AManoux
asked on
Netbios-NS packet capture
I am using Wireshark to capture network traffic from an Windows XP workstation that makes an HTTPS conection to a remote host. In the packet capture I can see Netbios name query broadcasts to the remote host. I was hoping the packet capture would also show me what name the query was being performed against but the packet just shows zeros. Is there a way for me to determine what name was queried?
Capture.PNG
Capture.PNG
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Attaching more of the Wireshark capture for added information
Capture2.PNG
Capture2.PNG
Sorry for the delay.
Anyway, you can try to simply disable NetBIOS on that network card / network connection (if its VPN or whatnot).
Simply go to the network card / network connection, go to properties, IPv4 properties, then go to the advanced button.
On the WINS tab, place a radio dot next to Disable NetBIOS over TCP/IP.
Let see if this makes your queries go away without breaking anything else.
If it does, then at least you've got some new information.
Anyway, you can try to simply disable NetBIOS on that network card / network connection (if its VPN or whatnot).
Simply go to the network card / network connection, go to properties, IPv4 properties, then go to the advanced button.
On the WINS tab, place a radio dot next to Disable NetBIOS over TCP/IP.
Let see if this makes your queries go away without breaking anything else.
If it does, then at least you've got some new information.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Solved my own issue
ASKER
I agree, I have a feeling there is a DNS issue going on but I don't know where to start troubleshooting without knowing what host name the XP machine is having trouble with. If I can't find out the host name via the Netbios request, how else can I determine it?
Everything is functioning with the HTTPS request to the website and the website page being accessed. It just hangs for 3-5 seconds while the Netbios name lookup occurs and then times out.