RE: command line ID vs Wireshark transaction ID (dns.id)

2017-08-11 Thread John W. Blue
> What nameserver addresses are listed in /etc/resolv.conf? So. resolv.conf has the non-RFC1918 ip addresses commented out *and* loopback is the only one enabled. Lovely. I decided to leave it as is and retested with: # tcpdump -n -i lo0 -s0 port domain tcpdump: verbose output

RE: command line ID vs Wireshark transaction ID (dns.id)

2017-08-11 Thread Philippe.Simonet
Message- From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of Mark Andrews Sent: vendredi, 11 août 2017 02:26 To: John W. Blue <john.b...@rrcic.com> Cc: bind-users@lists.isc.org <bind-us...@isc.org> Subject: Re: command line ID vs Wireshark transaction I

Re: command line ID vs Wireshark transaction ID (dns.id)

2017-08-10 Thread Mark Andrews
In message , "John W. Blue" wr ites: > I have been trying to correlate the ID value returned via a command line > query here: > > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60796 > > to a "transaction ID" found in wireshark when it

RE: command line ID vs Wireshark transaction ID (dns.id)

2017-08-10 Thread John W. Blue
Forgot to add a screenshot: http://www.rfmapping.com/transactionid.png Thanks! John From: bind-users [mailto:bind-users-boun...@lists.isc.org] On Behalf Of John W. Blue Sent: Thursday, August 10, 2017 6:07 PM To: bind-users@lists.isc.org Subject: command line ID vs Wireshark transaction ID

command line ID vs Wireshark transaction ID (dns.id)

2017-08-10 Thread John W. Blue
I have been trying to correlate the ID value returned via a command line query here: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60796 to a "transaction ID" found in wireshark when it dissects the packet found here: Transaction ID: 0x1aa6 without any success because 0x1aa6 does not