[dnscap-users] interpreting dnscap output
Shawn Zhou
shawnzhou00 at yahoo.com
Wed Apr 15 22:43:52 UTC 2015
Hello,
What are the numbers in the first column mean? For example, [64], [232] in the below output?
[64] 2015-04-15 22:24:11.927847 [#26 "some interface" 0] \ [10.89.12.151].47560 [10.139.252.17].53 \ dns QUERY,NOERROR,31354,rd|ad \ 1 abc.com,IN,A 0 0 \ 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \ ,[0][232] 2015-04-15 22:24:11.977636 [#27 "some interface" 0] \ [10.139.252.17].53 [10.89.12.151].47560 \ dns QUERY,NOERROR,31354,qr|rd|ra \ 1 abc.com,IN,A \ 1 abc.com,IN,A,300,199.181.132.250 \ 4 abc.com,IN,NS,300,orns02.dig.com \ abc.com,IN,NS,300,orns01.dig.com \ abc.com,IN,NS,300,sens02.dig.com \ abc.com,IN,NS,300,sens01.dig.com \ 5 orns01.dig.com,IN,A,106691,68.71.223.14 \ orns02.dig.com,IN,A,106691,68.71.223.15 \ sens01.dig.com,IN,A,106691,139.104.186.13 \ sens02.dig.com,IN,A,106691,139.104.186.14 \ .,1272,1272,0,edns0[len=0,UDP=1272,ver=0,rcode=0,DO=0,z=0] \ ,[0]
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dnscap-users/attachments/20150415/9c0a67b7/attachment.html>
More information about the dnscap-users
mailing list