command line ID vs Wireshark transaction ID (dns.id)

Philippe.Simonet at swisscom.com Philippe.Simonet at swisscom.com
Fri Aug 11 06:56:35 UTC 2017


strange :  by me it looks like ... : 43350 = 0xa956


>/usr/bin/dig www.google.ch
; <<>> DiG 9.10.3-P4-Debian <<>> www.google.ch
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43350
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

>tshark -V -f  'port 53'
...
Domain Name System (response)
    [Request In: 1]
    [Time: 0.001247378 seconds]
    Transaction ID: 0xa956
    Flags: 0x8180 Standard query response, No error
        1... .... .... .... = Response: Me
.....



-----Original Message-----
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of Mark Andrews
Sent: vendredi, 11 août 2017 02:26
To: John W. Blue <john.blue at rrcic.com>
Cc: bind-users at lists.isc.org <bind-users at isc.org>
Subject: Re: command line ID vs Wireshark transaction ID (dns.id)


In message <af76af2d3ad8445cbc54a01357791730 at mail.rrcic.com>, "John W. Blue" wr
ites:
> I have been trying to correlate the ID value returned via a command 
> line query here:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60796
>
> to a "transaction ID" found in wireshark when it dissects the packet 
> found here:
>
> Transaction ID: 0x1aa6
>
> without any success because 0x1aa6 does not hex > dec convert to 60796.
>
>
> I am clearly missing something here because wireshark can tie the 
> query and response together into a stream.
>
> Thoughts?

Apply Occam's razor.

The packet in wireshark is not the packet DiG displayed.

> John

--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

bind-users mailing list
bind-users at lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


More information about the bind-users mailing list