Ethereal-dev: Re: [Ethereal-dev] TCP DNS requests are reliably split ... sometimes

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Thu, 2 Oct 2003 15:59:39 -0700

On Oct 2, 2003, at 3:48 PM, Mark Pizzolato wrote:
Some Versions of BIND make some of the TCP queries to another server that end up delivering the request in 2 TCP packets.  The first contains a 2 byte packet length for the data contained in the second packet. 
 
As a result of this request spanning 2 packets, Ethereal's Disector can't decode the actual request data.
Can it dissect it if you turn on both the "Desegment all DNS messages spanning multiple TCP segments" option for DNS and the "Allow subdissector to desegment TCP streams" option for TCP, if they're not already on?
Select Preferences from the Edit menu, open up the "Protocols" list in the Preferences dialog box, select DNS, set the DNS option in question if it's not already set, select TCP, set the TCP option in question if it's not already set, and then click "OK". (Click "Save" before clicking "OK" if you want those saved as default settings.)