DNS & ICMP

Kevin Darcy kcd at daimlerchrysler.com
Thu Oct 20 22:31:27 UTC 2005 

Bill wrote:

>Frame 15 (70 bytes on wire, 70 bytes captured)
>    Arrival Time: Oct 20, 2005 16:15:42.583051000
>    Time delta from previous packet: 0.156957000 seconds
>    Time relative to first packet: 56.875494000 seconds
>    Frame Number: 15
>    Packet Length: 70 bytes
>    Capture Length: 70 bytes
>Ethernet II, Src: 00:0f:24:c9:5a:c2, Dst: 00:30:48:52:7e:6c
>    Destination: 00:30:48:52:7e:6c (Supermic_52:7e:6c)
>    Source: 00:0f:24:c9:5a:c2 (00:0f:24:c9:5a:c2)
>    Type: IP (0x0800)
>Internet Protocol, Src Addr: 207.162.16x.197 (207.162.16x.197), Dst Addr:
>207.162.16x.11 (207.162.16x.11)
>    Version: 4
>    Header length: 20 bytes
>    Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
>        0000 00.. = Differentiated Services Codepoint: Default (0x00)
>        .... ..0. = ECN-Capable Transport (ECT): 0
>        .... ...0 = ECN-CE: 0
>    Total Length: 56
>    Identification: 0x42bf
>    Flags: 0x00
>        .0.. = Don't fragment: Not set
>        ..0. = More fragments: Not set
>    Fragment offset: 0
>    Time to live: 126
>    Protocol: ICMP (0x01)
>    Header checksum: 0x13f0 (correct)
>    Source: 207.162.166.197 (207.162.166.197)
>    Destination: 207.162.160.11 (207.162.160.11)
>Internet Control Message Protocol
>    Type: 3 (Destination unreachable)
>    Code: 3 (Port unreachable)
>    Checksum: 0x3c0d (correct)
>    Internet Protocol, Src Addr: 207.162.16x.11 (207.162.16x.11), Dst Addr:
>207.162.16x.197 (207.162.16x.197)
>        Version: 4
>        Header length: 20 bytes
>        Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
>            0000 00.. = Differentiated Services Codepoint: Default (0x00)
>            .... ..0. = ECN-Capable Transport (ECT): 0
>            .... ...0 = ECN-CE: 0
>        Total Length: 238
>        Identification: 0x0000
>        Flags: 0x04
>            .1.. = Don't fragment: Set
>            ..0. = More fragments: Not set
>        Fragment offset: 0
>        Time to live: 62
>        Protocol: UDP (0x11)
>        Header checksum: 0x55e9 (correct)
>        Source: 207.162.16x.11 (207.162.160.11)
>        Destination: 207.162.16x.197 (207.162.166.197)
>    User Datagram Protocol, Src Port: domain (53), Dst Port: kermit (1649)
>        Source port: domain (53)
>        Destination port: kermit (1649)
>        Length: 218
>        Checksum: 0xb96f
>
>
>
>
>16:14:37.968636 207.162.16x.197 -> 207.162.16x.11 DNS Standard query A
>img-cdn.mediaplex.com
>16:14:37.969040 207.162.16x.11 -> 207.162.16x.197 DNS Standard query
>response CNAME img.mediaplex.com.edgesuite.net CNAME a1470.g.akamai.net A
>84.53.144.136 A 84.53.144.151
>16:14:38.018391 207.162.16x.197 -> 207.162.16x.11 ICMP Destination
>unreachable
>
>
>16:14:45.707557 207.162.16x.197 -> 207.162.16x.11 ICMP Destination
>unreachable
>16:14:51.708089 207.162.16x.197 -> 207.162.16x.11 ICMP Destination
>unreachable
>16:14:55.543456 207.162.16x.197 -> 207.162.16x.11 ICMP Destination
>unreachable
>16:15:26.850696 207.162.16x.197 -> 207.162.16x.11 DNS Standard query A
>m2.2mdn.net
>
OK, so the client stopped listening on the port before it received the 
response. Not terribly unusual...

                                                                         
                                                   -Kevin

More information about the bind-users mailing list