command line ID vs Wireshark transaction ID (dns.id)
John W. Blue
john.blue at rrcic.com
Thu Aug 10 23:06:47 UTC 2017
I have been trying to correlate the ID value returned via a command line query here:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60796
to a "transaction ID" found in wireshark when it dissects the packet found here:
Transaction ID: 0x1aa6
without any success because 0x1aa6 does not hex > dec convert to 60796.
I am clearly missing something here because wireshark can tie the query and response together into a stream.
Thoughts?
John
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20170810/a02a42e4/attachment.html>
More information about the bind-users
mailing list