I'm trying to find some common ground for certain udp packets. Aside from ServFail packets et. al., would it be safe to assume that any packets with a '?' found after the destination IP in pflog output would reflect a DNS packet? Can anyone think of an exception to this?
Thanks, -- Jason Dixon, RHCE DixonGroup Consulting http://www.dixongroup.net
