet contains the following information:

Frame 1265: 149 bytes on wire (1192 bits), 149 bytes captured (1192 bits) on interface 0 Interface id: 0 (\Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F}) Interface name: \Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F} Encapsulation type: Ethernet (1) Arrival Time: Oct 10, 2019 14:58:33.236365000 W. Europe Daylight Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1570712313.236365000 seconds [Time delta from previous captured frame: 0.000013000 seconds] [Time delta from previous displayed frame: 0.000013000 seconds] [Time since reference or first frame: 30.723610000 seconds] Frame Number: 1265 Frame Length: 149 bytes (1192 bits) Capture Length: 149 bytes (1192 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns] [Coloring Rule Name: ICMP errors] [Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4] Ethernet II, Src: Dell_44:df:33 (d8:9e:f3:44:df:33), Dst: All-HSRP-routers_7b (00:00:0c:07:ac:7b) Destination: All-HSRP-routers_7b (00:00:0c:07:ac:7b) Address: All-HSRP-routers_7b (00:00:0c:07:ac:7b) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Dell_44:df:33 (d8:9e:f3:44:df:33) Address: Dell_44:df:33 (d8:9e:f3:44:df:33) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 172.16.23.28, Dst: 172.16.37.31 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 135 Identification: 0x0916 (2326) Flags: 0x0000 Time to live: 128 Protocol: ICMP (1) Header checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source: 172.16.23.28 Destination: 172.16.37.31 Internet Control Message Protocol Type: 3 (Destination unreachable) Code: 3 (Port unreachable) Checksum: 0x91c1 [correct] [Checksum Status: Good] Unused: 00000000 Internet Protocol Version 4, Src: 172.16.37.31, Dst: 172.16.23.28 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 107 Identification: 0x3e30 (15920) Flags: 0x0000 Time to live: 125 Protocol: UDP (17) Header checksum: 0x6af6 [validation disabled] [Header checksum status: Unverified] Source: 172.16.37.31 Destination: 172.16.23.28 User Datagram Protocol, Src Port: 53, Dst Port: 55469 Source Port: 53 Destination Port: 55469 Length: 87 Checksum: 0xb7b8 [unverified] [Checksum Status: Unverified] [Stream index: 37] Domain Name System (response) Transaction ID: 0x4747 [Expert Info (Warning/Protocol): DNS response retransmission. Original response in frame 1264] [DNS response retransmission. Original response in frame 1264] [Severity level: Warning] [Group: Protocol] Flags: 0x8180 Standard query response, No error 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...0 .... = Non-authenticated data: Unacceptable .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 1 Authority RRs: 0 Additional RRs: 0 Queries ssl-google-analytics.l.google.com: type AAAA, class IN Name: ssl-google-analytics.l.google.com [Name Length: 33] [Label Count: 4] Type: AAAA (IPv6 Address) (28) Class: IN (0x0001) Answers [Retransmitted response. Original response in: 1264]

My understanding about ICMP Code 3 - Type 3 is that it happens when you have some "timeout session" in UDP traffic. But according to the below trace, the response to the query is pretty much immediate.

Anyone can explain why this is happening and where shoud I look to fix this "error".

Thanks a lot for your explanation.

Cheers, Jean-Christophe

DNS Query answer with ICMP Code 3 - Type

Hi Gurus,

I have a very strange issue with our DNS server (Windows AD). Most of the DNS request works well, but from time to time I have the following (in Wireshark) "ICMP Destination unreachable - Port unreachable).

The request goes from a user workstation to a server through both a router and a firewall (which might be reponsible for those issues).

Below is the trace I can see from my own workstation:

[1262] @30.722130: DNS query (type A) for ssl-google-analytics.l.google.com from 172.16.23.28 (Workstation Windows 10) to 172.16.37.30 (M$ AD 2016) [1264] @30.723597: DNS response for ssl-google-analytics.l.google.com from 172.16.37.30 to 172.16.23.28 [1265] @30.723610: ICMP Destination unreachbable (Port unreachable) from 172.16.23.28 to 172.16.37.30

The ICMP paquet contains the following information:

Frame 1265: 149 bytes on wire (1192 bits), 149 bytes captured (1192 bits) on interface 0 Interface id: 0 (\Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F}) Interface name: \Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F} Encapsulation type: Ethernet (1) Arrival Time: Oct 10, 2019 14:58:33.236365000 W. Europe Daylight Time [Time shift for this packet: 0.000000000 seconds] Epoch Time: 1570712313.236365000 seconds [Time delta from previous captured frame: 0.000013000 seconds] [Time delta from previous displayed frame: 0.000013000 seconds] [Time since reference or first frame: 30.723610000 seconds] Frame Number: 1265 Frame Length: 149 bytes (1192 bits) Capture Length: 149 bytes (1192 bits) [Frame is marked: False] [Frame is ignored: False] [Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns] [Coloring Rule Name: ICMP errors] [Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4] Ethernet II, Src: Dell_44:df:33 (d8:9e:f3:44:df:33), Dst: All-HSRP-routers_7b (00:00:0c:07:ac:7b) Destination: All-HSRP-routers_7b (00:00:0c:07:ac:7b) Address: All-HSRP-routers_7b (00:00:0c:07:ac:7b) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Source: Dell_44:df:33 (d8:9e:f3:44:df:33) Address: Dell_44:df:33 (d8:9e:f3:44:df:33) .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) .... ...0 .... .... .... .... = IG bit: Individual address (unicast) Type: IPv4 (0x0800) Internet Protocol Version 4, Src: 172.16.23.28, 172.16.23.28, Dst: 172.16.37.31 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 135 Identification: 0x0916 (2326) Flags: 0x0000 Time to live: 128 Protocol: ICMP (1) Header checksum: 0x0000 [validation disabled] [Header checksum status: Unverified] Source: 172.16.23.28 Destination: 172.16.37.31 172.16.37.31 Internet Control Message Protocol Type: 3 (Destination unreachable) Code: 3 (Port unreachable) Checksum: 0x91c1 [correct] [Checksum Status: Good] Unused: 00000000 Internet Protocol Version 4, Src: 172.16.37.31, Dst: 172.16.23.28 0100 .... = Version: 4 .... 0101 = Header Length: 20 bytes (5) Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) Total Length: 107 Identification: 0x3e30 (15920) Flags: 0x0000 Time to live: 125 Protocol: UDP (17) Header checksum: 0x6af6 [validation disabled] [Header checksum status: Unverified] Source: 172.16.37.31 Destination: 172.16.23.28 User Datagram Protocol, Src Port: 53, Dst Port: 55469 Source Port: 53 Destination Port: 55469 Length: 87 Checksum: 0xb7b8 [unverified] [Checksum Status: Unverified] [Stream index: 37] Domain Name System (response) Transaction ID: 0x4747 [Expert Info (Warning/Protocol): DNS response retransmission. Original response in frame 1264] [DNS response retransmission. Original response in frame 1264] [Severity level: Warning] [Group: Protocol] Flags: 0x8180 Standard query response, No error 1... .... .... .... = Response: Message is a response .000 0... .... .... = Opcode: Standard query (0) .... .0.. .... .... = Authoritative: Server is not an authority for domain .... ..0. .... .... = Truncated: Message is not truncated .... ...1 .... .... = Recursion desired: Do query recursively .... .... 1... .... = Recursion available: Server can do recursive queries .... .... .0.. .... = Z: reserved (0) .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server .... .... ...0 .... = Non-authenticated data: Unacceptable .... .... .... 0000 = Reply code: No error (0) Questions: 1 Answer RRs: 1 Authority RRs: 0 Additional RRs: 0 Queries ssl-google-analytics.l.google.com: ssl-google-analytics.l.google.com: type AAAA, class IN Name: ssl-google-analytics.l.google.com [Name Length: 33] [Label Count: 4] Type: AAAA (IPv6 Address) (28) Class: IN (0x0001) Answers [Retransmitted response. Original response in: 1264]

My understanding about ICMP Code 3 - Type 3 is that it happens when you have some "timeout session" in UDP traffic. But according to the below trace, the response to the query is pretty much immediate.

Anyone can explain why this is happening and where shoud I look to fix this "error".

Thanks a lot for your explanation.

Cheers, Jean-Christophe

DNS Query answer with ICMP Code 3 - Type

Hi Gurus,

I have a very strange issue with our DNS server (Windows AD). Most of the DNS request works well, but from time to time I have the following (in Wireshark) "ICMP Destination unreachable - Port unreachable).

The request goes from a user workstation to a server through both a router and a firewall (which might be reponsible for those issues).

Below is the trace I can see from my own workstation:

[1262] @30.722130: DNS query (type A) for ssl-google-analytics.l.google.com from 172.16.23.28 (Workstation Windows 10) to 172.16.37.30 (M$ AD 2016) [1264] @30.723597: DNS response for ssl-google-analytics.l.google.com from 172.16.37.30 to 172.16.23.28 [1265] @30.723610: ICMP Destination unreachbable (Port unreachable) from 172.16.23.28 to 172.16.37.30

The ICMP paquet contains the following information:

Frame 1265: 149 bytes on wire (1192 bits), 149 bytes captured (1192 bits) on interface 0 0

Interface id: 0 (\Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F})
     Interface name: \Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F}
 Encapsulation type: Ethernet (1)
 Arrival Time: Oct 10, 2019 14:58:33.236365000 W. Europe Daylight Time
 [Time shift for this packet: 0.000000000 seconds]
 Epoch Time: 1570712313.236365000 seconds
 [Time delta from previous captured frame: 0.000013000 seconds]
 [Time delta from previous displayed frame: 0.000013000 seconds]
 [Time since reference or first frame: 30.723610000 seconds]
 Frame Number: 1265
 Frame Length: 149 bytes (1192 bits)
 Capture Length: 149 bytes (1192 bits)
 [Frame is marked: False]
 [Frame is ignored: False]
 [Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns]
 [Coloring Rule Name: ICMP errors]
 [Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4]

Ethernet II, Src: Dell_44:df:33 (d8:9e:f3:44:df:33), Dst: All-HSRP-routers_7b (00:00:0c:07:ac:7b) (00:00:0c:07:ac:7b)

Destination: All-HSRP-routers_7b (00:00:0c:07:ac:7b)
     Address: All-HSRP-routers_7b (00:00:0c:07:ac:7b)
     .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
     .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
 Source: Dell_44:df:33 (d8:9e:f3:44:df:33)
     Address: Dell_44:df:33 (d8:9e:f3:44:df:33)
     .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
     .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
 Type: IPv4 (0x0800)

Internet Protocol Version 4, Src: 172.16.23.28, Dst: 172.16.37.31 172.16.37.31

0100 .... = Version: 4
 .... 0101 = Header Length: 20 bytes (5)
 Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
 Total Length: 135
 Identification: 0x0916 (2326)
 Flags: 0x0000
 Time to live: 128
 Protocol: ICMP (1)
 Header checksum: 0x0000 [validation disabled]
 [Header checksum status: Unverified]
 Source: 172.16.23.28
 Destination: 172.16.37.31

Internet Control Message Protocol Protocol

Type: 3 (Destination unreachable)
 Code: 3 (Port unreachable)
 Checksum: 0x91c1 [correct]
 [Checksum Status: Good]
 Unused: 00000000
 Internet Protocol Version 4, Src: 172.16.37.31, Dst: 172.16.23.28
     0100 .... = Version: 4
     .... 0101 = Header Length: 20 bytes (5)
     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
     Total Length: 107
     Identification: 0x3e30 (15920)
     Flags: 0x0000
     Time to live: 125
     Protocol: UDP (17)
     Header checksum: 0x6af6 [validation disabled]
     [Header checksum status: Unverified]
     Source: 172.16.37.31
     Destination: 172.16.23.28
 User Datagram Protocol, Src Port: 53, Dst Port: 55469
     Source Port: 53
     Destination Port: 55469
     Length: 87
     Checksum: 0xb7b8 [unverified]
     [Checksum Status: Unverified]
     [Stream index: 37]
 Domain Name System (response)
     Transaction ID: 0x4747
         [Expert Info (Warning/Protocol): DNS response retransmission. Original response in frame 1264]
             [DNS response retransmission. Original response in frame 1264]
             [Severity level: Warning]
             [Group: Protocol]
     Flags: 0x8180 Standard query response, No error
         1... .... .... .... = Response: Message is a response
         .000 0... .... .... = Opcode: Standard query (0)
         .... .0.. .... .... = Authoritative: Server is not an authority for domain
         .... ..0. .... .... = Truncated: Message is not truncated
         .... ...1 .... .... = Recursion desired: Do query recursively
         .... .... 1... .... = Recursion available: Server can do recursive queries
         .... .... .0.. .... = Z: reserved (0)
         .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
         .... .... ...0 .... = Non-authenticated data: Unacceptable
         .... .... .... 0000 = Reply code: No error (0)
     Questions: 1
     Answer RRs: 1
     Authority RRs: 0
     Additional RRs: 0
     Queries
         ssl-google-analytics.l.google.com: type AAAA, class IN
             Name: ssl-google-analytics.l.google.com
             [Name Length: 33]
             [Label Count: 4]
             Type: AAAA (IPv6 Address) (28)
             Class: IN (0x0001)
     Answers
     [Retransmitted response. Original response in: 1264]
1264]

My understanding about ICMP Code 3 - Type 3 is that it happens when you have some "timeout session" in UDP traffic. But according to the below trace, the response to the query is pretty much immediate.

Anyone can explain why this is happening and where shoud I look to fix this "error".

Thanks a lot for your explanation.

Cheers, Jean-Christophe

DNS Query answer with ICMP Code 3 - Type

Hi Gurus,

I have a very strange issue with our DNS server (Windows AD). Most of the DNS request works well, but from time to time I have the following (in Wireshark) "ICMP Destination unreachable - Port unreachable).

The request goes from a user workstation to a server through both a router and a firewall (which might be reponsible for those issues).

Below is the trace I can see from my own workstation:

[1262] @30.722130: DNS query (type A) for ssl-google-analytics.l.google.com from 172.16.23.28 (Workstation Windows 10) to 172.16.37.30 (M$ AD 2016) [1264] @30.723597: DNS response for ssl-google-analytics.l.google.com from 172.16.37.30 to 172.16.23.28 [1265] @30.723610: ICMP Destination unreachbable (Port unreachable) from 172.16.23.28 to 172.16.37.30

The ICMP paquet contains the following information:

Frame 1265: 149 bytes on wire (1192 bits), 149 bytes captured (1192 bits) on interface 0

Interface id: 0 (\Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F})
    Interface name: \Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F}
Encapsulation type: Ethernet (1)
Arrival Time: Oct 10, 2019 14:58:33.236365000 W. Europe Daylight Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1570712313.236365000 seconds
[Time delta from previous captured frame: 0.000013000 seconds]
[Time delta from previous displayed frame: 0.000013000 seconds]
[Time since reference or first frame: 30.723610000 seconds]
Frame Number: 1265
Frame Length: 149 bytes (1192 bits)
Capture Length: 149 bytes (1192 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns]
[Coloring Rule Name: ICMP errors]
[Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4]

Ethernet II, Src: Dell_44:df:33 (d8:9e:f3:44:df:33), Dst: All-HSRP-routers_7b (00:00:0c:07:ac:7b)

Destination: All-HSRP-routers_7b (00:00:0c:07:ac:7b)
    Address: All-HSRP-routers_7b (00:00:0c:07:ac:7b)
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Dell_44:df:33 (d8:9e:f3:44:df:33)
    Address: Dell_44:df:33 (d8:9e:f3:44:df:33)
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)

Internet Protocol Version 4, Src: 172.16.23.28, Dst: 172.16.37.31

0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    0000 00.. = Differentiated Services Codepoint: Default (0)
    .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 135
Identification: 0x0916 (2326)
Flags: 0x0000
    0... .... .... .... = Reserved bit: Not set
    .0.. .... .... .... = Don't fragment: Not set
    ..0. .... .... .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment offset: 0
Time to live: 128
Protocol: ICMP (1)
Header checksum: 0x0000 [validation disabled]
[Header checksum status: Unverified]
Source: 172.16.23.28
Destination: 172.16.37.31

Internet Control Message Protocol

Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0x91c1 [correct]
[Checksum Status: Good]
Unused: 00000000
Internet Protocol Version 4, Src: 172.16.37.31, Dst: 172.16.23.28
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 107
    Identification: 0x3e30 (15920)
    Flags: 0x0000
        0... .... .... .... = Reserved bit: Not set
        .0.. .... .... .... = Don't fragment: Not set
        ..0. .... .... .... = More fragments: Not set
        ...0 0000 0000 0000 = Fragment offset: 0
    Time to live: 125
    Protocol: UDP (17)
    Header checksum: 0x6af6 [validation disabled]
    [Header checksum status: Unverified]
    Source: 172.16.37.31
    Destination: 172.16.23.28
User Datagram Protocol, Src Port: 53, Dst Port: 55469
    Source Port: 53
    Destination Port: 55469
    Length: 87
    Checksum: 0xb7b8 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 37]
Domain Name System (response)
    Transaction ID: 0x4747
        [Expert Info (Warning/Protocol): DNS response retransmission. Original response in frame 1264]
            [DNS response retransmission. Original response in frame 1264]
            [Severity level: Warning]
            [Group: Protocol]
    Flags: 0x8180 Standard query response, No error
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 1... .... = Recursion available: Server can do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 1
    Answer RRs: 1
    Authority RRs: 0
    Additional RRs: 0
    Queries
        ssl-google-analytics.l.google.com: type AAAA, class IN
            Name: ssl-google-analytics.l.google.com
            [Name Length: 33]
            [Label Count: 4]
            Type: AAAA (IPv6 Address) (28)
            Class: IN (0x0001)
    Answers
        ssl-google-analytics.l.google.com: type AAAA, class IN, addr 2a00:1450:400a:800::2008
            Name: ssl-google-analytics.l.google.com
            Type: AAAA (IPv6 Address) (28)
            Class: IN (0x0001)
            Time to live: 300
            Data length: 16
            AAAA Address: 2a00:1450:400a:800::2008
    [Retransmitted response. Original response in: 1264]

My understanding about ICMP Code 3 - Type 3 is that it happens when you have some "timeout session" in UDP traffic. But according to the below trace, the response to the query is pretty much immediate.

Anyone can explain why this is happening and where shoud I look to fix this "error".

Thanks a lot for your explanation.

Cheers, Jean-Christophe

DNS Query answer with ICMP Code 3 - Type

Hi Gurus,

I have a very strange issue with our DNS server (Windows AD). Most of the DNS request works well, but from time to time I have the following (in Wireshark) "ICMP Destination unreachable - Port unreachable).

The request goes from a user workstation to a server through both a router and a firewall (which might be reponsible for those issues).

Below is the trace I can see from my own workstation:

[1262] @30.722130: DNS query (type A) for ssl-google-analytics.l.google.com from 172.16.23.28 (Workstation Windows 10) to 172.16.37.30 (M$ AD 2016) 2016)

[1264] @30.723597: DNS response for ssl-google-analytics.l.google.com from 172.16.37.30 to 172.16.23.28 172.16.23.28

[1265] @30.723610: ICMP Destination unreachbable (Port unreachable) from 172.16.23.28 to 172.16.37.30

The ICMP paquet contains the following information:

Frame 1265: 149 bytes on wire (1192 bits), 149 bytes captured (1192 bits) on interface 0

Interface id: 0 (\Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F})
    Interface name: \Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F}
Encapsulation type: Ethernet (1)
Arrival Time: Oct 10, 2019 14:58:33.236365000 W. Europe Daylight Time
[Time shift for this packet: 0.000000000 seconds]
Epoch Time: 1570712313.236365000 seconds
[Time delta from previous captured frame: 0.000013000 seconds]
[Time delta from previous displayed frame: 0.000013000 seconds]
[Time since reference or first frame: 30.723610000 seconds]
Frame Number: 1265
Frame Length: 149 bytes (1192 bits)
Capture Length: 149 bytes (1192 bits)
[Frame is marked: False]
[Frame is ignored: False]
[Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns]
[Coloring Rule Name: ICMP errors]
[Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4]

Ethernet II, Src: Dell_44:df:33 (d8:9e:f3:44:df:33), Dst: All-HSRP-routers_7b (00:00:0c:07:ac:7b)

Destination: All-HSRP-routers_7b (00:00:0c:07:ac:7b)
    Address: All-HSRP-routers_7b (00:00:0c:07:ac:7b)
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Source: Dell_44:df:33 (d8:9e:f3:44:df:33)
    Address: Dell_44:df:33 (d8:9e:f3:44:df:33)
    .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
    .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
Type: IPv4 (0x0800)

Internet Protocol Version 4, Src: 172.16.23.28, Dst: 172.16.37.31

0100 .... = Version: 4
.... 0101 = Header Length: 20 bytes (5)
Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    0000 00.. = Differentiated Services Codepoint: Default (0)
    .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
Total Length: 135
Identification: 0x0916 (2326)
Flags: 0x0000
    0... .... .... .... = Reserved bit: Not set
    .0.. .... .... .... = Don't fragment: Not set
    ..0. .... .... .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment offset: 0
Time to live: 128
Protocol: ICMP (1)
Header checksum: 0x0000 [validation disabled]
[Header checksum status: Unverified]
Source: 172.16.23.28
Destination: 172.16.37.31

Internet Control Message Protocol

Type: 3 (Destination unreachable)
Code: 3 (Port unreachable)
Checksum: 0x91c1 [correct]
[Checksum Status: Good]
Unused: 00000000
Internet Protocol Version 4, Src: 172.16.37.31, Dst: 172.16.23.28
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 107
    Identification: 0x3e30 (15920)
    Flags: 0x0000
        0... .... .... .... = Reserved bit: Not set
        .0.. .... .... .... = Don't fragment: Not set
        ..0. .... .... .... = More fragments: Not set
        ...0 0000 0000 0000 = Fragment offset: 0
    Time to live: 125
    Protocol: UDP (17)
    Header checksum: 0x6af6 [validation disabled]
    [Header checksum status: Unverified]
    Source: 172.16.37.31
    Destination: 172.16.23.28
User Datagram Protocol, Src Port: 53, Dst Port: 55469
    Source Port: 53
    Destination Port: 55469
    Length: 87
    Checksum: 0xb7b8 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 37]
Domain Name System (response)
    Transaction ID: 0x4747
        [Expert Info (Warning/Protocol): DNS response retransmission. Original response in frame 1264]
            [DNS response retransmission. Original response in frame 1264]
            [Severity level: Warning]
            [Group: Protocol]
    Flags: 0x8180 Standard query response, No error
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 1... .... = Recursion available: Server can do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 1
    Answer RRs: 1
    Authority RRs: 0
    Additional RRs: 0
    Queries
        ssl-google-analytics.l.google.com: type AAAA, class IN
            Name: ssl-google-analytics.l.google.com
            [Name Length: 33]
            [Label Count: 4]
            Type: AAAA (IPv6 Address) (28)
            Class: IN (0x0001)
    Answers
        ssl-google-analytics.l.google.com: type AAAA, class IN, addr 2a00:1450:400a:800::2008
            Name: ssl-google-analytics.l.google.com
            Type: AAAA (IPv6 Address) (28)
            Class: IN (0x0001)
            Time to live: 300
            Data length: 16
            AAAA Address: 2a00:1450:400a:800::2008
    [Retransmitted response. Original response in: 1264]

My understanding about ICMP Code 3 - Type 3 is that it happens when you have some "timeout session" in UDP traffic. But according to the below trace, the response to the query is pretty much immediate.

Anyone can explain why this is happening and where shoud I look to fix this "error".

Thanks a lot for your explanation.

Cheers, Jean-Christophe

click to hide/show revision 8
None

updated 2019-10-10 13:41:04 +0000

grahamb gravatar image

DNS Query answer with ICMP Code 3 - Type

Hi Gurus,

I have a very strange issue with our DNS server (Windows AD). Most of the DNS request works well, but from time to time I have the following (in Wireshark) "ICMP Destination unreachable - Port unreachable).

The request goes from a user workstation to a server through both a router and a firewall (which might be reponsible responsible for those issues).

Below is the trace I can see from my own workstation:

[1262] @30.722130: DNS query (type A) for ssl-google-analytics.l.google.com from 172.16.23.28 (Workstation Windows 10) to 172.16.37.30 (M$ AD 2016)
 
2016)

[1264] @30.723597: DNS response for ssl-google-analytics.l.google.com from 172.16.37.30 to 172.16.23.28
 
172.16.23.28

[1265] @30.723610: ICMP Destination unreachbable (Port unreachable) from 172.16.23.28 to 172.16.37.30
172.16.37.30

The ICMP paquet packet contains the following information:

Frame 1265: 149 bytes on wire (1192 bits), 149 bytes captured (1192 bits) on interface 0
 
0

    Interface id: 0 (\Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F})
     Interface name: \Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F}
 Encapsulation type: Ethernet (1)
 Arrival Time: Oct 10, 2019 14:58:33.236365000 W. Europe Daylight Time
 [Time shift for this packet: 0.000000000 seconds]
 Epoch Time: 1570712313.236365000 seconds
 [Time delta from previous captured frame: 0.000013000 seconds]
 [Time delta from previous displayed frame: 0.000013000 seconds]
 [Time since reference or first frame: 30.723610000 seconds]
 Frame Number: 1265
 Frame Length: 149 bytes (1192 bits)
 Capture Length: 149 bytes (1192 bits)
 [Frame is marked: False]
 [Frame is ignored: False]
 [Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns]
 [Coloring Rule Name: ICMP errors]
 [Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4]

 
Ethernet II, Src: Dell_44:df:33 (d8:9e:f3:44:df:33), Dst: All-HSRP-routers_7b (00:00:0c:07:ac:7b)
 
(00:00:0c:07:ac:7b)

    Destination: All-HSRP-routers_7b (00:00:0c:07:ac:7b)
     Address: All-HSRP-routers_7b (00:00:0c:07:ac:7b)
     .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
     .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
 Source: Dell_44:df:33 (d8:9e:f3:44:df:33)
     Address: Dell_44:df:33 (d8:9e:f3:44:df:33)
     .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
     .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
 Type: IPv4 (0x0800)

 
Internet Protocol Version 4, Src: 172.16.23.28, Dst: 172.16.37.31
 
172.16.37.31

    0100 .... = Version: 4
 .... 0101 = Header Length: 20 bytes (5)
 Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
     0000 00.. = Differentiated Services Codepoint: Default (0)
     .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
 Total Length: 135
 Identification: 0x0916 (2326)
 Flags: 0x0000
     0... .... .... .... = Reserved bit: Not set
     .0.. .... .... .... = Don't fragment: Not set
     ..0. .... .... .... = More fragments: Not set
     ...0 0000 0000 0000 = Fragment offset: 0
 Time to live: 128
 Protocol: ICMP (1)
 Header checksum: 0x0000 [validation disabled]
 [Header checksum status: Unverified]
 Source: 172.16.23.28
 Destination: 172.16.37.31

 
Internet Control Message Protocol
 
Protocol

    Type: 3 (Destination unreachable)
 Code: 3 (Port unreachable)
 Checksum: 0x91c1 [correct]
 [Checksum Status: Good]
 Unused: 00000000
 Internet Protocol Version 4, Src: 172.16.37.31, Dst: 172.16.23.28
     0100 .... = Version: 4
     .... 0101 = Header Length: 20 bytes (5)
     Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
         0000 00.. = Differentiated Services Codepoint: Default (0)
         .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
     Total Length: 107
     Identification: 0x3e30 (15920)
     Flags: 0x0000
         0... .... .... .... = Reserved bit: Not set
         .0.. .... .... .... = Don't fragment: Not set
         ..0. .... .... .... = More fragments: Not set
         ...0 0000 0000 0000 = Fragment offset: 0
     Time to live: 125
     Protocol: UDP (17)
     Header checksum: 0x6af6 [validation disabled]
     [Header checksum status: Unverified]
     Source: 172.16.37.31
     Destination: 172.16.23.28
 User Datagram Protocol, Src Port: 53, Dst Port: 55469
     Source Port: 53
     Destination Port: 55469
     Length: 87
     Checksum: 0xb7b8 [unverified]
     [Checksum Status: Unverified]
     [Stream index: 37]
 Domain Name System (response)
     Transaction ID: 0x4747
         [Expert Info (Warning/Protocol): DNS response retransmission. Original response in frame 1264]
             [DNS response retransmission. Original response in frame 1264]
             [Severity level: Warning]
             [Group: Protocol]
     Flags: 0x8180 Standard query response, No error
         1... .... .... .... = Response: Message is a response
         .000 0... .... .... = Opcode: Standard query (0)
         .... .0.. .... .... = Authoritative: Server is not an authority for domain
         .... ..0. .... .... = Truncated: Message is not truncated
         .... ...1 .... .... = Recursion desired: Do query recursively
         .... .... 1... .... = Recursion available: Server can do recursive queries
         .... .... .0.. .... = Z: reserved (0)
         .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
         .... .... ...0 .... = Non-authenticated data: Unacceptable
         .... .... .... 0000 = Reply code: No error (0)
     Questions: 1
     Answer RRs: 1
     Authority RRs: 0
     Additional RRs: 0
     Queries
         ssl-google-analytics.l.google.com: type AAAA, class IN
             Name: ssl-google-analytics.l.google.com
             [Name Length: 33]
             [Label Count: 4]
             Type: AAAA (IPv6 Address) (28)
             Class: IN (0x0001)
     Answers
         ssl-google-analytics.l.google.com: type AAAA, class IN, addr 2a00:1450:400a:800::2008
             Name: ssl-google-analytics.l.google.com
             Type: AAAA (IPv6 Address) (28)
             Class: IN (0x0001)
             Time to live: 300
             Data length: 16
             AAAA Address: 2a00:1450:400a:800::2008
     [Retransmitted response. Original response in: 1264]

 
My understanding about ICMP Code 3 - Type 3 is that it happens when you have some "timeout session" in UDP traffic. But according to the below trace, the response to the query is pretty much immediate.
 
Anyone can explain why this is happening and where shoud I look to fix this "error".
 
Thanks a lot for your explanation.
 
Cheers,
Jean-Christophe
Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2