DNS can also be used over TCP instead of UDP. In this case, several requests and responses can be sent over the bytestream. The transaction identifier is still used to identify the response that matches a request. The only difference with DNS over UDP is that each DNS message is prefixed with a length field that contains the length of the DNS message. Can you infer the value of this length field in the attached TCP trace ?
# |
Taille |
Résumé |
État |
0 |
40 octets |
Transmission Control Protocol, Src Port: 44401, Dst Port: 53, Seq: 0, Len: 0 |
|
1 |
40 octets |
Transmission Control Protocol, Src Port: 53, Dst Port: 44401, Seq: 0, Ack: 1, Len: 0 |
|
2 |
32 octets |
Transmission Control Protocol, Src Port: 44401, Dst Port: 53, Seq: 1, Ack: 1, Len: 0 |
|
3 |
76 octets |
Domain Name System (query) |
|
4 |
32 octets |
Transmission Control Protocol, Src Port: 53, Dst Port: 44401, Seq: 1, Ack: 45, Len: 0 |
|
5 |
122 octets |
Domain Name System (response) |
|
6 |
32 octets |
Transmission Control Protocol, Src Port: 44401, Dst Port: 53, Seq: 45, Ack: 91, Len: 0 |
|
7 |
32 octets |
Transmission Control Protocol, Src Port: 44401, Dst Port: 53, Seq: 45, Ack: 91, Len: 0 |
|
8 |
32 octets |
Transmission Control Protocol, Src Port: 53, Dst Port: 44401, Seq: 91, Ack: 46, Len: 0 |
|
9 |
32 octets |
Transmission Control Protocol, Src Port: 44401, Dst Port: 53, Seq: 46, Ack: 92, Len: 0 |
|
0000
ad
71
00
35
fd
f4
89
18
00
00
00
00
a0
02
5f
50
0010
72
7a
00
00
02
04
04
c4
04
02
08
0a
a0
8a
9c
a0
0020
00
00
00
00
01
03
03
07
0000
.
q
.
5
ý
ô
.
.
.
.
.
.
.
.
_
P
0010
r
z
.
.
.
.
.
Ä
.
.
.
.
.
.
.
.
0020
.
.
.
.
.
.
.
.
- Transmission Control Protocol, Src Port: 44401, Dst Port: 53, Seq: 0, Len: 0
- Source Port: 44401
- Destination Port: 53
- TCP Segment Len: 0
- Sequence number: 0 (relative sequence number)
- Acknowledgment number: 0
- 1010 .... = Header Length: 40 bytes (10)
- Flags: 0x002 (SYN)
- 000. .... .... = Reserved: Not set
- ...0 .... .... = Nonce: Not set
- .... 0... .... = Congestion Window Reduced (CWR): Not set
- .... .0.. .... = ECN-Echo: Not set
- .... ..0. .... = Urgent: Not set
- .... ...0 .... = Acknowledgment: Not set
- .... .... 0... = Push: Not set
- .... .... .0.. = Reset: Not set
- .... .... ..1. = Syn: Set
- .... .... ...0 = Fin: Not set
- TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7S\xc2\xb7
- Window size value: 24400
- Calculated window size: 24400
- Checksum: 0x727a [unverified]
- Urgent pointer: 0
- Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
- TCP Option - Maximum segment size: 1220 bytes
- Kind: Maximum Segment Size (2)
- Length: 4
- MSS Value: 1220
- TCP Option - SACK permitted
- Kind: SACK Permitted (4)
- Length: 2
- TCP Option - Timestamps: TSval 2693438624, TSecr 0
- Kind: Time Stamp Option (8)
- Length: 10
- Timestamp value: 2693438624
- Timestamp echo reply: 0
- TCP Option - No-Operation (NOP)
- TCP Option - Window scale: 7 (multiply by 128)
- Kind: Window Scale (3)
- Length: 3
- Shift count: 7
- Multiplier: 128
0000
00
35
ad
71
7f
d8
15
16
fd
f4
89
19
a0
12
ff
ff
0010
e1
59
00
00
02
04
05
50
04
02
08
0a
f4
56
f9
87
0020
a0
8a
9c
a0
01
03
03
08
0000
.
5
.
q
.
Ø
.
.
ý
ô
.
.
.
.
ÿ
ÿ
0010
á
Y
.
.
.
.
.
P
.
.
.
.
ô
V
ù
.
0020
.
.
.
.
.
.
.
.
- Transmission Control Protocol, Src Port: 53, Dst Port: 44401, Seq: 0, Ack: 1, Len: 0
- Source Port: 53
- Destination Port: 44401
- TCP Segment Len: 0
- Sequence number: 0 (relative sequence number)
- Acknowledgment number: 1 (relative ack number)
- 1010 .... = Header Length: 40 bytes (10)
- Flags: 0x012 (SYN, ACK)
- 000. .... .... = Reserved: Not set
- ...0 .... .... = Nonce: Not set
- .... 0... .... = Congestion Window Reduced (CWR): Not set
- .... .0.. .... = ECN-Echo: Not set
- .... ..0. .... = Urgent: Not set
- .... ...1 .... = Acknowledgment: Set
- .... .... 0... = Push: Not set
- .... .... .0.. = Reset: Not set
- .... .... ..1. = Syn: Set
- .... .... ...0 = Fin: Not set
- TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7A\xc2\xb7\xc2\xb7S\xc2\xb7
- Window size value: 65535
- Calculated window size: 65535
- Checksum: 0xe159 [unverified]
- Urgent pointer: 0
- Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
- TCP Option - Maximum segment size: 1360 bytes
- Kind: Maximum Segment Size (2)
- Length: 4
- MSS Value: 1360
- TCP Option - SACK permitted
- Kind: SACK Permitted (4)
- Length: 2
- TCP Option - Timestamps: TSval 4099340679, TSecr 2693438624
- Kind: Time Stamp Option (8)
- Length: 10
- Timestamp value: 4099340679
- Timestamp echo reply: 2693438624
- TCP Option - No-Operation (NOP)
- TCP Option - Window scale: 8 (multiply by 256)
- Kind: Window Scale (3)
- Length: 3
- Shift count: 8
- Multiplier: 256
0000
ad
71
00
35
fd
f4
89
19
7f
d8
15
17
80
10
00
bf
0010
72
72
00
00
01
01
08
0a
a0
8a
9c
b9
f4
56
f9
87
0000
.
q
.
5
ý
ô
.
.
.
Ø
.
.
.
.
.
¿
0010
r
r
.
.
.
.
.
.
.
.
.
¹
ô
V
ù
.
- Transmission Control Protocol, Src Port: 44401, Dst Port: 53, Seq: 1, Ack: 1, Len: 0
- Source Port: 44401
- Destination Port: 53
- TCP Segment Len: 0
- Sequence number: 1 (relative sequence number)
- Acknowledgment number: 1 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Flags: 0x010 (ACK)
- 000. .... .... = Reserved: Not set
- ...0 .... .... = Nonce: Not set
- .... 0... .... = Congestion Window Reduced (CWR): Not set
- .... .0.. .... = ECN-Echo: Not set
- .... ..0. .... = Urgent: Not set
- .... ...1 .... = Acknowledgment: Set
- .... .... 0... = Push: Not set
- .... .... .0.. = Reset: Not set
- .... .... ..0. = Syn: Not set
- .... .... ...0 = Fin: Not set
- TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7A\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7
- Window size value: 191
- Calculated window size: 24448
- Window size scaling factor: 128
- Checksum: 0x7272 [unverified]
- Urgent pointer: 0
- Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
- TCP Option - No-Operation (NOP)
- TCP Option - No-Operation (NOP)
- TCP Option - Timestamps: TSval 2693438649, TSecr 4099340679
- Kind: Time Stamp Option (8)
- Length: 10
- Timestamp value: 2693438649
- Timestamp echo reply: 4099340679
0000
ad
71
00
35
fd
f4
89
19
7f
d8
15
17
80
18
00
bf
0010
72
9e
00
00
01
01
08
0a
a0
8a
9c
b9
f4
56
f9
87
0020
??
??
ec
20
01
20
00
01
00
00
00
00
00
00
13
63
0030
6f
6d
70
75
74
65
72
2d
6e
65
74
77
6f
72
6b
69
0040
6e
67
04
69
6e
66
6f
00
00
02
00
01
0000
.
q
.
5
ý
ô
.
.
.
Ø
.
.
.
.
.
¿
0010
r
.
.
.
.
.
.
.
.
.
.
¹
ô
V
ù
.
0020
?
?
ì
.
.
.
.
.
.
.
.
.
.
c
0030
o
m
p
u
t
e
r
-
n
e
t
w
o
r
k
i
0040
n
g
.
i
n
f
o
.
.
.
.
.
- Transmission Control Protocol, Src Port: 44401, Dst Port: 53, Seq: 1, Ack: 1, Len: 44
- Source Port: 44401
- Destination Port: 53
- TCP Segment Len: 44
- Sequence number: 1 (relative sequence number)
- Acknowledgment number: 1 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Flags: 0x018 (PSH, ACK)
- 000. .... .... = Reserved: Not set
- ...0 .... .... = Nonce: Not set
- .... 0... .... = Congestion Window Reduced (CWR): Not set
- .... .0.. .... = ECN-Echo: Not set
- .... ..0. .... = Urgent: Not set
- .... ...1 .... = Acknowledgment: Set
- .... .... 1... = Push: Set
- .... .... .0.. = Reset: Not set
- .... .... ..0. = Syn: Not set
- .... .... ...0 = Fin: Not set
- TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7AP\xc2\xb7\xc2\xb7\xc2\xb7
- Window size value: 191
- Calculated window size: 24448
- Window size scaling factor: 128
- Checksum: 0x729e [unverified]
- Urgent pointer: 0
- Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
- TCP Option - No-Operation (NOP)
- TCP Option - No-Operation (NOP)
- TCP Option - Timestamps: TSval 2693438649, TSecr 4099340679
- Kind: Time Stamp Option (8)
- Length: 10
- Timestamp value: 2693438649
- Timestamp echo reply: 4099340679
- TCP payload (44 bytes)
- PDU Size: 44
- Domain Name System (query)
0000
00
35
ad
71
7f
d8
15
17
fd
f4
89
45
80
10
01
00
0010
0e
62
00
00
01
01
08
0a
f4
56
f9
a3
a0
8a
9c
b9
0000
.
5
.
q
.
Ø
.
.
ý
ô
.
E
.
.
.
.
0010
.
b
.
.
.
.
.
.
ô
V
ù
£
.
.
.
¹
- Transmission Control Protocol, Src Port: 53, Dst Port: 44401, Seq: 1, Ack: 45, Len: 0
- Source Port: 53
- Destination Port: 44401
- TCP Segment Len: 0
- Sequence number: 1 (relative sequence number)
- Acknowledgment number: 45 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Flags: 0x010 (ACK)
- 000. .... .... = Reserved: Not set
- ...0 .... .... = Nonce: Not set
- .... 0... .... = Congestion Window Reduced (CWR): Not set
- .... .0.. .... = ECN-Echo: Not set
- .... ..0. .... = Urgent: Not set
- .... ...1 .... = Acknowledgment: Set
- .... .... 0... = Push: Not set
- .... .... .0.. = Reset: Not set
- .... .... ..0. = Syn: Not set
- .... .... ...0 = Fin: Not set
- TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7A\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7
- Window size value: 256
- Calculated window size: 65536
- Window size scaling factor: 256
- Checksum: 0x0e62 [unverified]
- Urgent pointer: 0
- Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
- TCP Option - No-Operation (NOP)
- TCP Option - No-Operation (NOP)
- TCP Option - Timestamps: TSval 4099340707, TSecr 2693438649
- Kind: Time Stamp Option (8)
- Length: 10
- Timestamp value: 4099340707
- Timestamp echo reply: 2693438649
0000
00
35
ad
71
7f
d8
15
17
fd
f4
89
45
80
18
01
00
0010
fb
8f
00
00
01
01
08
0a
f4
56
f9
aa
a0
8a
9c
b9
0020
??
??
ec
20
81
a0
00
01
00
02
00
00
00
00
13
63
0030
6f
6d
70
75
74
65
72
2d
6e
65
74
77
6f
72
6b
69
0040
6e
67
04
69
6e
66
6f
00
00
02
00
01
c0
0c
00
02
0050
00
01
00
00
0d
ee
00
0f
05
64
6e
73
32
30
03
6f
0060
76
68
03
6e
65
74
00
c0
0c
00
02
00
01
00
00
0d
0070
ee
00
07
04
6e
73
32
30
c0
3c
0000
.
5
.
q
.
Ø
.
.
ý
ô
.
E
.
.
.
.
0010
û
.
.
.
.
.
.
.
ô
V
ù
ª
.
.
.
¹
0020
?
?
ì
.
.
.
.
.
.
.
.
.
.
.
c
0030
o
m
p
u
t
e
r
-
n
e
t
w
o
r
k
i
0040
n
g
.
i
n
f
o
.
.
.
.
.
À
.
.
.
0050
.
.
.
.
.
î
.
.
.
d
n
s
2
0
.
o
0060
v
h
.
n
e
t
.
À
.
.
.
.
.
.
.
.
0070
î
.
.
.
n
s
2
0
À
<
- Transmission Control Protocol, Src Port: 53, Dst Port: 44401, Seq: 1, Ack: 45, Len: 90
- Source Port: 53
- Destination Port: 44401
- TCP Segment Len: 90
- Sequence number: 1 (relative sequence number)
- Acknowledgment number: 45 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Flags: 0x018 (PSH, ACK)
- 000. .... .... = Reserved: Not set
- ...0 .... .... = Nonce: Not set
- .... 0... .... = Congestion Window Reduced (CWR): Not set
- .... .0.. .... = ECN-Echo: Not set
- .... ..0. .... = Urgent: Not set
- .... ...1 .... = Acknowledgment: Set
- .... .... 1... = Push: Set
- .... .... .0.. = Reset: Not set
- .... .... ..0. = Syn: Not set
- .... .... ...0 = Fin: Not set
- TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7AP\xc2\xb7\xc2\xb7\xc2\xb7
- Window size value: 256
- Calculated window size: 65536
- Window size scaling factor: 256
- Checksum: 0xfb8f [unverified]
- Urgent pointer: 0
- Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
- TCP Option - No-Operation (NOP)
- TCP Option - No-Operation (NOP)
- TCP Option - Timestamps: TSval 4099340714, TSecr 2693438649
- Kind: Time Stamp Option (8)
- Length: 10
- Timestamp value: 4099340714
- Timestamp echo reply: 2693438649
- TCP payload (90 bytes)
- PDU Size: 90
- Domain Name System (response)
0000
ad
71
00
35
fd
f4
89
45
7f
d8
15
71
80
10
00
bf
0010
72
72
00
00
01
01
08
0a
a0
8a
9c
dc
f4
56
f9
aa
0000
.
q
.
5
ý
ô
.
E
.
Ø
.
q
.
.
.
¿
0010
r
r
.
.
.
.
.
.
.
.
.
Ü
ô
V
ù
ª
- Transmission Control Protocol, Src Port: 44401, Dst Port: 53, Seq: 45, Ack: 91, Len: 0
- Source Port: 44401
- Destination Port: 53
- TCP Segment Len: 0
- Sequence number: 45 (relative sequence number)
- Acknowledgment number: 91 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Flags: 0x010 (ACK)
- 000. .... .... = Reserved: Not set
- ...0 .... .... = Nonce: Not set
- .... 0... .... = Congestion Window Reduced (CWR): Not set
- .... .0.. .... = ECN-Echo: Not set
- .... ..0. .... = Urgent: Not set
- .... ...1 .... = Acknowledgment: Set
- .... .... 0... = Push: Not set
- .... .... .0.. = Reset: Not set
- .... .... ..0. = Syn: Not set
- .... .... ...0 = Fin: Not set
- TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7A\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7
- Window size value: 191
- Calculated window size: 24448
- Window size scaling factor: 128
- Checksum: 0x7272 [unverified]
- Urgent pointer: 0
- Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
- TCP Option - No-Operation (NOP)
- TCP Option - No-Operation (NOP)
- TCP Option - Timestamps: TSval 2693438684, TSecr 4099340714
- Kind: Time Stamp Option (8)
- Length: 10
- Timestamp value: 2693438684
- Timestamp echo reply: 4099340714
0000
ad
71
00
35
fd
f4
89
45
7f
d8
15
71
80
11
00
bf
0010
72
72
00
00
01
01
08
0a
a0
8a
9c
dd
f4
56
f9
aa
0000
.
q
.
5
ý
ô
.
E
.
Ø
.
q
.
.
.
¿
0010
r
r
.
.
.
.
.
.
.
.
.
Ý
ô
V
ù
ª
- Transmission Control Protocol, Src Port: 44401, Dst Port: 53, Seq: 45, Ack: 91, Len: 0
- Source Port: 44401
- Destination Port: 53
- TCP Segment Len: 0
- Sequence number: 45 (relative sequence number)
- Acknowledgment number: 91 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Flags: 0x011 (FIN, ACK)
- 000. .... .... = Reserved: Not set
- ...0 .... .... = Nonce: Not set
- .... 0... .... = Congestion Window Reduced (CWR): Not set
- .... .0.. .... = ECN-Echo: Not set
- .... ..0. .... = Urgent: Not set
- .... ...1 .... = Acknowledgment: Set
- .... .... 0... = Push: Not set
- .... .... .0.. = Reset: Not set
- .... .... ..0. = Syn: Not set
- .... .... ...1 = Fin: Set
- TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7A\xc2\xb7\xc2\xb7\xc2\xb7F
- Window size value: 191
- Calculated window size: 24448
- Window size scaling factor: 128
- Checksum: 0x7272 [unverified]
- Urgent pointer: 0
- Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
- TCP Option - No-Operation (NOP)
- TCP Option - No-Operation (NOP)
- TCP Option - Timestamps: TSval 2693438685, TSecr 4099340714
- Kind: Time Stamp Option (8)
- Length: 10
- Timestamp value: 2693438685
- Timestamp echo reply: 4099340714
0000
00
35
ad
71
7f
d8
15
71
fd
f4
89
46
80
11
01
00
0010
0d
be
00
00
01
01
08
0a
f4
56
f9
c7
a0
8a
9c
dd
0000
.
5
.
q
.
Ø
.
q
ý
ô
.
F
.
.
.
.
0010
.
¾
.
.
.
.
.
.
ô
V
ù
Ç
.
.
.
Ý
- Transmission Control Protocol, Src Port: 53, Dst Port: 44401, Seq: 91, Ack: 46, Len: 0
- Source Port: 53
- Destination Port: 44401
- TCP Segment Len: 0
- Sequence number: 91 (relative sequence number)
- Acknowledgment number: 46 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Flags: 0x011 (FIN, ACK)
- 000. .... .... = Reserved: Not set
- ...0 .... .... = Nonce: Not set
- .... 0... .... = Congestion Window Reduced (CWR): Not set
- .... .0.. .... = ECN-Echo: Not set
- .... ..0. .... = Urgent: Not set
- .... ...1 .... = Acknowledgment: Set
- .... .... 0... = Push: Not set
- .... .... .0.. = Reset: Not set
- .... .... ..0. = Syn: Not set
- .... .... ...1 = Fin: Set
- TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7A\xc2\xb7\xc2\xb7\xc2\xb7F
- Window size value: 256
- Calculated window size: 65536
- Window size scaling factor: 256
- Checksum: 0x0dbe [unverified]
- Urgent pointer: 0
- Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
- TCP Option - No-Operation (NOP)
- TCP Option - No-Operation (NOP)
- TCP Option - Timestamps: TSval 4099340743, TSecr 2693438685
- Kind: Time Stamp Option (8)
- Length: 10
- Timestamp value: 4099340743
- Timestamp echo reply: 2693438685
0000
ad
71
00
35
fd
f4
89
46
7f
d8
15
72
80
10
00
bf
0010
72
72
00
00
01
01
08
0a
a0
8a
9c
f9
f4
56
f9
c7
0000
.
q
.
5
ý
ô
.
F
.
Ø
.
r
.
.
.
¿
0010
r
r
.
.
.
.
.
.
.
.
.
ù
ô
V
ù
Ç
- Transmission Control Protocol, Src Port: 44401, Dst Port: 53, Seq: 46, Ack: 92, Len: 0
- Source Port: 44401
- Destination Port: 53
- TCP Segment Len: 0
- Sequence number: 46 (relative sequence number)
- Acknowledgment number: 92 (relative ack number)
- 1000 .... = Header Length: 32 bytes (8)
- Flags: 0x010 (ACK)
- 000. .... .... = Reserved: Not set
- ...0 .... .... = Nonce: Not set
- .... 0... .... = Congestion Window Reduced (CWR): Not set
- .... .0.. .... = ECN-Echo: Not set
- .... ..0. .... = Urgent: Not set
- .... ...1 .... = Acknowledgment: Set
- .... .... 0... = Push: Not set
- .... .... .0.. = Reset: Not set
- .... .... ..0. = Syn: Not set
- .... .... ...0 = Fin: Not set
- TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7A\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7
- Window size value: 191
- Calculated window size: 24448
- Window size scaling factor: 128
- Checksum: 0x7272 [unverified]
- Urgent pointer: 0
- Options: (12 bytes), No-Operation (NOP), No-Operation (NOP), Timestamps
- TCP Option - No-Operation (NOP)
- TCP Option - No-Operation (NOP)
- TCP Option - Timestamps: TSval 2693438713, TSecr 4099340743
- Kind: Time Stamp Option (8)
- Length: 10
- Timestamp value: 2693438713
- Timestamp echo reply: 4099340743