Created
February 10, 2022 22:41
-
-
Save n8fr8/150d3666d2c843c8d89909d490ac6ae7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| inbound: | |
| [IPv4 Header (20 bytes)] | |
| Version: 4 (IPv4) | |
| IHL: 5 (20 [bytes]) | |
| TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0] | |
| Total length: 66 [bytes] | |
| Identification: 25123 | |
| Flags: (Reserved, Don't Fragment, More Fragment) = (false, true, false) | |
| Fragment offset: 0 (0 [bytes]) | |
| TTL: 64 | |
| Protocol: 17 (UDP) | |
| Header checksum: 0x2074 | |
| Source address: /172.16.0.1 | |
| Destination address: /10.0.2.3 | |
| [UDP Header (8 bytes)] | |
| Source port: 59317 (unknown) | |
| Destination port: 53 (Domain Name Server) | |
| Length: 46 [bytes] | |
| Checksum: 0xe880 | |
| [DNS Header (38 bytes)] | |
| ID: 0x9b3e | |
| QR: query | |
| OPCODE: 0 (Query) | |
| Authoritative Answer: false | |
| Truncated: false | |
| Recursion Desired: true | |
| Recursion Available: false | |
| Reserved Bit: 0 | |
| Authentic Data: false | |
| Checking Disabled: false | |
| RCODE: 0 (No Error) | |
| QDCOUNT: 1 | |
| ANCOUNT: 0 | |
| NSCOUNT: 0 | |
| ARCOUNT: 0 | |
| Question: | |
| QNAME: check.torproject.org | |
| QTYPE: 1 (A (Host address)) | |
| QCLASS: 1 (Internet (IN)) | |
| OUTBOUND | |
| [IPv4 Header (20 bytes)] | |
| Version: 4 (IPv4) | |
| IHL: 5 (20 [bytes]) | |
| TOS: [precedence: 0 (Routine)] [lowDelay: false] [highThroughput: false] [highReliability: false] [seventhBit: 0] [eighthBit: 0] | |
| Total length: 82 [bytes] | |
| Identification: 0 | |
| Flags: (Reserved, Don't Fragment, More Fragment) = (false, false, false) | |
| Fragment offset: 0 (0 [bytes]) | |
| TTL: 0 | |
| Protocol: 17 (UDP) | |
| Header checksum: 0x0288 | |
| Source address: /10.0.2.3 | |
| Destination address: /172.16.0.1 | |
| [UDP Header (8 bytes)] | |
| Source port: 53 (Domain Name Server) | |
| Destination port: 59317 (unknown) | |
| Length: 62 [bytes] | |
| Checksum: 0xadbd | |
| [DNS Header (54 bytes)] | |
| ID: 0x9b3e | |
| QR: response | |
| OPCODE: 0 (Query) | |
| Authoritative Answer: false | |
| Truncated: false | |
| Recursion Desired: false | |
| Recursion Available: false | |
| Reserved Bit: 0 | |
| Authentic Data: false | |
| Checking Disabled: false | |
| RCODE: 0 (No Error) | |
| QDCOUNT: 0 | |
| ANCOUNT: 1 | |
| NSCOUNT: 0 | |
| ARCOUNT: 0 | |
| Question: | |
| QNAME: check.torproject.org | |
| QTYPE: 1 (A (Host address)) | |
| QCLASS: 1 (Internet (IN)) | |
| Answer: | |
| NAME: .check.torproject.org (name: , pointer: 12) | |
| TYPE: 1 (A (Host address)) | |
| CLASS: 1 (Internet (IN)) | |
| TTL: 3600 | |
| RDLENGTH: 4 | |
| RDATA: | |
| A RDATA: | |
| ADDRESS: 116.202.120.181 (encoded) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
another one to google.com DNS lookup
REQUEST:
[IPv4 Header (20 bytes)]
Version: 4 (IPv4)
IHL: 5 (20 [bytes])
TOS: [precedence: 0 (Routine)] [tos: 0 (Default)] [mbz: 0]
Total length: 56 [bytes]
Identification: 39
Flags: (Reserved, Don't Fragment, More Fragment) = (false, true, false)
Fragment offset: 0 (0 [bytes])
TTL: 64
Protocol: 17 (UDP)
Header checksum: 0x7e6d
Source address: /172.16.0.1
Destination address: /8.8.8.8
[UDP Header (8 bytes)]
Source port: 12088 (unknown)
Destination port: 53 (Domain Name Server)
Length: 36 [bytes]
Checksum: 0xe665
[DNS Header (28 bytes)]
ID: 0x19f9
QR: query
OPCODE: 0 (Query)
Authoritative Answer: false
Truncated: false
Recursion Desired: true
Recursion Available: false
Reserved Bit: 0
Authentic Data: false
Checking Disabled: false
RCODE: 0 (No Error)
QDCOUNT: 1
ANCOUNT: 0
NSCOUNT: 0
ARCOUNT: 0
Question:
QNAME: google.com
QTYPE: 1 (A (Host address))
QCLASS: 1 (Internet (IN))
RESPONSE:
[IPv4 Header (20 bytes)]
Version: 4 (IPv4)
IHL: 5 (20 [bytes])
TOS: [precedence: 0 (Routine)] [lowDelay: false] [highThroughput: false] [highReliability: false] [seventhBit: 0] [eighthBit: 0]
Total length: 72 [bytes]
Identification: 0
Flags: (Reserved, Don't Fragment, More Fragment) = (false, false, false)
Fragment offset: 0 (0 [bytes])
TTL: 0
Protocol: 17 (UDP)
Header checksum: 0xfe84
Source address: /8.8.8.8
Destination address: /172.16.0.1
[UDP Header (8 bytes)]
Source port: 53 (Domain Name Server)
Destination port: 12088 (unknown)
Length: 52 [bytes]
Checksum: 0x5d5d
[DNS Header (44 bytes)]
ID: 0x19f9
QR: response
OPCODE: 0 (Query)
Authoritative Answer: false
Truncated: false
Recursion Desired: false
Recursion Available: false
Reserved Bit: 0
Authentic Data: false
Checking Disabled: false
RCODE: 0 (No Error)
QDCOUNT: 0
ANCOUNT: 1
NSCOUNT: 0
ARCOUNT: 0
Question:
QNAME: google.com
QTYPE: 1 (A (Host address))
QCLASS: 1 (Internet (IN))
Answer:
NAME: .google.com (name: , pointer: 12)
TYPE: 1 (A (Host address))
CLASS: 1 (Internet (IN))
TTL: 300
RDLENGTH: 4
RDATA:
A RDATA:
ADDRESS: 142.250.185.174 (encoded)