Informações

Autores Olivier Bonaventure
Prazo de entrega Sem prazo
Limite de submissão No limitation
Category tags dns

Etiquetas

Entrar

DNS over TCP


A short DNS over TCP trace

DNS can also be used over TCP instead of UDP. In this case, several requests and responses can be sent over the bytestream. The transaction identifier is still used to identify the response that matches a request. The only difference with DNS over UDP is that each DNS message is prefixed with a length field that contains the length of the DNS message. Can you infer the value of this length field in the attached TCP trace ?


0000  ad710035fdf48918  00000000a0025f50  
0010  727a0000020404c4  0402080aa08a9ca0  
0020  0000000001030307                    

0000  .q.5ýô........_P
0010  rz.....Ä........
0020  ........        
  • Transmission Control Protocol, Src Port: 44401, Dst Port: 53, Seq: 0, Len: 0
    • Source Port: 44401
      • Destination Port: 53
        • TCP Segment Len: 0
          • Sequence number: 0 (relative sequence number)
            • Acknowledgment number: 0
              • 1010 .... = Header Length: 40 bytes (10)
                • Flags: 0x002 (SYN)
                  • 000. .... .... = Reserved: Not set
                    • ...0 .... .... = Nonce: Not set
                      • .... 0... .... = Congestion Window Reduced (CWR): Not set
                        • .... .0.. .... = ECN-Echo: Not set
                          • .... ..0. .... = Urgent: Not set
                            • .... ...0 .... = Acknowledgment: Not set
                              • .... .... 0... = Push: Not set
                                • .... .... .0.. = Reset: Not set
                                  • .... .... ..1. = Syn: Set
                                    • .... .... ...0 = Fin: Not set
                                      • TCP Flags: \xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7\xc2\xb7S\xc2\xb7
                                      • Window size value: 24400
                                        • Calculated window size: 24400
                                          • Checksum: 0x727a [unverified]
                                            • Urgent pointer: 0
                                              • Options: (20 bytes), Maximum segment size, SACK permitted, Timestamps, No-Operation (NOP), Window scale
                                                • TCP Option - Maximum segment size: 1220 bytes
                                                  • Kind: Maximum Segment Size (2)
                                                    • Length: 4
                                                      • MSS Value: 1220
                                                      • TCP Option - SACK permitted
                                                        • Kind: SACK Permitted (4)
                                                          • Length: 2
                                                          • TCP Option - Timestamps: TSval 2693438624, TSecr 0
                                                            • Kind: Time Stamp Option (8)
                                                              • Length: 10
                                                                • Timestamp value: 2693438624
                                                                  • Timestamp echo reply: 0
                                                                  • TCP Option - No-Operation (NOP)
                                                                    • Kind: No-Operation (1)
                                                                    • TCP Option - Window scale: 7 (multiply by 128)
                                                                      • Kind: Window Scale (3)
                                                                        • Length: 3
                                                                          • Shift count: 7
                                                                            • Multiplier: 128