[dns-operations] last call on dnscap

Tyler Reguly ht at computerdefense.org
Wed May 16 11:21:32 UTC 2007 

Sorry for the delay in responding

The error is easily reproduced just using nslookup

root at iMac:/home/htregz/dnscap# ./dnscap -c2 -g
;@ 2007-05-16 11:18:32.826504 - 53 octets via "some interface" (msg #1)
;: [192.168.2.50]:1090 -> [192.168.1.1]:53
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17967
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      imac.lndn.phub.net.cable.rogers.com, type = A, class = IN
;--
;@ 2007-05-16 11:18:32.843609 - 22 octets via "some interface" (msg #2)
;: [192.168.2.50]:1090 -> [192.168.1.1]:53
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54043
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      imac, type = A, class = IN
;--
root at iMac:/home/htregz/dnscap# ./dnscap -c2 -g
;@ 2007-05-16 11:18:47.651893 - 31 octets via "some interface" (msg #1)
;: [192.168.2.50]:1090 -> [192.168.1.1]:53
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60248
;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;;      www.google.ca, type = A, class = IN
;--
;@ 2007-05-16 11:18:47.654775 - 157 octets via "some interface" (msg #2)
;: [192.168.1.1]:53 -> [192.168.2.50]:1090
;; ns_initparse: Message too long
;--




On 5/14/07, Paul Vixie <paul at vix.com> wrote:
> > I emailed in with my problem before... the error was based on
> > comparison always being true... A colleague of mine (C developer
> > solved the problem) one that you may encounter in other cases.
> >
> > In the parse_args function... ch in defined as a char, in order to
> > compile properly, we had to define char as an int.
>
> anoncvs has this fix on board, the tarball did not, fixed now.
>
> > Now it runs... However I ran into an interesting error... I connected
> > to ssh while dnscap was running... the following occured:
> >
> > ;@ 2007-05-14 19:38:01.825893 - 44 octets via "some interface" (msg #1)
> > ;: [192.168.2.50]:1087 -> [192.168.1.1]:53
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 22475
> > ;; flags: rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
> > ;;      XX.XX.XX.XX.in-addr.arpa, type = PTR, class = IN
> > ;--
> > ;@ 2007-05-14 19:38:01.829034 - 89 octets via "some interface" (msg #2)
> > ;: [192.168.1.1]:53 -> [192.168.2.50]:1087
> > ;; ns_initparse: Message too long
> > ;--
>
> make sure your version is up to date and then if this still doesn't work,
> send your "uname -a" output.
>

More information about the dns-operations mailing list