[ale] still trying to figure it out

David S. Jackson dsj at sylvester.dsj.net
Sun Aug 3 16:07:32 EDT 2003


On Sun, Aug 03, 2003 at 02:44:46PM -0400 Geoffrey The Esoteric <esoteric at 3times25.net> wrote:
> >I wonder if there's a way to really see what's inside the packet?
> 
> What I do is send tcpdump output to a file (tcpdump -w output), then 
> read it back in with ethereal.  Seems I might be able to take advantage 
> of some of the -d* options of tcpdump though.

when I went:

dig @dnsjm1.csplans.com csplans.com

I see a little more detail with an extra verbosity switch:

sudo tcpdump -vvv -i ed0 -p src host 12.38.217.253
tcpdump: listening on ed0
15:51:45.272835 12.38.217.253.domain > juno.dsj.net.55286:  4* q:
A? csplans.com. 0/1/0 ns: csplans.com. SOA[|domain] (DF) (ttl
238, id 38107, len 111)

I also queried:  

dig @dnsjm1.csplans.com csplans.com -t ANY

and got:

15:55:15.127946 12.38.217.253.domain > juno.dsj.net.55295:  4* q:
ANY? csplans.com. 4/0/3 csplans.com. SOA[|domain] (DF) (ttl 238,
id 38108, len 217)

using the same tcpdump arguments.  At least this says the packet
length, right?  If you gave the same query, would a shorter
packet length prove your firewall rules (or something) are
mangling the packet before it makes it back to your dig client?  

Or could it be something about your dig client defaults?  Maybe
try the same query with nslookup or something, just to rule out
the client.  If another client works, then maybe your browser or
proxy settings or something are a problem.

Not sure what use the -d* switches would be...isn't that just
dumping the pattern matching code as memory machine language or
something?  That doesn't include the packet contents I don't
think, just the code that would be used to match it, right?

-- 
David S. Jackson                        dsj at dsj.net
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
I know the answer!  The answer lies within the heart
of all mankind!  The answer is twelve?	I think I'm
in the wrong building.
		-- Charles Schulz
_______________________________________________
Ale mailing list
Ale at ale.org
http://www.ale.org/mailman/listinfo/ale





More information about the Ale mailing list