command line ID vs Wireshark transaction ID (dns.id)
Mark Andrews
marka at isc.org
Fri Aug 11 00:25:54 UTC 2017
In message <af76af2d3ad8445cbc54a01357791730 at mail.rrcic.com>, "John W. Blue" wr
ites:
> I have been trying to correlate the ID value returned via a command line
> query here:
>
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60796
>
> to a "transaction ID" found in wireshark when it dissects the packet
> found here:
>
> Transaction ID: 0x1aa6
>
> without any success because 0x1aa6 does not hex > dec convert to 60796.
>
>
> I am clearly missing something here because wireshark can tie the query
> and response together into a stream.
>
> Thoughts?
Apply Occam's razor.
The packet in wireshark is not the packet DiG displayed.
> John
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list