command line ID vs Wireshark transaction ID (dns.id)
John W. Blue
john.blue at rrcic.com
Thu Aug 10 23:14:56 UTC 2017
Forgot to add a screenshot:
http://www.rfmapping.com/transactionid.png
Thanks!
John
From: bind-users [mailto:bind-users-bounces at lists.isc.org] On Behalf Of John W. Blue
Sent: Thursday, August 10, 2017 6:07 PM
To: bind-users at lists.isc.org
Subject: command line ID vs Wireshark transaction ID (dns.id)
I have been trying to correlate the ID value returned via a command line query here:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60796
to a "transaction ID" found in wireshark when it dissects the packet found here:
Transaction ID: 0x1aa6
without any success because 0x1aa6 does not hex > dec convert to 60796.
I am clearly missing something here because wireshark can tie the query and response together into a stream.
Thoughts?
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170810/3b872860/attachment.html>
More information about the bind-users
mailing list