Ethereal-users: [Ethereal-users] DNS protocol decoding -T text mode incomplete

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next
From: Scott M <s.a.mcintyre@xxxxxxxxx>
Date: Thu, 2 Sep 2004 20:58:34 +0200
Hi,

I'm trying to work out why it is that some DNS queries being decoded
by tethereal seem to be cut off or missing data when using the
standard tethereal text mode output.

For example:

  4.162504 x -> y DNS Standard query response
  4.359477 x -> y DNS Standard query response
  4.749871 x -> y DNS Standard query response
  4.945172 x -> y DNS Standard query response
  5.338347 x -> y DNS Standard query response

As opposed to:

  1.351712  a -> y DNS Standard query response PTR fubar.example.org
  1.352659 b -> y DNS Standard query response A 1.2.3.4
  1.354250 c -> y DNS Standard query response A 5.6.7.8
  1.357857 d -> y DNS Standard query response A 1.2.8.9


The data is in the packets, and it can be seen with -T pdml or using a
-V protocol tree output, but I'm curious if it's possible to always
get the latter format and not have it stop/cut off with just the "DNS
Standard query response" message.  The size of the reply doesn't seem
to be a factor, as I sometimes see replies decoded and displayed
properly that are quite large, but others which are much smaller are
not output fully.

Thanks for any suggestions.