[dnscap-users] interpreting dnscap output
Wessels, Duane
dwessels at verisign.com
Thu Apr 16 21:01:32 UTC 2015
Shawn,
Those numbers represent the size of the DNS message in bytes. In your example
the query is 64 bytes and the response is 232 bytes.
DW
> On Apr 15, 2015, at 3:43 PM, Shawn Zhou <shawnzhou00 at yahoo.com> wrote:
>
> Hello,
>
> What are the numbers in the first column mean? For example, [64], [232] in the below output?
>
> [64] 2015-04-15 22:24:11.927847 [#26 "some interface" 0] \
> [10.89.12.151].47560 [10.139.252.17].53 \
> dns QUERY,NOERROR,31354,rd|ad \
> 1 abc.com,IN,A 0 0 \
> 1 .,4096,4096,0,edns0[len=0,UDP=4096,ver=0,rcode=0,DO=0,z=0] \
> ,[0]
> [232] 2015-04-15 22:24:11.977636 [#27 "some interface" 0] \
> [10.139.252.17].53 [10.89.12.151].47560 \
> dns QUERY,NOERROR,31354,qr|rd|ra \
> 1 abc.com,IN,A \
> 1 abc.com,IN,A,300,199.181.132.250 \
> 4 abc.com,IN,NS,300,orns02.dig.com \
> abc.com,IN,NS,300,orns01.dig.com \
> abc.com,IN,NS,300,sens02.dig.com \
> abc.com,IN,NS,300,sens01.dig.com \
> 5 orns01.dig.com,IN,A,106691,68.71.223.14 \
> orns02.dig.com,IN,A,106691,68.71.223.15 \
> sens01.dig.com,IN,A,106691,139.104.186.13 \
> sens02.dig.com,IN,A,106691,139.104.186.14 \
> .,1272,1272,0,edns0[len=0,UDP=1272,ver=0,rcode=0,DO=0,z=0] \
> ,[0]
> _______________________________________________
> dnscap-users mailing list
> dnscap-users at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dnscap-users
More information about the dnscap-users
mailing list