This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Newby question, perhaps this is the wrong forum for this...

We are a Dell shop. I am unable to download drivers from Dell's support site. The download starts, I get about 300k of data, and then the time remaining just increments until I get a network error.

I've tried it with IE, Firefox, and Chrome. All do the same thing. I've tried it on different PC's within our network, same thing. I've checked with Dell, works fine on their end. I've looked at my firewall configuration and logs (Watchguard), nothing posted except the "allow" when I connect to Dell. I ran Wireshark during a test download and filtered out everything but packets from/to the IP address of my PC.

In Wireshark I can see Dell sending packets and my PC acking them for a few seconds. Then it stops with my PC sending 3 or 4 acks. Then I see a ton of DNS related entries between my PC and our DNS (hosted) most say "no such name" and then a bunch of entries from and to "deploy.akamaitechnology.com". During all this DNS/akama stuff I see Dell acking but no response from my PC. Eventually I get the network error message.

Does anyone have any thoughts on this? I'm a newby to Wireshark and I don't understand all the different entries I'm seeing and they could be normal. Looking for any pointers to anything that might help me resolve this issue. Thanks.

asked 03 Dec '12, 09:11

xlcfdp's gravatar image

xlcfdp
1111
accept rate: 0%

I should add that downloads from any other site work just fine. I've not found a site that has the same problem.

(03 Dec '12, 09:12) xlcfdp

is it possible to post that capture file (please in pcap format) somewhere?

(03 Dec '12, 09:22) Kurt Knochner ♦

I still have it displayed in Wireshark on my PC so I can save it in any of the Wireshark save formats. Not sure about the where though...

(03 Dec '12, 12:15) xlcfdp

any one-click file hoster or cloudshark.org.

(03 Dec '12, 12:49) Kurt Knochner ♦

Sorry, sidetracked with another issue. I'm a bit concerned from a security standpoint of posting a capture file. How can I filter it so just the needed data is there?

(07 Dec '12, 13:52) xlcfdp

if the capture file contains only the driver download from Dell, I don't see a security issue, as that's all "public" available data, except your internal IP addresses.

You can start with a filtering for the ip address of the Dell website and then export only traffic to/from that site (File -> Export). We will see, if that's enough information to analyze the problem. Regarding your internal IP addresses, you can use a pcap file anonymizer.

http://ask.wireshark.org/questions/16367/capture-file-anonymization

(07 Dec '12, 14:10) Kurt Knochner ♦
showing 5 of 6 show 1 more comments
Be the first one to answer this question!
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×193
×109
×36

question asked: 03 Dec '12, 09:11

question was seen: 2,221 times

last updated: 07 Dec '12, 14:10

p​o​w​e​r​e​d by O​S​Q​A