tcpdump mailing list archives

Re: code seems to support 5353 - but pkts aren't printed as DNS, why?

From: itojun () iijlab net
Date: Wed, 05 Nov 2003 15:05:27 +0900

Thanks for your suggestion, current is looking good!

These lines look like the normal DNS output, somewhat:

23:41:13.770526 IP 192.168.123.103.mdns > 224.0.0.251.mdns:  0*- [0q] 2/0/0 PTR[|domain]
23:41:13.770773 IP 192.168.123.103.mdns > 224.0.0.251.mdns:  0*- [0q] 1/0/0 PTR[|domain]
23:41:14.572078 IP 192.168.123.103.mdns > 224.0.0.251.mdns:  0 PTR? _http._tcp.local. (34)
23:41:14.671165 IP 192.168.123.103.mdns > 224.0.0.251.mdns:  0 PTR? _http._tcp.local. (34)
23:41:20.889446 IP 192.168.123.103.mdns > 224.0.0.251.mdns:  0 [2a] PTR? _http._tcp.local. (107)
23:41:20.889674 IP 192.168.123.103.mdns > 224.0.0.251.mdns:  0*- [0q] 6/0/0[|domain]
23:41:21.014389 IP 192.168.123.103.mdns > 224.0.0.251.mdns:  0*- [0q] 3/0/0 (Class 32769) SRV[|domain]
23:41:21.890717 IP 192.168.123.103.mdns > 224.0.0.251.mdns:  0 [3a] PTR? _http._tcp.local. (130)

I'm not too sure what the [|domain] and (Class 32769) is. The [|domain] string wasn't in the
packet, what does it mean?


        [|domain] means that the capture is too short and the decoded output
        is truncated.  use -s to increase capture length.

itojun
-
This is the TCPDUMP workers list. It is archived at
http://www.tcpdump.org/lists/workers/index.html
To unsubscribe use mailto:tcpdump-workers-request () tcpdump org?body=unsubscribe

Current thread:

code seems to support 5353 - but pkts aren't printed as DNS, why? Sam Roberts (Nov 04)
- Re: code seems to support 5353 - but pkts aren't printed as DNS, why? Guy Harris (Nov 04)
  - Re: code seems to support 5353 - but pkts aren't printed as DNS, why? Sam Roberts (Nov 04)
    - Re: code seems to support 5353 - but pkts aren't printed as DNS, why? Guy Harris (Nov 04)
    - Re: code seems to support 5353 - but pkts aren't printed as DNS, why? itojun (Nov 04)