-
-
Save n8fr8/150d3666d2c843c8d89909d490ac6ae7 to your computer and use it in GitHub Desktop.
| inbound: | |
| [IPv4 Header (20 bytes)] | |
| Version: 4 (IPv4) | |
| IHL: 5 (20 [bytes]) | |
| TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0] | |
| Total length: 66 [bytes] | |
| Identification: 25123 | |
| Flags: (Reserved, Don't Fragment, More Fragment) = (false, true, false) | |
| Fragment offset: 0 (0 [bytes]) | |
| TTL: 64 | |
| Protocol: 17 (UDP) | |
| Header checksum: 0x2074 | |
| Source address: /172.16.0.1 | |
| Destination address: /10.0.2.3 | |
| [UDP Header (8 bytes)] | |
| Source port: 59317 (unknown) | |
| Destination port: 53 (Domain Name Server) | |
| Length: 46 [bytes] | |
| Checksum: 0xe880 | |
| [DNS Header (38 bytes)] | |
| ID: 0x9b3e | |
| QR: query | |
| OPCODE: 0 (Query) | |
| Authoritative Answer: false | |
| Truncated: false | |
| Recursion Desired: true | |
| Recursion Available: false | |
| Reserved Bit: 0 | |
| Authentic Data: false | |
| Checking Disabled: false | |
| RCODE: 0 (No Error) | |
| QDCOUNT: 1 | |
| ANCOUNT: 0 | |
| NSCOUNT: 0 | |
| ARCOUNT: 0 | |
| Question: | |
| QNAME: check.torproject.org | |
| QTYPE: 1 (A (Host address)) | |
| QCLASS: 1 (Internet (IN)) | |
| OUTBOUND | |
| [IPv4 Header (20 bytes)] | |
| Version: 4 (IPv4) | |
| IHL: 5 (20 [bytes]) | |
| TOS: [precedence: 0 (Routine)] [lowDelay: false] [highThroughput: false] [highReliability: false] [seventhBit: 0] [eighthBit: 0] | |
| Total length: 82 [bytes] | |
| Identification: 0 | |
| Flags: (Reserved, Don't Fragment, More Fragment) = (false, false, false) | |
| Fragment offset: 0 (0 [bytes]) | |
| TTL: 0 | |
| Protocol: 17 (UDP) | |
| Header checksum: 0x0288 | |
| Source address: /10.0.2.3 | |
| Destination address: /172.16.0.1 | |
| [UDP Header (8 bytes)] | |
| Source port: 53 (Domain Name Server) | |
| Destination port: 59317 (unknown) | |
| Length: 62 [bytes] | |
| Checksum: 0xadbd | |
| [DNS Header (54 bytes)] | |
| ID: 0x9b3e | |
| QR: response | |
| OPCODE: 0 (Query) | |
| Authoritative Answer: false | |
| Truncated: false | |
| Recursion Desired: false | |
| Recursion Available: false | |
| Reserved Bit: 0 | |
| Authentic Data: false | |
| Checking Disabled: false | |
| RCODE: 0 (No Error) | |
| QDCOUNT: 0 | |
| ANCOUNT: 1 | |
| NSCOUNT: 0 | |
| ARCOUNT: 0 | |
| Question: | |
| QNAME: check.torproject.org | |
| QTYPE: 1 (A (Host address)) | |
| QCLASS: 1 (Internet (IN)) | |
| Answer: | |
| NAME: .check.torproject.org (name: , pointer: 12) | |
| TYPE: 1 (A (Host address)) | |
| CLASS: 1 (Internet (IN)) | |
| TTL: 3600 | |
| RDLENGTH: 4 | |
| RDATA: | |
| A RDATA: | |
| ADDRESS: 116.202.120.181 (encoded) |
another one to google.com DNS lookup
REQUEST:
[IPv4 Header (20 bytes)]
Version: 4 (IPv4)
IHL: 5 (20 [bytes])
TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0]
Total length: 56 [bytes]
Identification: 39
Flags: (Reserved, Don't Fragment, More Fragment) = (false, true, false)
Fragment offset: 0 (0 [bytes])
TTL: 64
Protocol: 17 (UDP)
Header checksum: 0x7e6d
Source address: /172.16.0.1
Destination address: /8.8.8.8
[UDP Header (8 bytes)]
Source port: 12088 (unknown)
Destination port: 53 (Domain Name Server)
Length: 36 [bytes]
Checksum: 0xe665
[DNS Header (28 bytes)]
ID: 0x19f9
QR: query
OPCODE: 0 (Query)
Authoritative Answer: false
Truncated: false
Recursion Desired: true
Recursion Available: false
Reserved Bit: 0
Authentic Data: false
Checking Disabled: false
RCODE: 0 (No Error)
QDCOUNT: 1
ANCOUNT: 0
NSCOUNT: 0
ARCOUNT: 0
Question:
QNAME: google.com
QTYPE: 1 (A (Host address))
QCLASS: 1 (Internet (IN))
RESPONSE:
[IPv4 Header (20 bytes)]
Version: 4 (IPv4)
IHL: 5 (20 [bytes])
TOS: [precedence: 0 (Routine)] [lowDelay: false] [highThroughput: false] [highReliability: false] [seventhBit: 0] [eighthBit: 0]
Total length: 72 [bytes]
Identification: 0
Flags: (Reserved, Don't Fragment, More Fragment) = (false, false, false)
Fragment offset: 0 (0 [bytes])
TTL: 0
Protocol: 17 (UDP)
Header checksum: 0xfe84
Source address: /8.8.8.8
Destination address: /172.16.0.1
[UDP Header (8 bytes)]
Source port: 53 (Domain Name Server)
Destination port: 12088 (unknown)
Length: 52 [bytes]
Checksum: 0x5d5d
[DNS Header (44 bytes)]
ID: 0x19f9
QR: response
OPCODE: 0 (Query)
Authoritative Answer: false
Truncated: false
Recursion Desired: false
Recursion Available: false
Reserved Bit: 0
Authentic Data: false
Checking Disabled: false
RCODE: 0 (No Error)
QDCOUNT: 0
ANCOUNT: 1
NSCOUNT: 0
ARCOUNT: 0
Question:
QNAME: google.com
QTYPE: 1 (A (Host address))
QCLASS: 1 (Internet (IN))
Answer:
NAME: .google.com (name: , pointer: 12)
TYPE: 1 (A (Host address))
CLASS: 1 (Internet (IN))
TTL: 300
RDLENGTH: 4
RDATA:
A RDATA:
ADDRESS: 142.250.185.174 (encoded)
next packet:
[IPv4 Header (20 bytes)]
Version: 4 (IPv4)
IHL: 5 (20 [bytes])
TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0]
Total length: 55 [bytes]
Identification: 58063
Flags: (Reserved, Don't Fragment, More Fragment) = (false, true, false)
Fragment offset: 0 (0 [bytes])
TTL: 64
Protocol: 17 (UDP)
Header checksum: 0x97c1
Source address: /172.16.0.1
Destination address: /10.10.10.10
[UDP Header (8 bytes)]
Source port: 35609 (unknown)
Destination port: 53 (Domain Name Server)
Length: 35 [bytes]
Checksum: 0xc502
[DNS Header (27 bytes)]
ID: 0x3512
QR: query
OPCODE: 0 (Query)
Authoritative Answer: false
Truncated: false
Recursion Desired: true
Recursion Available: false
Reserved Bit: 0
Authentic Data: false
Checking Disabled: false
RCODE: 0 (No Error)
QDCOUNT: 1
ANCOUNT: 0
NSCOUNT: 0
ARCOUNT: 0
Question:
QNAME: xsbfipyca
QTYPE: 1 (A (Host address))
QCLASS: 1 (Internet (IN))
next response:
[IPv4 Header (20 bytes)]
Version: 4 (IPv4)
IHL: 5 (20 [bytes])
TOS: [precedence: 0 (Routine)] [lowDelay: false] [highThroughput: false] [highReliability: false] [seventhBit: 0] [eighthBit: 0]
Total length: 55 [bytes]
Identification: 0
Flags: (Reserved, Don't Fragment, More Fragment) = (false, false, false)
Fragment offset: 0 (0 [bytes])
TTL: 0
Protocol: 17 (UDP)
Header checksum: 0xfa91
Source address: /10.10.10.10
Destination address: /172.16.0.1
[UDP Header (8 bytes)]
Source port: 53 (Domain Name Server)
Destination port: 35609 (unknown)
Length: 35 [bytes]
Checksum: 0x4600
[DNS Header (27 bytes)]
ID: 0x3512
QR: response
OPCODE: 0 (Query)
Authoritative Answer: false
Truncated: false
Recursion Desired: false
Recursion Available: false
Reserved Bit: 0
Authentic Data: false
Checking Disabled: false
RCODE: 3 (Non-Existent Domain)
QDCOUNT: 0
ANCOUNT: 0
NSCOUNT: 0
ARCOUNT: 0
Question:
QNAME: xsbfipyca
QTYPE: 1 (A (Host address))
QCLASS: 1 (Internet (IN))