Ethereal: [Ethereal-dev] TCP DNS requests are reliably split ... sometimes

Ethereal-dev: October 2003

Subject: [Ethereal-dev] TCP DNS requests are reliably split ... sometimes
From: "Mark Pizzolato" <ethereal-dev-20030907@xxxxxxxxxxxxxxxxx>
Date: Thu, 2 Oct 2003 15:48:54 -0700

Some Versions of BIND make some of the TCP queries to another server that end up delivering the request in 2 TCP packets. The first contains a 2 byte packet length for the data contained in the second packet.

As a result of this request spanning 2 packets, Ethereal's Disector can't decode the actual request data. It would be nice if I could select the DNS packet contents and right click and say display as DNS, but that doesn't work.

So, aside from getting the affected versions of BIND (and all the depoyed machines) fixed, what can be done to help.

Thanks.

- Mark Pizzolato

Follow-Ups:
- Re: [Ethereal-dev] TCP DNS requests are reliably split ... sometimes
  - From: Guy Harris

Prev by Date: Re: [Ethereal-dev] [packet-dcerpc-browser.c] operations names
Next by Date: Re: [Ethereal-dev] [patch] packet-tcp.c
Previous by thread: Re: [Ethereal-dev] Info about conversation
Next by thread: Re: [Ethereal-dev] TCP DNS requests are reliably split ... sometimes
Index(es):
- Date
- Thread