strange : by me it looks like ... : 43350 = 0xa956
>/usr/bin/dig www.google.ch
; <<>> DiG 9.10.3-P4-Debian <<>> www.google.ch
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 43350
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
>tshark -V -f 'port 53'
...
Domain Name System (response)
[Request In: 1]
[Time: 0.001247378 seconds]
Transaction ID: 0xa956
Flags: 0x8180 Standard query response, No error
1... .... .... .... = Response: Me
.....
-----Original Message-----
From: bind-users [mailto:[email protected]] On Behalf Of Mark
Andrews
Sent: vendredi, 11 août 2017 02:26
To: John W. Blue <[email protected]>
Cc: [email protected] <[email protected]>
Subject: Re: command line ID vs Wireshark transaction ID (dns.id)
In message <[email protected]>, "John W. Blue" wr
ites:
> I have been trying to correlate the ID value returned via a command
> line query here:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60796
>
> to a "transaction ID" found in wireshark when it dissects the packet
> found here:
>
> Transaction ID: 0x1aa6
>
> without any success because 0x1aa6 does not hex > dec convert to 60796.
>
>
> I am clearly missing something here because wireshark can tie the
> query and response together into a stream.
>
> Thoughts?
Apply Occam's razor.
The packet in wireshark is not the packet DiG displayed.
> John
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: [email protected]
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
[email protected]
https://lists.isc.org/mailman/listinfo/bind-users
