Ethereal: Re: [Ethereal-users] DNS protocol decoding -T text mode incomplete

Ethereal-users: September 2004

Subject: Re: [Ethereal-users] DNS protocol decoding -T text mode incomplete
From: "Guy Harris" <gharris@xxxxxxxxx>
Date: Thu, 2 Sep 2004 16:48:41 -0700 (PDT)

Scott M said:

> I'm trying to work out why it is that some DNS queries being decoded
> by tethereal seem to be cut off or missing data when using the
> standard tethereal text mode output.

The packets in your example are responses, not queries.  If the QR bit is
set in a packet, indicating that it's a response, the DNS dissector should
1) put "response" into the Info column and 2) pass a non-null "cinfo"
pointer to "dissect_answer_records()", so that the Info column gets
information about the RR type, if nothing else, added to it.

The only reason why a response should have nothing other than "Standard
query response" in the Info column would be if there were *no* answer RRs
in the response - in which case, because the only RR information we put
into the Info column for a response is answer RR information, there's no
data *to* put into the Info column.

References:
- [Ethereal-users] DNS protocol decoding -T text mode incomplete
  - From: Scott M

Prev by Date: [Ethereal-users] version 0.10.6 unable to open 200MB capture file with a couple hundred K packets
Next by Date: Re: [Ethereal-users] version 0.10.6 unable to open 200MB capture file with a couple hundred K packets
Previous by thread: [Ethereal-users] DNS protocol decoding -T text mode incomplete
Next by thread: [Ethereal-users] version 0.10.6 unable to open 200MB capture file with a couple hundred K packets
Index(es):
- Date
- Thread