tcpdump help
- Started
- Last post
- 2 Responses
- mikabast
i need it for one of my courses. i need to check the incoming and outgoing port of a dns requiest from a tcpdump output:
20:40:37.445251 00:24:36:b3:0e:7d > 00:25:86:cf:aa:3a, ethertype IPv4 (0x0800), length 78: (tos 0x0, ttl 64, id 50302, offset 0, flags [none], proto UDP (17), length
64) 192.168.1.100.55911 > 84.2.46.1.53: [udp sum ok] 33219+ A? morethan2weeks.com. (36)20:40:37.519232 00:25:86:cf:aa:3a > 00:24:36:b3:0e:7d, ethertype IPv4 (0x0800), length 151: (tos 0x0, ttl 60, id 47360, offset 0, flags [none], proto UDP (17), length
137) 84.2.46.1.53 > 192.168.1.100.55911: [udp sum ok] 33219 q: A? morethan2weeks.com. 1/2/0 morethan2weeks.com. A 195.228.74.96 ns: morethan2weeks.com. NS
ns.a-one.hu., morethan2weeks.com. NS ns2.hostoffice.co.hu. (109)thanks...
- mikabast0
oh and it's not a spam, don't click on the links :-)
- acescence0
I'm not any sort of tcp pro, but it's typically host.port, and I do know that port 53 is dns, so... I'll guess you're querying on port 53 and the response is coming back on port 55911