Created
August 24, 2017 09:33
-
-
Save otsuka752/27641751131501502d8ab042cd89242f to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [mbook]$ tshark -V -r dnssec-do-bit_1.pcap | |
| Frame 1: 88 bytes on wire (704 bits), 88 bytes captured (704 bits) | |
| Encapsulation type: Ethernet (1) | |
| Arrival Time: Aug 24, 2017 18:19:38.679616000 JST | |
| [Time shift for this packet: 0.000000000 seconds] | |
| Epoch Time: 1503566378.679616000 seconds | |
| [Time delta from previous captured frame: 0.000000000 seconds] | |
| [Time delta from previous displayed frame: 0.000000000 seconds] | |
| [Time since reference or first frame: 0.000000000 seconds] | |
| Frame Number: 1 | |
| Frame Length: 88 bytes (704 bits) | |
| Capture Length: 88 bytes (704 bits) | |
| [Frame is marked: False] | |
| [Frame is ignored: False] | |
| [Protocols in frame: eth:ethertype:ip:udp:dns] | |
| Ethernet II, Src: Raspberr_b2:3a:b2 (b8:27:eb:b2:3a:b2), Dst: NecPlatf_fe:ae:74 (1c:b1:7f:fe:ae:74) | |
| Destination: NecPlatf_fe:ae:74 (1c:b1:7f:fe:ae:74) | |
| Address: NecPlatf_fe:ae:74 (1c:b1:7f:fe:ae:74) | |
| .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) | |
| .... ...0 .... .... .... .... = IG bit: Individual address (unicast) | |
| Source: Raspberr_b2:3a:b2 (b8:27:eb:b2:3a:b2) | |
| Address: Raspberr_b2:3a:b2 (b8:27:eb:b2:3a:b2) | |
| .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) | |
| .... ...0 .... .... .... .... = IG bit: Individual address (unicast) | |
| Type: IPv4 (0x0800) | |
| Internet Protocol Version 4, Src: 172.31.31.36, Dst: 210.196.3.183 | |
| 0100 .... = Version: 4 | |
| .... 0101 = Header Length: 20 bytes (5) | |
| Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) | |
| 0000 00.. = Differentiated Services Codepoint: Default (0) | |
| .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) | |
| Total Length: 74 | |
| Identification: 0xfb94 (64404) | |
| Flags: 0x00 | |
| 0... .... = Reserved bit: Not set | |
| .0.. .... = Don't fragment: Not set | |
| ..0. .... = More fragments: Not set | |
| Fragment offset: 0 | |
| Time to live: 64 | |
| Protocol: UDP (17) | |
| Header checksum: 0xdd4f [validation disabled] | |
| [Header checksum status: Unverified] | |
| Source: 172.31.31.36 | |
| Destination: 210.196.3.183 | |
| [Source GeoIP: Unknown] | |
| [Destination GeoIP: Unknown] | |
| User Datagram Protocol, Src Port: 54736, Dst Port: 53 | |
| Source Port: 54736 | |
| Destination Port: 53 | |
| Length: 54 | |
| Checksum: 0xa206 [unverified] | |
| [Checksum Status: Unverified] | |
| [Stream index: 0] | |
| Domain Name System (query) | |
| Transaction ID: 0x430e | |
| Flags: 0x0130 Standard query | |
| 0... .... .... .... = Response: Message is a query | |
| .000 0... .... .... = Opcode: Standard query (0) | |
| .... ..0. .... .... = Truncated: Message is not truncated | |
| .... ...1 .... .... = Recursion desired: Do query recursively | |
| .... .... .0.. .... = Z: reserved (0) | |
| .... .... ..1. .... = AD bit: Set | |
| .... .... ...1 .... = Non-authenticated data: Acceptable | |
| Questions: 1 | |
| Answer RRs: 0 | |
| Authority RRs: 0 | |
| Additional RRs: 1 | |
| Queries | |
| dnssec-failed.org: type A, class IN | |
| Name: dnssec-failed.org | |
| [Name Length: 17] | |
| [Label Count: 2] | |
| Type: A (Host Address) (1) | |
| Class: IN (0x0001) | |
| Additional records | |
| <Root>: type OPT | |
| Name: <Root> | |
| Type: OPT (41) | |
| UDP payload size: 4096 | |
| Higher bits in extended RCODE: 0x00 | |
| EDNS0 version: 0 | |
| Z: 0x8000 | |
| 1... .... .... .... = DO bit: Accepts DNSSEC security RRs | |
| .000 0000 0000 0000 = Reserved: 0x0000 | |
| Data length: 0 | |
| Frame 2: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) | |
| Encapsulation type: Ethernet (1) | |
| Arrival Time: Aug 24, 2017 18:19:38.697551000 JST | |
| [Time shift for this packet: 0.000000000 seconds] | |
| Epoch Time: 1503566378.697551000 seconds | |
| [Time delta from previous captured frame: 0.017935000 seconds] | |
| [Time delta from previous displayed frame: 0.017935000 seconds] | |
| [Time since reference or first frame: 0.017935000 seconds] | |
| Frame Number: 2 | |
| Frame Length: 104 bytes (832 bits) | |
| Capture Length: 104 bytes (832 bits) | |
| [Frame is marked: False] | |
| [Frame is ignored: False] | |
| [Protocols in frame: eth:ethertype:ip:udp:dns] | |
| Ethernet II, Src: NecPlatf_fe:ae:74 (1c:b1:7f:fe:ae:74), Dst: Raspberr_b2:3a:b2 (b8:27:eb:b2:3a:b2) | |
| Destination: Raspberr_b2:3a:b2 (b8:27:eb:b2:3a:b2) | |
| Address: Raspberr_b2:3a:b2 (b8:27:eb:b2:3a:b2) | |
| .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) | |
| .... ...0 .... .... .... .... = IG bit: Individual address (unicast) | |
| Source: NecPlatf_fe:ae:74 (1c:b1:7f:fe:ae:74) | |
| Address: NecPlatf_fe:ae:74 (1c:b1:7f:fe:ae:74) | |
| .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) | |
| .... ...0 .... .... .... .... = IG bit: Individual address (unicast) | |
| Type: IPv4 (0x0800) | |
| Internet Protocol Version 4, Src: 210.196.3.183, Dst: 172.31.31.36 | |
| 0100 .... = Version: 4 | |
| .... 0101 = Header Length: 20 bytes (5) | |
| Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) | |
| 0000 00.. = Differentiated Services Codepoint: Default (0) | |
| .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) | |
| Total Length: 90 | |
| Identification: 0xde78 (56952) | |
| Flags: 0x00 | |
| 0... .... = Reserved bit: Not set | |
| .0.. .... = Don't fragment: Not set | |
| ..0. .... = More fragments: Not set | |
| Fragment offset: 0 | |
| Time to live: 249 | |
| Protocol: UDP (17) | |
| Header checksum: 0x415b [validation disabled] | |
| [Header checksum status: Unverified] | |
| Source: 210.196.3.183 | |
| Destination: 172.31.31.36 | |
| [Source GeoIP: Unknown] | |
| [Destination GeoIP: Unknown] | |
| User Datagram Protocol, Src Port: 53, Dst Port: 54736 | |
| Source Port: 53 | |
| Destination Port: 54736 | |
| Length: 70 | |
| Checksum: 0xb586 [unverified] | |
| [Checksum Status: Unverified] | |
| [Stream index: 0] | |
| Domain Name System (response) | |
| [Request In: 1] | |
| [Time: 0.017935000 seconds] | |
| Transaction ID: 0x430e | |
| Flags: 0x8180 Standard query response, No error | |
| 1... .... .... .... = Response: Message is a response | |
| .000 0... .... .... = Opcode: Standard query (0) | |
| .... .0.. .... .... = Authoritative: Server is not an authority for domain | |
| .... ..0. .... .... = Truncated: Message is not truncated | |
| .... ...1 .... .... = Recursion desired: Do query recursively | |
| .... .... 1... .... = Recursion available: Server can do recursive queries | |
| .... .... .0.. .... = Z: reserved (0) | |
| .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server | |
| .... .... ...0 .... = Non-authenticated data: Unacceptable | |
| .... .... .... 0000 = Reply code: No error (0) | |
| Questions: 1 | |
| Answer RRs: 1 | |
| Authority RRs: 0 | |
| Additional RRs: 1 | |
| Queries | |
| dnssec-failed.org: type A, class IN | |
| Name: dnssec-failed.org | |
| [Name Length: 17] | |
| [Label Count: 2] | |
| Type: A (Host Address) (1) | |
| Class: IN (0x0001) | |
| Answers | |
| dnssec-failed.org: type A, class IN, addr 69.252.80.75 | |
| Name: dnssec-failed.org | |
| Type: A (Host Address) (1) | |
| Class: IN (0x0001) | |
| Time to live: 6830 | |
| Data length: 4 | |
| Address: 69.252.80.75 | |
| Additional records | |
| <Root>: type OPT | |
| Name: <Root> | |
| Type: OPT (41) | |
| UDP payload size: 1400 | |
| Higher bits in extended RCODE: 0x00 | |
| EDNS0 version: 0 | |
| Z: 0x0000 | |
| 0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs | |
| .000 0000 0000 0000 = Reserved: 0x0000 | |
| Data length: 0 | |
| Frame 3: 88 bytes on wire (704 bits), 88 bytes captured (704 bits) | |
| Encapsulation type: Ethernet (1) | |
| Arrival Time: Aug 24, 2017 18:19:43.002495000 JST | |
| [Time shift for this packet: 0.000000000 seconds] | |
| Epoch Time: 1503566383.002495000 seconds | |
| [Time delta from previous captured frame: 4.304944000 seconds] | |
| [Time delta from previous displayed frame: 4.304944000 seconds] | |
| [Time since reference or first frame: 4.322879000 seconds] | |
| Frame Number: 3 | |
| Frame Length: 88 bytes (704 bits) | |
| Capture Length: 88 bytes (704 bits) | |
| [Frame is marked: False] | |
| [Frame is ignored: False] | |
| [Protocols in frame: eth:ethertype:ip:udp:dns] | |
| Ethernet II, Src: Raspberr_b2:3a:b2 (b8:27:eb:b2:3a:b2), Dst: NecPlatf_fe:ae:74 (1c:b1:7f:fe:ae:74) | |
| Destination: NecPlatf_fe:ae:74 (1c:b1:7f:fe:ae:74) | |
| Address: NecPlatf_fe:ae:74 (1c:b1:7f:fe:ae:74) | |
| .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) | |
| .... ...0 .... .... .... .... = IG bit: Individual address (unicast) | |
| Source: Raspberr_b2:3a:b2 (b8:27:eb:b2:3a:b2) | |
| Address: Raspberr_b2:3a:b2 (b8:27:eb:b2:3a:b2) | |
| .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) | |
| .... ...0 .... .... .... .... = IG bit: Individual address (unicast) | |
| Type: IPv4 (0x0800) | |
| Internet Protocol Version 4, Src: 172.31.31.36, Dst: 210.196.3.183 | |
| 0100 .... = Version: 4 | |
| .... 0101 = Header Length: 20 bytes (5) | |
| Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) | |
| 0000 00.. = Differentiated Services Codepoint: Default (0) | |
| .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) | |
| Total Length: 74 | |
| Identification: 0xfcf4 (64756) | |
| Flags: 0x00 | |
| 0... .... = Reserved bit: Not set | |
| .0.. .... = Don't fragment: Not set | |
| ..0. .... = More fragments: Not set | |
| Fragment offset: 0 | |
| Time to live: 64 | |
| Protocol: UDP (17) | |
| Header checksum: 0xdbef [validation disabled] | |
| [Header checksum status: Unverified] | |
| Source: 172.31.31.36 | |
| Destination: 210.196.3.183 | |
| [Source GeoIP: Unknown] | |
| [Destination GeoIP: Unknown] | |
| User Datagram Protocol, Src Port: 48301, Dst Port: 53 | |
| Source Port: 48301 | |
| Destination Port: 53 | |
| Length: 54 | |
| Checksum: 0xa206 [unverified] | |
| [Checksum Status: Unverified] | |
| [Stream index: 1] | |
| Domain Name System (query) | |
| Transaction ID: 0xd2b1 | |
| Flags: 0x0130 Standard query | |
| 0... .... .... .... = Response: Message is a query | |
| .000 0... .... .... = Opcode: Standard query (0) | |
| .... ..0. .... .... = Truncated: Message is not truncated | |
| .... ...1 .... .... = Recursion desired: Do query recursively | |
| .... .... .0.. .... = Z: reserved (0) | |
| .... .... ..1. .... = AD bit: Set | |
| .... .... ...1 .... = Non-authenticated data: Acceptable | |
| Questions: 1 | |
| Answer RRs: 0 | |
| Authority RRs: 0 | |
| Additional RRs: 1 | |
| Queries | |
| dnssec-failed.org: type A, class IN | |
| Name: dnssec-failed.org | |
| [Name Length: 17] | |
| [Label Count: 2] | |
| Type: A (Host Address) (1) | |
| Class: IN (0x0001) | |
| Additional records | |
| <Root>: type OPT | |
| Name: <Root> | |
| Type: OPT (41) | |
| UDP payload size: 4096 | |
| Higher bits in extended RCODE: 0x00 | |
| EDNS0 version: 0 | |
| Z: 0x0000 | |
| 0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs | |
| .000 0000 0000 0000 = Reserved: 0x0000 | |
| Data length: 0 | |
| Frame 4: 104 bytes on wire (832 bits), 104 bytes captured (832 bits) | |
| Encapsulation type: Ethernet (1) | |
| Arrival Time: Aug 24, 2017 18:19:43.020370000 JST | |
| [Time shift for this packet: 0.000000000 seconds] | |
| Epoch Time: 1503566383.020370000 seconds | |
| [Time delta from previous captured frame: 0.017875000 seconds] | |
| [Time delta from previous displayed frame: 0.017875000 seconds] | |
| [Time since reference or first frame: 4.340754000 seconds] | |
| Frame Number: 4 | |
| Frame Length: 104 bytes (832 bits) | |
| Capture Length: 104 bytes (832 bits) | |
| [Frame is marked: False] | |
| [Frame is ignored: False] | |
| [Protocols in frame: eth:ethertype:ip:udp:dns] | |
| Ethernet II, Src: NecPlatf_fe:ae:74 (1c:b1:7f:fe:ae:74), Dst: Raspberr_b2:3a:b2 (b8:27:eb:b2:3a:b2) | |
| Destination: Raspberr_b2:3a:b2 (b8:27:eb:b2:3a:b2) | |
| Address: Raspberr_b2:3a:b2 (b8:27:eb:b2:3a:b2) | |
| .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) | |
| .... ...0 .... .... .... .... = IG bit: Individual address (unicast) | |
| Source: NecPlatf_fe:ae:74 (1c:b1:7f:fe:ae:74) | |
| Address: NecPlatf_fe:ae:74 (1c:b1:7f:fe:ae:74) | |
| .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default) | |
| .... ...0 .... .... .... .... = IG bit: Individual address (unicast) | |
| Type: IPv4 (0x0800) | |
| Internet Protocol Version 4, Src: 210.196.3.183, Dst: 172.31.31.36 | |
| 0100 .... = Version: 4 | |
| .... 0101 = Header Length: 20 bytes (5) | |
| Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT) | |
| 0000 00.. = Differentiated Services Codepoint: Default (0) | |
| .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0) | |
| Total Length: 90 | |
| Identification: 0xde79 (56953) | |
| Flags: 0x00 | |
| 0... .... = Reserved bit: Not set | |
| .0.. .... = Don't fragment: Not set | |
| ..0. .... = More fragments: Not set | |
| Fragment offset: 0 | |
| Time to live: 249 | |
| Protocol: UDP (17) | |
| Header checksum: 0x415a [validation disabled] | |
| [Header checksum status: Unverified] | |
| Source: 210.196.3.183 | |
| Destination: 172.31.31.36 | |
| [Source GeoIP: Unknown] | |
| [Destination GeoIP: Unknown] | |
| User Datagram Protocol, Src Port: 53, Dst Port: 48301 | |
| Source Port: 53 | |
| Destination Port: 48301 | |
| Length: 70 | |
| Checksum: 0x4406 [unverified] | |
| [Checksum Status: Unverified] | |
| [Stream index: 1] | |
| Domain Name System (response) | |
| [Request In: 3] | |
| [Time: 0.017875000 seconds] | |
| Transaction ID: 0xd2b1 | |
| Flags: 0x8180 Standard query response, No error | |
| 1... .... .... .... = Response: Message is a response | |
| .000 0... .... .... = Opcode: Standard query (0) | |
| .... .0.. .... .... = Authoritative: Server is not an authority for domain | |
| .... ..0. .... .... = Truncated: Message is not truncated | |
| .... ...1 .... .... = Recursion desired: Do query recursively | |
| .... .... 1... .... = Recursion available: Server can do recursive queries | |
| .... .... .0.. .... = Z: reserved (0) | |
| .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server | |
| .... .... ...0 .... = Non-authenticated data: Unacceptable | |
| .... .... .... 0000 = Reply code: No error (0) | |
| Questions: 1 | |
| Answer RRs: 1 | |
| Authority RRs: 0 | |
| Additional RRs: 1 | |
| Queries | |
| dnssec-failed.org: type A, class IN | |
| Name: dnssec-failed.org | |
| [Name Length: 17] | |
| [Label Count: 2] | |
| Type: A (Host Address) (1) | |
| Class: IN (0x0001) | |
| Answers | |
| dnssec-failed.org: type A, class IN, addr 69.252.80.75 | |
| Name: dnssec-failed.org | |
| Type: A (Host Address) (1) | |
| Class: IN (0x0001) | |
| Time to live: 6825 | |
| Data length: 4 | |
| Address: 69.252.80.75 | |
| Additional records | |
| <Root>: type OPT | |
| Name: <Root> | |
| Type: OPT (41) | |
| UDP payload size: 1400 | |
| Higher bits in extended RCODE: 0x00 | |
| EDNS0 version: 0 | |
| Z: 0x0000 | |
| 0... .... .... .... = DO bit: Cannot handle DNSSEC security RRs | |
| .000 0000 0000 0000 = Reserved: 0x0000 | |
| Data length: 0 | |
| [mbook]$ |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment