Ethereal: Re: [Ethereal-dev] TCP DNS requests are reliably split ... sometimes

Ethereal-dev: October 2003

Subject: Re: [Ethereal-dev] TCP DNS requests are reliably split ... sometimes
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 2 Oct 2003 15:59:39 -0700


On Oct 2, 2003, at 3:48 PM, Mark Pizzolato wrote:

Some Versions of BIND make some of the TCP queries to another server that end up delivering the request in 2 TCP packets. The first contains a 2 byte packet length for the data contained in the second packet. As a result of this request spanning 2 packets, Ethereal's Disector can't decode the actual request data.

Can it dissect it if you turn on both the "Desegment all DNS messages spanning multiple TCP segments" option for DNS and the "Allow subdissector to desegment TCP streams" option for TCP, if they're not already on?

Select Preferences from the Edit menu, open up the "Protocols" list in the Preferences dialog box, select DNS, set the DNS option in question if it's not already set, select TCP, set the TCP option in question if it's not already set, and then click "OK". (Click "Save" before clicking "OK" if you want those saved as default settings.)

Follow-Ups:
- Re: [Ethereal-dev] TCP DNS requests are reliably split ... sometimes
  - From: Mark Pizzolato

References:
- [Ethereal-dev] TCP DNS requests are reliably split ... sometimes
  - From: Mark Pizzolato

Prev by Date: Re: [Ethereal-dev] [patch] packet-tcp.c
Next by Date: Re: [Ethereal-dev] TCP DNS requests are reliably split ... sometimes
Previous by thread: [Ethereal-dev] TCP DNS requests are reliably split ... sometimes
Next by thread: Re: [Ethereal-dev] TCP DNS requests are reliably split ... sometimes
Index(es):
- Date
- Thread