Netbios-NS packet capture

I am using Wireshark to capture network traffic from an Windows XP workstation that makes an HTTPS conection to a remote host.   In the packet capture I can see Netbios name query broadcasts to the remote host.  I was hoping the packet capture would also show me what name the query was being performed against but the packet just shows zeros.   Is there a way for me to determine what name was queried?

Capture.PNG
LVL 1
AManouxAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

SommerblinkCommented:
Well.

The fact that you see NetBIOS queries going from the client to the server is telling me that you have a DNS problem.

In the real-world (eg: going to www.google.com, etc), you do not rely on NetBIOS for any name resolution.

Typically, when Windows (especially any version of windows which is still actively supported by Microsoft) resorts to NetBIOS for name resolution... it means that your client has no other way to resolve the name. (Please see http://www.microsoft.com/downloads/en/details.aspx?FamilyID=c76296fd-61c9-4079-a0bb-582bca4a846f, chapter 7)

So, besides the fact that you are seeing a NetBIOS packet while attempting to go to a website, what else is wrong?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
AManouxAuthor Commented:
Thanks Sommerblink.
I agree, I have a feeling there is a DNS issue going on but I don't know where to start troubleshooting without knowing what host name the XP machine is having trouble with.  If I can't find out the host name via the Netbios request, how else can I determine it?
Everything is functioning with the HTTPS request to the website and the website page being accessed.  It just hangs for 3-5 seconds while the Netbios name lookup occurs and then times out.  
0
AManouxAuthor Commented:
Attaching more of the Wireshark capture for added information
Capture2.PNG
0
Cloud Class® Course: SQL Server Core 2016

This course will introduce you to SQL Server Core 2016, as well as teach you about SSMS, data tools, installation, server configuration, using Management Studio, and writing and executing queries.

SommerblinkCommented:
Sorry for the delay.

Anyway, you can try to simply disable NetBIOS on that network card / network connection (if its VPN or whatnot).

Simply go to the network card / network connection, go to properties, IPv4 properties, then go to the advanced button.

On the WINS tab, place a radio dot next to Disable NetBIOS over TCP/IP.

Let see if this makes your queries go away without breaking anything else.

If it does, then at least you've got some new information.
0
AManouxAuthor Commented:
Thanks for getting back to me.  Sine my last post I belive I've discovered the cause of the issue.
Client SSL implementations often try to reverse DNS lookup the IP of the connection to try and validate the DN of the certificate presented during the SSL handshake.  Because there was no PTR DNS record for the hostname my client dropped back to using Netbios broadcasts. The lack of the PTR record didn't stop the SSL connection from occuring, it just slowed it down at the beginning while it tried to resolve the certificate host name.  
0
AManouxAuthor Commented:
Solved my own issue
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Network Analysis

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.