Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

DNS call messing up Dial On Demand

Status
Not open for further replies.
key134

key134

Technical User
Oct 15, 2001
17
US
I have no idea what is doing this but, I have dial on demand setup through Winroute pro and i am using isdn. I look at the logs and the thing that makes it dial is a UDP packet from the winroute computer going to port 53 to some ip that i have never heard of. i did a reverse dns and i dont remember finding anything. How can i find out what program is doing this? i remember there was some command in dos that showed all the network connections...

Keith
 
Sort by date Sort by votes
The packet is coming from the winroute computer or another one behind it?

Would you be able to post the logfile from winroute, this would probably be more helpful.

The command that shows all active network connections is "netstat".


I know on my dial on demand server, the problem stems from some employees leaving outlook on when they are gone for the night.

Troy Williams B.Eng.
fenris@hotmail.com

 
Upvote 0 Downvote
actually, now that i look at the log, i see that there are more than just that problem... but anyway, here's the dns call:

[15/Oct/2001 16:43:44] UDP packet 10.0.0.9:53 -> 192.16.202.11:53 initiated dialing

just to let you know 10.0.0.9 is my private ip for my winroute computer.

there's another problem too that i just noticed:

[15/Oct/2001 16:27:05] TCP packet 10.0.0.104:4073 -> 64.17.191.27:8245 initiated dialing

10.0.0.104 is just a computer that gets dynamically assigned... i dont recognize that port though.

i hope this helps you help me a little more

 
Upvote 0 Downvote
192.16.202.11 = ns.eu.net may well be in the Netherlands
64.17.191.27 fails for me in Dallas Texas

Port 53 is DNS so someone may be using a DNS server you did not plan

Neither 4073 or 8245 were on a list I knew of well known port numbers The one thing you can't give for your heart's desire is your heart. - Lois McMaster Bujold
 
Upvote 0 Downvote
[15/Oct/2001 16:43:44] UDP packet 10.0.0.9:53 -> 192.16.202.11:53 initiated dialing

[15/Oct/2001 16:27:05] TCP packet 10.0.0.104:4073 -> 64.17.191.27:8245 initiated dialing


Check the computer at 10.0.0.9 to make sure that it's tcp/ip information is setup correctly. Also try running netstat on that PC and see what it turns up. If it is in fact making a DNS call, then a program is trying to access the internet using and the name needs to be resolved. That is about the only thing that I can think off. Also you might want to install zone alarm on this computer and see what is trying to get out to the internet.

On the second computer that is trying to access the odd ports, that is probably a program that doesn't require a standard port so it uses those. Zone alarm might help figure out what is going on, or good ol' netstat. Troy Williams B.Eng.
fenris@hotmail.com
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

CryptoTuke
  • Locked
  • Question
Maximum buffer size on Winsock for sending one block of data over TCP / IP
Replies
1
Views
451
maybeimaleo
maybeimaleo
Wajdi Zghal
  • Locked
  • Question
sip call aborted
Replies
0
Views
287
Wajdi Zghal
Wajdi Zghal
jmarkus
  • Locked
  • Question
Can I have a different private IP address which isn't on my router's subnet?
Replies
6
Views
370
sbcsu
sbcsu
Muhaisen
  • Locked
  • Question
dialog 5446 firmware
Replies
0
Views
267
Muhaisen
Muhaisen
dbridges1975
  • Locked
  • Question
Advice on MIB Tool
Replies
0
Views
74
dbridges1975
dbridges1975

Part and Inventory Search

Sponsor

Back
Top