Wireshark-users: Re: [Wireshark-users] DNS Compression?

From: "Visser, Martin" <martin.visser@xxxxxx>
Date: Thu, 3 Jul 2008 02:44:54 +0000
I think you will find that a lot of DNS responses have compression. Search for the A record for www.google.com. Every name in the response apart from the first is compressed. Just click on a name field in the Packet Details in Wireshark and you will see in the highlighted hex that it corresponds to only 2 bytes.

Regards, Martin

Martin Visser

Technology Consultant
Technology Solutions Group

410 Concord Road
Rhodes NSW  2138
Australia

Mobile: +61-411-254-513
Fax: +61-2-9022-1800
E-mail: martin.visserAThp.com

This email (including any attachments) is intended only for the use of the individual or entity named above and may contain information that is confidential, proprietary or privileged. If you are not the intended recipient, please notify HP immediately by return email and then delete the email, destroy any printed copy and do not disclose or use the information in it.


-----Original Message-----
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Adsquaired
Sent: Wednesday, 2 July 2008 10:59 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] DNS Compression?

Hello,

Can someone send me a capture that shows an example of what DNS compression looks like. I understand the concept but would like to see what it looks like in a packet capture.

Thanks

ad^2
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
https://wireshark.org/mailman/listinfo/wireshark-users

Attachment: dns-response.pcap
Description: dns-response.pcap