Article ID: 160828
Article Last Modified on 11/1/2006
APPLIES TO
- Microsoft Windows NT Workstation 4.0 Developer Edition
- Microsoft Windows NT Server 4.0 Standard Edition
This article was previously published under Q160828
SYMPTOMS
If you use Network Monitor to capture a trace of the Microsoft Domain Name Service (DNS) server doing a WINS lookup and display the capture, the Protocol column will say DNS even when the packet being sent to the WINS server is a NetBT packet destined for port 137.
CAUSE
Network Monitor parses DNS WINS Lookup packets as if they were DNS protocol packets. These are actually NetBT packets and should be parsed as such.
STATUS
Microsoft has confirmed this to be a problem in Windows NT Server version 4.0. We are researching this problem and will post new information here in the Microsoft Knowledge Base as it becomes available.
MORE INFORMATION
The capture will display the WINS Lookup name query as:
+ UDP: Src Port: DNS, (53); Dst Port: NETBIOS Name Service (137); Length = 58 (0x3A) + DNS: 0x8002:Std Qry for EKEFFCEJEDEPDECACACACACACACACAAA. of type Unknown Type
You would expect to see the following:
+ UDP: Src Port: DNS, (53); Dst Port: NETBIOS Name Service (137); Length = 58 (0x3A) + NBT: NS: Query req. for COMPUTER1
Additional query words: netmon
Keywords: kbnetwork KB160828