This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

Hi Team,

I am not able to find the query packets in my wireshark trace, I always get the first packet as response not matter what i do. I flushed the dns, clear the browser cache tried from browser as well as from the cli nslookup option, Still doesnot work.

Thanks Irfan

asked 11 Feb '14, 19:55

arshmohd's gravatar image

arshmohd
1222
accept rate: 0%

Where are you capturing? I guess you're connected via wireless and capturing on your own system?

(12 Feb '14, 00:41) Jasper ♦♦

Yes i am connected from Wireless...

(12 Feb '14, 23:30) arshmohd

Sounds like you don't see outgoing packets, especially DNS requests. If so, please see the other questions (and answers) tagged with outgoing.

http://ask.wireshark.org/tags/outgoing/

In most of the cases there is an interfering software installed on the client, that prevents Wireshark from capturing outbound/outgoing frames, like: AV, Firewall, IDS, VPN client, Endpoint Security. If that is that case on your system, please disable and/or uninstall that software.

See also here:

http://ask.wireshark.org/questions/28909/no-outgoing-packets

where Symantec Endpoint Security has been the problem (again).

Regards
Kurt

permanent link

answered 12 Feb '14, 00:45

Kurt%20Knochner's gravatar image

Kurt Knochner ♦
24.8k1039237
accept rate: 15%

edited 12 Feb '14, 01:40

I have symantec Endpoint but i will try this again today on my homepc if that helps.. Could it be possible that specific websites dont let the query packets to be captured,.... we have anycast DNS infra.. If that could be an issue..... ?

Regards Irfna

(12 Feb '14, 23:30) arshmohd

Websites have no influence on your local DNS query. Symantec Endpoint has been reported as a problem in similar cases, several times.

(13 Feb '14, 00:07) Kurt Knochner ♦
Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×109
×10

question asked: 11 Feb '14, 19:55

question was seen: 2,998 times

last updated: 13 Feb '14, 00:07

p​o​w​e​r​e​d by O​S​Q​A