Re^2: Disassembling DNS Packet

Thanks for taking a stab at a vague question.

You did not define "does not work"

It does not return any RR's or the Question. It parses the UDP header. I have that with NetPacket::UDP.

I've got a more specific question that will probably get me started in the right direction. The transaction ID is the first two bytes in the payload. The following code should return the transaction ID, but I'm not doing it right

my $udp_packet = NetPacket::UDP->decode($A_raw_IP_Packet);
my $payload = $udp_obj->{data};
#unpack "v" might return the two-bytes as an integer?
my $transID = unpack(v, substr($payload,0,2));
print "there's a transID of $transID \n";
[download]

Running my script, I get

Theres a transid 14964. In a separate terminal, dig returns an ID 7751

Comment on Re^2: Disassembling DNS Packet Download Code

Replies are listed 'Best First'.
Re^3: Disassembling DNS Packet by mpapet (Novice) on May 13, 2010 at 20:43 UTC
I figured the question about getting the ID from the UDP payload with everyone's help. My problem was the implementation of NetPacket::IP and then NetPacket::UDP. The following code gets the ID out of the DNS packet. `my $ip_obj = NetPacket::IP::strip($Raw_IP_Packet); my $udp_obj = NetPacket::UDP->decode($ip_obj); if ($udp_obj->{len}) { my $payload = $udp_obj->{data}; my $transid1 = unpack('n', substr($payload,0,2)); print "The transID is $transid1 \n"; }` [download] My big mistake was the first line was wrong. " ...NetPacket::IP->decode($Raw_IP_packet);" This doesn't get the packet set up right. As the documentation for NetPacket::IP says, it happily parses garbage. Net::DNS::Packet works, but I didn't see the errors of my ways until I got the ID working. the following code works in my situation. `use Net::DNS::Packet; use Data::Dumper; use NetPacket::UDP; use NetPacket::IP; my $ip_obj = NetPacket::IP::strip($Raw_IP_Packet); my $udp_obj = NetPacket::UDP->decode($ip_obj); if ($udp_obj->{len}) { my $payload2 = $udp_obj->{data}; my $test = Net::DNS::Packet->new(\$payload2); if ($test) { my @answer = $test->answer; print Dumper(@answer); } else { print "no Net::DNS::Packet \n";} } }` [download] I get a complete @answer back when doing "dig slashdot.org" in another terminal. A big thank you to everyone who gave me a push in the right direction despite my vague question.	[reply] [d/l] [select]
Re^3: Disassembling DNS Packet by JavaFan (Canon) on May 13, 2010 at 16:12 UTC
`unpack "v"`? Are you sure? Little-endian? For a network protocol?	[reply] [d/l]
Re^4: Disassembling DNS Packet by ikegami (Patriarch) on May 13, 2010 at 20:48 UTC
It should definitely be 'n'. "When a multi-octet quantity is transmitted[,] the most significant octet is transmitted first."	[reply]
Re^4: Disassembling DNS Packet by mpapet (Novice) on May 13, 2010 at 17:23 UTC
unpack "v"? Are you sure? Little-endian? For a network protocol? This is where I need some help. `my $transid = unpack('n', substr($payload,0,2));` [download] My script returns "Theres a transid 29754" and dig returns 43785 in a separate terminal.	[reply] [d/l]
Re^5: Disassembling DNS Packet by ikegami (Patriarch) on May 13, 2010 at 20:36 UTC
There's no relation between 29754 (0x743A) and 43785 (0xAB09). You're trying to unpack the wrong bytes, your expectations are wrong, or both.	[reply]
Re^3: Disassembling DNS Packet by zwon (Abbot) on May 13, 2010 at 17:51 UTC
As JavaFan has said that should be 'n', not 'v'. If IDs in script and terminal are different, then how do you know that you captured the right packet? Why do you assigning decoded UDP packet to `$udp_packet` variable, but getting `$payload` from `$udp_obj`? Are you using strict and warnings? Could you post packet data and actual script that we could run? See also How do I post a question effectively?	[reply] [d/l] [select]