Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] DNS Compression?

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: "Visser, Martin" <martin.visser@xxxxxx>
Date: Thu, 3 Jul 2008 02:44:54 +0000

I think you will find that a lot of DNS responses have compression. Search for the A record for www.google.com. Every name in the response apart from the first is compressed. Just click on a name field in the Packet Details in Wireshark and you will see in the highlighted hex that it corresponds to only 2 bytes.

Regards, Martin

Martin Visser

Technology Consultant
Technology Solutions Group

410 Concord Road
Rhodes NSW  2138
Australia

Mobile: +61-411-254-513
Fax: +61-2-9022-1800
E-mail: martin.visserAThp.com

This email (including any attachments) is intended only for the use of the individual or entity named above and may contain information that is confidential, proprietary or privileged. If you are not the intended recipient, please notify HP immediately by return email and then delete the email, destroy any printed copy and do not disclose or use the information in it.


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Adsquaired
Sent: Wednesday, 2 July 2008 10:59 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] DNS Compression?

Hello,

Can someone send me a capture that shows an example of what DNS compression looks like. I understand the concept but would like to see what it looks like in a packet capture.

Thanks

ad^2
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users

Attachment: dns-response.pcap
Description: dns-response.pcap

  • References:
    • [Wireshark-users] DNS Compression?
      • From: Adsquaired
  • Prev by Date: [Wireshark-users] Question on the Header File Concerning the FIX Protocol
  • Next by Date: [Wireshark-users] Trace file preview handler
  • Previous by thread: [Wireshark-users] DNS Compression?
  • Next by thread: [Wireshark-users] Version 1.0.1 (SVN Rev 25639) - > Bug ?
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation