command line ID vs Wireshark transaction ID (dns.id)
Philippe.Simonet at swisscom.com
Philippe.Simonet at swisscom.com
Fri Aug 11 06:56:35 UTC 2017
strange : by me it looks like ... : 43350 = 0xa956
>/usr/bin/dig www.google.ch
; <<>> DiG 9.10.3-P4-Debian <<>> www.google.ch
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43350
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>tshark -V -f 'port 53'
...
Domain Name System (response)
[Request In: 1]
[Time: 0.001247378 seconds]
Transaction ID: 0xa956
Flags: 0x8180 Standard query response, No error
1... .... .... .... = Response: Me
.....
-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Mark Andrews
Sent: vendredi, 11 août 2017 02:26
To: John W. Blue <john.blue at rrcic.com>
Cc: bind-users at lists.isc.org <bind-users at isc.org>
Subject: Re: command line ID vs Wireshark transaction ID (dns.id)
In message <af76af2d3ad8445cbc54a01357791730 at mail.rrcic.com>, "John W. Blue" wr
ites:
> I have been trying to correlate the ID value returned via a command
> line query here:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60796
>
> to a "transaction ID" found in wireshark when it dissects the packet
> found here:
>
> Transaction ID: 0x1aa6
>
> without any success because 0x1aa6 does not hex > dec convert to 60796.
>
>
> I am clearly missing something here because wireshark can tie the
> query and response together into a stream.
>
> Thoughts?
Apply Occam's razor.
The packet in wireshark is not the packet DiG displayed.
> John
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
More information about the bind-users
mailing list