Network Monitor Parses DNS WINS Lookup Queries as DNS Packets

View products that this article applies to.

This article was previously published under Q160828

Expand all | Collapse all

SYMPTOMS

If you use Network Monitor to capture a trace of the Microsoft Domain Name Service (DNS) server doing a WINS lookup and display the capture, the Protocol column will say DNS even when the packet being sent to the WINS server is a NetBT packet destined for port 137.

Back to the top

CAUSE

Network Monitor parses DNS WINS Lookup packets as if they were DNS protocol packets. These are actually NetBT packets and should be parsed as such.

Back to the top

STATUS

Microsoft has confirmed this to be a problem in Windows NT Server version 4.0. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.

Back to the top

MORE INFORMATION

The capture will display the WINS Lookup name query as:

   + UDP: Src Port: DNS, (53); Dst Port: NETBIOS Name Service (137); Length
   = 58 (0x3A)
   + DNS: 0x8002:Std Qry for EKEFFCEJEDEPDECACACACACACACACAAA. of type
   Unknown Type

You would expect to see the following:

   + UDP: Src Port: DNS, (53); Dst Port: NETBIOS Name Service (137); Length
   = 58 (0x3A)
   + NBT: NS: Query req. for COMPUTER1

Back to the top

APPLIES TO

Microsoft Windows NT Workstation 4.0 Developer Edition
Microsoft Windows NT Server 4.0 Standard Edition

Back to the top

kbnetwork KB160828

Back to the top

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Article Translations

Get Help Now

Contact a support professional by E-mail, Online, or Phone

Microsoft Support

Network Monitor Parses DNS WINS Lookup Queries as DNS Packets

SYMPTOMS

CAUSE

STATUS

MORE INFORMATION

APPLIES TO

Keywords:

Provide feedback on this information

Get Help Now

Article Translations

Page Tools

Get Help Now