Wireshark-users: [Wireshark-users] Question about MDNS

From: "Terry Martin" <tmartin@xxxxxxxxxxxxxxxx>
Date: Mon, 24 May 2010 13:24:36 -0400

To all

 

I am sniffing  wireless traffic and getting malformed MDNS packets. Here is an example ( I have changed the addresses to protect the innocent) :

 

No.     Time        Source                Destination           Protocol Info

      5 5.735756    10.1.17.32             178.27.05.50          MDNS     Standard query[Malformed Packet]

 

Frame 5 (114 bytes on wire, 114 bytes captured)

Ethernet II, Src: Dell_70:41:da (00:24:e8:27:41:da), Dst: AxiomTec_43:f9:0b (00:82:e0:43:f9:0b)

Internet Protocol, Src: 10.1.17.32 (10.1.17.32), Dst: 178.27.05.50 (178.27.05.50)

User Datagram Protocol, Src Port: mdns (5353), Dst Port: movaz-ssc (5252)

Domain Name System (query)

[Malformed Packet: DNS]

    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]

        [Message: Malformed Packet (Exception occurred)]

        [Severity level: Error]

        [Group: Malformed]

 

I am using Version 1.2.6 of Wireshark

 

 

Has anyone worked with MDNS before?  Is this normal for Wireshark to report these results or is this a problem a true problem?  I am also seeing queries that are coming back unknown.  Is this a Wireshark issue? Is this a system problem?

 

If you have can you point to where I can get more info on MDNS?

 

 

 

Thanks in advance

 

 

 

Terry Martin

TimeData Corporation

Phone: 503-678.2224

Cell:      503.318.8909