["Mark Pizzolato" <ethereal-dev-20030907@xxxxxxxxxxxxxxxxx>]

On Oct 2, 2003, at 3:59 PM Guy Harris wrote:

> On Oct 2, 2003, at 3:48 PM, Mark Pizzolato wrote:
> 
> Some Versions of BIND make some of the TCP queries to another server 
> > that end up delivering the request in 2 TCP packets. The first 
> > contains a 2 byte packet length for the data contained in the second 
> > packet.
> > 
> > As a result of this request spanning 2 packets, Ethereal's Disector 
> > can't decode the actual request data.
> 
> Can it dissect it if you turn on both the "Desegment all DNS messages 
> spanning multiple TCP segments" option for DNS and the "Allow 
> subdissector to desegment TCP streams" option for TCP, if they're not 
> already on?
> 
> Select Preferences from the Edit menu, open up the "Protocols" list in 
> the Preferences dialog box, select DNS, set the DNS option in question 
> if it's not already set, select TCP, set the TCP option in question if 
> it's not already set, and then click "OK".  (Click "Save" before 
> clicking "OK" if you want those saved as default settings.)

Awesome!!! 

Thanks.

- Mark Pizzolato