Thanks for your suggestion, current is looking good! These lines look like the normal DNS output, somewhat:
23:41:13.770526 IP 192.168.123.103.mdns > 224.0.0.251.mdns: 0*- [0q] 2/0/0 PTR[|domain] 23:41:13.770773 IP 192.168.123.103.mdns > 224.0.0.251.mdns: 0*- [0q] 1/0/0 PTR[|domain] 23:41:14.572078 IP 192.168.123.103.mdns > 224.0.0.251.mdns: 0 PTR? _http._tcp.local. (34) 23:41:14.671165 IP 192.168.123.103.mdns > 224.0.0.251.mdns: 0 PTR? _http._tcp.local. (34) 23:41:20.889446 IP 192.168.123.103.mdns > 224.0.0.251.mdns: 0 [2a] PTR? _http._tcp.local. (107) 23:41:20.889674 IP 192.168.123.103.mdns > 224.0.0.251.mdns: 0*- [0q] 6/0/0[|domain] 23:41:21.014389 IP 192.168.123.103.mdns > 224.0.0.251.mdns: 0*- [0q] 3/0/0 (Class 32769) SRV[|domain] 23:41:21.890717 IP 192.168.123.103.mdns > 224.0.0.251.mdns: 0 [3a] PTR? _http._tcp.local. (130) I'm not too sure what the [|domain] and (Class 32769) is. The [|domain] string wasn't in the packet, what does it mean? Thanks, Sam Btw: 3.7.2 built with no configure options, but -2003.11.04 needed --without-crypto to avoid errors. If this is unexpected I can give more details. gcc -O -DHAVE_CONFIG_H -I. -I./missing -I/usr/include -c ./print-esp.c ./print-esp.c:79: undefined type, found `EVP_CIPHER' ./print-esp.c:231: undefined type, found `EVP_CIPHER' ./print-esp.c:361: undefined type, found `EVP_CIPHER_CTX' cpp-precomp: warning: errors during smart preprocessing, retrying in basic mode ./print-esp.c:79: warning: no semicolon at end of struct or union ./print-esp.c:79: parse error before '*' token ./print-esp.c:84: parse error before '}' token ./print-esp.c: In function `esp_print_addsa': ./print-esp.c:95: sizeof applied to an incomplete type ./print-esp.c:99: dereferencing pointer to incomplete type ./print-esp.c:99: dereferencing pointer to incomplete type ./print-esp.c:104: dereferencing pointer to incomplete type ./print-esp.c: In function `esp_print_decode_onesecret': ./print-esp.c:140: storage size of `sa1' isn't known ./print-esp.c:148: sizeof applied to an incomplete type ./print-esp.c:231: syntax error before '*' token ./print-esp.c:259: `evp' undeclared (first use in this function) ./print-esp.c:259: (Each undeclared identifier is reported only once ./print-esp.c:259: for each function it appears in.) ./print-esp.c: In function `esp_init': ./print-esp.c:330: `SN_des_ede3_cbc' undeclared (first use in this function) ./print-esp.c: In function `esp_print': ./print-esp.c:361: `EVP_CIPHER_CTX' undeclared (first use in this function) ./print-esp.c:361: parse error before "ctx" ./print-esp.c:420: dereferencing pointer to incomplete type ./print-esp.c:421: dereferencing pointer to incomplete type ./print-esp.c:422: dereferencing pointer to incomplete type ./print-esp.c:438: dereferencing pointer to incomplete type ./print-esp.c:439: dereferencing pointer to incomplete type ./print-esp.c:440: dereferencing pointer to incomplete type ./print-esp.c:470: dereferencing pointer to incomplete type ./print-esp.c:471: dereferencing pointer to incomplete type ./print-esp.c:472: dereferencing pointer to incomplete type ./print-esp.c:474: dereferencing pointer to incomplete type ./print-esp.c:475: `ctx' undeclared (first use in this function) ./print-esp.c:476: dereferencing pointer to incomplete type ./print-esp.c:488: dereferencing pointer to incomplete type make: *** [print-esp.o] Error 1 Quoteing [EMAIL PROTECTED], on Tue, Nov 04, 2003 at 08:20:46PM -0800: > On Tue, Nov 04, 2003 at 10:58:57PM -0500, Sam Roberts wrote: > > A quick look through the tcpdump code base makes it look like both 53 > > and 5353 are recognized as DNS ports, but when I dump the traffic on my > > network, I don't see the pretty-printing of the contents of mDNS packets > > as I do DNS packets. > > > > Any suggestions as to why? > > Because tcpdump 3.7.2 doesn't decode 5353 as DNS. > > > Can I get this to work like I want? > > Yes, by: > > > I am using tcpdump 3.7.2 on OS X, built from a .tgz I just downloaded. > > downloading a different tarball: > > http://www.tcpdump.org/#current > > Get the "tcpdump-current.tar.gz" tarball and build that. > > (Or try upgrading to Panther - it has a tcpdump based on a post-3.7 CVS > snapshot, and might decode 5353 as DNS.) - This is the TCPDUMP workers list. It is archived at http://www.tcpdump.org/lists/workers/index.html To unsubscribe use mailto:[EMAIL PROTECTED]
