This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Slow Wireless, Dlink router, Browser hijacked

0

Hi,

My wireless is very slow although I've standard settings. Wireless router is Dlink dir 655. A few weeks ago I discovered that my DNS settings on that router had changed (my DNS settings gone, free dns was enabled on the Dlink).

I 've put back my old settings, cleaned my laptop with several antispyy and malware tools (cleaned lot of weird entry's and I saw my browser was hijacked) and thought it would all be fine, but no way wireless is still very slow.

I've made some wireshark captures (wireless connection through Dlink) and was wondering what the following entry's mean:

7 0.000551000 6.274776000 192.168.0.105 224.0.0.252 LLMNR 64 Standard query 0xda6b A wpad 607

Who or what is ip 224.0.0.252?

14 0.248453000 8.064420000 192.168.0.105 192.168.1.35 TCP 74 1564 > 445 [SYN] Seq=0 Win=8192 Len=0 MSS=1460 WS=4 SACK_PERM=1 TSval=224816 TSecr=0 1174

Why is my pc (192.168.0.105) asking for my NAS (192.168.1.35),although I have no mappings, flushed dns, deleted arp table, and the NAS isn't at the network at this moment)?

Hope you can help in trouble shooting my slow wireless,

Thank you, regards Marco

asked 18 Sep '13, 05:09

wiredshark's gravatar image

wiredshark
11113
accept rate: 0%


One Answer:

1

The first entry is for link-local multicast name resolution and is quite normal for windows systems.

The second is your PC attempting to open a TCP connection to the NAS on port 445, and again is quite normal for windows systems, your PC is trying to do something with a file share on the NAS.

Unfortunately neither of these is likely to be the cause of your wireless slowdown.

answered 18 Sep '13, 05:20

grahamb's gravatar image

grahamb ♦
19.8k330206
accept rate: 22%

Thank you grahamb for the answer,

I must change the titel of this post..at the moment my wired connection is also very slow :-( I've opened the Interface Details > 802.3 (Ethernet)tab in Wireshark and noticed:

Statistics

Packets transmitted with heartbeat failure 16830

All of the other statistics in that tab are 0

What are these heartbeat failures?

regards, marco

(18 Sep '13, 15:39) wiredshark