hi, > Ethernet(src='\x00\x0e5\x10R@', dst='\x00\x0ff2>\x84', > data=IP(src='\xc0\xa8dd', dst='D\t\x10\x19', sum=8292, len=64, p=17, > ttl=128, id=41242, data=UDP(dport=53, sum=2040, sport=1605, ulen=44, > data='\x16e\x01\x00\x00\x01\x00\x00\x00\x00\x00\x00\x03www\google\x03com > \x00\x00\x01\x00\x01')))
this looks like DNS query packet for host www.google.com (UDP transport, destination port 53) > > note captured via ethernet. So what is the \x format and how do I > convert it to something legible? > > 3www\google\x03com <- 03 is not a hex value for a period what you have here is the name of host in dns compressed format. dns protocol utilizes some form of compression of RRs in order to reduce the size of reply messages. you can read more on dns at rfc1035 Flamur Rogova ================================================================== This is the WinPcap users list. It is archived at http://www.mail-archive.com/winpcap-users@winpcap.polito.it/ To unsubscribe use mailto: [EMAIL PROTECTED] ==================================================================
