[dnscap-users] interpreting dnscap output

Wessels, Duane dwessels at verisign.com
Thu Apr 16 21:01:32 UTC 2015


Shawn,

Those numbers represent the size of the DNS message in bytes.  In your example
the query is 64 bytes and the response is 232 bytes.

DW


> On Apr 15, 2015, at 3:43 PM, Shawn Zhou <shawnzhou00 at yahoo.com> wrote:
> 
> Hello,
> 
> What are the numbers in the first column mean? For example, [64], [232] in the below output?
> 
>  [64] 2015-04-15 22:24:11.927847 [#26 "some interface" 0] \
>     [10.89.12.151].47560 [10.139.252.17].53  \
>     dns QUERY,NOERROR,31354,rd|ad \
>     1 abc.com,IN,A 0 0 \
>     1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \
>     ,[0]
> [232] 2015-04-15 22:24:11.977636 [#27 "some interface" 0] \
>     [10.139.252.17].53 [10.89.12.151].47560  \
>     dns QUERY,NOERROR,31354,qr|rd|ra \
>     1 abc.com,IN,A \
>     1 abc.com,IN,A,300,199.181.132.250 \
>     4 abc.com,IN,NS,300,orns02.dig.com \
>     abc.com,IN,NS,300,orns01.dig.com \
>     abc.com,IN,NS,300,sens02.dig.com \
>     abc.com,IN,NS,300,sens01.dig.com \
>     5 orns01.dig.com,IN,A,106691,68.71.223.14 \
>     orns02.dig.com,IN,A,106691,68.71.223.15 \
>     sens01.dig.com,IN,A,106691,139.104.186.13 \
>     sens02.dig.com,IN,A,106691,139.104.186.14 \
>     .,1272,1272,0,edns0[len=0,UDP=1272,ver=0,rcode=0,DO=0,z=0] \
>     ,[0]
> _______________________________________________
> dnscap-users mailing list
> dnscap-users at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dnscap-users




More information about the dnscap-users mailing list