[Guy Harris <guy@xxxxxxxxxxxx>]

On Oct 2, 2003, at 3:48 PM, Mark Pizzolato wrote:

> Some Versions of BIND make some of the TCP queries to another server 
> that end up delivering the request in 2 TCP packets.  The first 
> contains a 2 byte packet length for the data contained in the second 
> packet.
>  
> As a result of this request spanning 2 packets, Ethereal's Disector 
> can't decode the actual request data.
Can it dissect it if you turn on both the "Desegment all DNS messages 
spanning multiple TCP segments" option for DNS and the "Allow 
subdissector to desegment TCP streams" option for TCP, if they're not 
already on?
Select Preferences from the Edit menu, open up the "Protocols" list in 
the Preferences dialog box, select DNS, set the DNS option in question 
if it's not already set, select TCP, set the TCP option in question if 
it's not already set, and then click "OK".  (Click "Save" before 
clicking "OK" if you want those saved as default settings.)