Hi Nikita,

Le Tue, 12 May 2015 23:49:55 -0700, "Nikita N." <niki...@operamail.com>
a écrit :

> Hi Simon,
> thanks for the bet! :)
> So if I'm understanding correctly, it is nothing related to Dnsmasq,
> right?


> By your opinion, what is the purpose of such a ICMP/UDP frame sent from
> src port 53?
> Is that some kind of alternate DNS mechanism?
> Is that anything standard behavior?

It is standard behaviour. ICMP(v4) is used as a signalling mechanism
alongside IPv4 (e.g. for 'unreachable host' notifications)

> >> When the answer comes back, there's nothing listening on the destination 
> >> port
> I always see those ICMP at gateway side, so I guess the gateway must
> have received at least that answer back.
> Is that answer back supposed to be a simple UDP frame or another ICMP
> frame?

ICMP is never used for application data; a DNS answer is always
through IPv4, either over UDP or TCP.

> Also, client and gateway are on different machines, loopback is not
> possible, why I can't see neither the UDP/ICMP answer back, nor the
> query?
> How would I set Wireshark, to sniff out those 2 mysterious UDP frame?

Ideally, running Wireshark on a dual-Ethernet machine inserted on the
client's wire. In less ideal cases, run an instance of wireshark or
tcpdump on the client and one on the server, capture to file with
both, then fire two wireshark instances on any machine, have each one
load a capture and compare them visually. 


Dnsmasq-discuss mailing list

Reply via email to