J.-Christophe's profile - activity

Hi Gurus,

I have a very strange issue with our DNS server (Windows AD). Most of the DNS request works well, but from time to time I have the following (in Wireshark) "ICMP Destination unreachable - Port unreachable).

The request goes from a user workstation to a server through both a router and a firewall (which might be responsible for those issues).

Below is the trace I can see from my own workstation:

[1262] @30.722130: DNS query (type A) for ssl-google-analytics.l.google.com from 172.16.23.28 (Workstation Windows 10) to 172.16.37.30 (M$ AD 2016)

[1264] @30.723597: DNS response for ssl-google-analytics.l.google.com from 172.16.37.30 to 172.16.23.28

[1265] @30.723610: ICMP Destination unreachbable (Port unreachable) from 172.16.23.28 to 172.16.37.30

The ICMP packet contains the following information:

Frame 1265: 149 bytes on wire (1192 bits), 149 bytes captured (1192 bits) on interface 0

    Interface id: 0 (\Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F})
        Interface name: \Device\NPF_{8D19E716-28D7-489E-9AFF-F96C2D1FD70F}
    Encapsulation type: Ethernet (1)
    Arrival Time: Oct 10, 2019 14:58:33.236365000 W. Europe Daylight Time
    [Time shift for this packet: 0.000000000 seconds]
    Epoch Time: 1570712313.236365000 seconds
    [Time delta from previous captured frame: 0.000013000 seconds]
    [Time delta from previous displayed frame: 0.000013000 seconds]
    [Time since reference or first frame: 30.723610000 seconds]
    Frame Number: 1265
    Frame Length: 149 bytes (1192 bits)
    Capture Length: 149 bytes (1192 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:icmp:ip:udp:dns]
    [Coloring Rule Name: ICMP errors]
    [Coloring Rule String: icmp.type eq 3 || icmp.type eq 4 || icmp.type eq 5 || icmp.type eq 11 || icmpv6.type eq 1 || icmpv6.type eq 2 || icmpv6.type eq 3 || icmpv6.type eq 4]
Ethernet II, Src: Dell_44:df:33 (d8:9e:f3:44:df:33), Dst: All-HSRP-routers_7b (00:00:0c:07:ac:7b)

    Destination: All-HSRP-routers_7b (00:00:0c:07:ac:7b)
        Address: All-HSRP-routers_7b (00:00:0c:07:ac:7b)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: Dell_44:df:33 (d8:9e:f3:44:df:33)
        Address: Dell_44:df:33 (d8:9e:f3:44:df:33)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
Internet Protocol Version 4, Src: 172.16.23.28, Dst: 172.16.37.31

    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 135
    Identification: 0x0916 (2326)
    Flags: 0x0000
        0... .... .... .... = Reserved bit: Not set
        .0.. .... .... .... = Don't fragment: Not set
        ..0. .... .... .... = More fragments: Not set
        ...0 0000 0000 0000 = Fragment offset: 0
    Time to live: 128
    Protocol: ICMP (1)
    Header checksum: 0x0000 [validation disabled]
    [Header checksum status: Unverified]
    Source: 172.16.23.28
    Destination: 172.16.37.31
Internet Control Message Protocol

    Type: 3 (Destination unreachable ...