From: "Lewis G Rosenthal" Received: from [192.168.100.25] (account lgrosenthal [192.168.100.25] verified) by 2rosenthals.com (CommuniGate Pro SMTP 5.1.3) with ESMTPA id 830674 for os2-wireless_users@2rosenthals.com; Fri, 09 Feb 2007 17:43:22 -0500 Message-ID: <45CCF8FB.7090503@2rosenthals.com> Date: Fri, 09 Feb 2007 17:43:07 -0500 Organization: Rosenthal & Rosenthal, LLC User-Agent: Mozilla/5.0 (OS/2; U; Warp 4.5; en-US; rv:1.9a2pre) Gecko/20070130 MultiZilla/1.8.3.0a SeaMonkey/1.5a MIME-Version: 1.0 To: OS/2 Wireless Users Mailing List Subject: OT: DNS Lookup tracing (was: Re: [OS2Wireless]Re: Any idea why there are so many sessions to port53? -crossposted) References: In-Reply-To: Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit If you're browsing or checking or sending email, UDP 53 will be in constant use (unless you have such a huge hosts file that lookups are unnecessary). You really need to debug the DNS requests to determine what it's trying to find, and that should give you some clue as to what's asking. IPTRACE won't give you enough detail. You'll need something which will list the UDP packets on port 53 and their contents in order to determine what is being requested. On 02/09/07 12:34 pm, Leon D. Zetekoff thus wrote : > yes the 192...100 is the os2 box on my internal network. It is NATed > by the router. Yes port 53 is DNS but OS2 for some reason is chatting > away. Guess I'll get a task list and see what's in there. The 199.224 > address is one of the DNS servers of my provider. > > Thanks leon > > * Sam Lewis wrote, On 2/9/2007 12:25 PM: >> It's probably the port NAT is using to forward packets. Here is a >> link to an explanation of how NAT works. It may explain this better. >> >> http://www.cisco.com/en/US/tech/tk648/tk361/technologies_tech_note09186a0080094831.shtml#flash >> >> >> Sam >> >> Leon D. Zetekoff wrote: >> >>> Sorry for the crosspost but trying to get an answer...thanks leon >>> >>> ==================== >>> >>> It seems my os/2 box likes to talk out to port 53. Check out this from >>> my router: >>> >>> Page 40/40 >>> Internal Prot. External NAT Time-out >>> 192.168.0.100:54692 UDP 199.224.86.16:53 65159 153 >>> 192.168.0.100:54713 UDP 199.224.86.16:53 65191 159 >>> 192.168.0.100:54800 UDP 199.224.86.16:53 65215 195 >>> 192.168.0.100:54779 UDP 199.224.86.16:53 65239 186 >>> 192.168.0.100:54562 UDP 199.224.86.16:53 65261 103 >>> 192.168.0.100:54477 UDP 199.224.86.16:53 65263 63 >>> 192.168.0.100:54967 UDP 199.224.86.16:53 65271 266 >>> 192.168.0.100:54387 UDP 199.224.86.16:53 65299 39 >>> 192.168.0.100:54758 UDP 199.224.86.16:53 65331 177 >>> 192.168.0.100:54336 UDP 199.224.86.16:53 65335 14 >>> 192.168.0.102:1803 UDP 199.224.86.20:53 65357 214 >>> 192.168.0.100:54527 UDP 199.224.86.16:53 65361 86 >>> 192.168.0.100:54509 UDP 199.224.86.16:53 65405 80 >>> 192.168.0.100:54383 UDP 199.224.86.16:53 65409 39 >>> 192.168.0.100:54649 UDP 199.224.86.16:53 65423 141 >>> 192.168.0.100:55015 UDP 199.224.86.16:53 65431 274 >>> 192.168.0.100:54877 UDP 199.224.86.16:53 65433 229 >>> 192.168.0.100:54732 UDP 199.224.86.16:53 65437 167 >>> 192.168.0.100:54898 UDP 199.224.86.16:53 65453 239 >>> >>> >>> 192.168.0.100 is the os2 box any idea why it chatters so much? >>> >>> Thanks leon >>> >>> >>> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >>> This message is sent to you because you are subscribed to >>> the mailing list . >>> To unsubscribe, E-mail to: >>> To switch to the DIGEST mode, E-mail to >>> >>> To switch to the INDEX mode, E-mail to >>> >>> Send administrative queries to >>> >>> To subscribe (new addresses), E-mail to: >>> and reply to the >>> confirmation email. >>> >>> This list is hosted by Rosenthal & Rosenthal >>> P.O. Box 281, Deer Park, NY 11729-0281. Non- >>> electronic communications related to content >>> contained in these messages should be directed >>> to the above address. (CAN-SPAM Act of 2003) >>> >>> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >>> >>> >>> >> >> >> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >> This message is sent to you because you are subscribed to >> the mailing list . >> To unsubscribe, E-mail to: >> To switch to the DIGEST mode, E-mail to >> >> To switch to the INDEX mode, E-mail to >> >> Send administrative queries to >> >> To subscribe (new addresses), E-mail to: >> and reply to the confirmation >> email. >> >> This list is hosted by Rosenthal & Rosenthal >> P.O. Box 281, Deer Park, NY 11729-0281. Non- >> electronic communications related to content >> contained in these messages should be directed >> to the above address. (CAN-SPAM Act of 2003) >> >> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >> >> > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > This message is sent to you because you are subscribed to > the mailing list . > To unsubscribe, E-mail to: > To switch to the DIGEST mode, E-mail to > To switch to the INDEX mode, E-mail to > Send administrative queries to > To subscribe (new addresses), E-mail to: and reply to the confirmation email. > > This list is hosted by Rosenthal & Rosenthal > P.O. Box 281, Deer Park, NY 11729-0281. Non- > electronic communications related to content > contained in these messages should be directed > to the above address. (CAN-SPAM Act of 2003) > > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > > -- Lewis ------------------------------------------------------------ Lewis G Rosenthal, CNA, CLP, CLE Rosenthal & Rosenthal, LLC Accountants / Network Consultants New York / Northern Virginia www.2rosenthals.com eComStation Consultants www.ecomstation.com Novell Users Int'l www.novell.com/openenterpriseserver Need a managed Wi-Fi hotspot? www.hautspot.com ------------------------------------------------------------