Using Wireshark to monitor SQL traffic, getting incorrect network name resolution

chockomonkey

[H]F Junkie
Joined
Oct 11, 2003
Messages
8,375
Greetings,

I'm about to deploy Microsoft's BCM to replace our work's really really old CRM.

I installed Wireshark on our server to be able to weigh the load this is putting on our server. I applied a capture filter on the port we're using. I turned on network name resolution.

Half of the results resolve just fine... computer "gayle" actually is 192.168.1.209... however, the other half of the results are not correct. My workstation's IP is resolving as someone else's computer name. I see this on a few workstations around the office.

Anyone have an idea as to why this would be going on?
 
Stale entries in DNS. Do you have a reverse lookup zone? Do the PTR records mach current A records/DHCP lease assignments?
 
thanks for the response da sponge, using what you've asked I have now seen more areas of this server i'd never seen before lol (i was not the person who set this up)

We do have a reverse lookup zone, and it's PTR on many entries is incorrect. I assume the "current A records/DHCP lease assignments" would be under the "DHCP" server settings, just as i found these PTR reverse lookup zone records under "DNS" in Administrative Tools... however it appears that the DHCP server is no longer functioning... after a brief pause it comes back as "Cannot find the DHCP Server"... so maybe this is the cause of what's going on.

I've emailed the person who set this shit up to see what he has to say.

edit: forgot that when we open a bit of internet access to our workstations he reworked the DHCP--it's being handled by a linksys router now... however this list definitely does not match the other list. In fact it doesn't even have some assignments which workstations claim to have received from the router...
 
Last edited:
It almost looks like i can manually edit each of the reverse-lookup entries, is this ever done? Also, there are duplicates. Should I clean up this list to make it match the DHCP one? Or should this be happening automatically?
 
Why would he do that? Then you can't have the DHCP service dynamically register DNS records for the clients. The clients should do it automatically (2k+), but still. In the TCP/IP properties of one of the affected clients - is 'Register this connection's addresses in DNS' checked? Are all clients using the DC as their DNS server (and the DC is forwarding traffic or resolving directly)?
 
Back
Top