Example of use libnet (7) Author: Primary Four (scz@nsfocus.com) Home Page: http: //www.nsfocus.com Date: 2000-08-15 This DNS packet to construct an example continue to introduce libnet library programming. ./linuxkiller -o 44 -y 53 -s 192.168.10.1Ping bbs.tsinghua.edu.cn grab the following message: [udp] 192.168.10.1 [1476] -> 192.168.0.2 [53] udpheadlen = 8 udpdatalen = 37byteArray [37 bytes] ----> 00000000 42 83 01 00 00 01 00 00-00 00 00 00 03 62 62 73 B? .......... bbs00000010 08 74 73 69 6E 67 68 75 -61 03 65 64 75 02 63 6E .Tsinghua.edu.cn00000020 00 00 01 00 01 ..... 42 83 ID identifier 01 00 param Parameter forward parsing request packet, allow recursive analysis 00 01 Qtcount problem 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0000.2 62 62 73 BBS length domain 0308 74 73 69 6e 67 68 75 61 TsingHUA length domain 0803 65 64 75 EDU length domain 0302 63 6e CN length The domain is 0200 long domain is 0, indicating that end 00 01 00 01 This is a quite standard DNS query message, and if not understand, you can look down the RFC. Threaded DNS messages in some borders, if DNS Server does not process boundary scenarios, the result is unknown.
./linuxkiller -o 44-0 53 -s 192.168.0.2Ping bbs.tsinghua.edu.cn grab the following message: [UDP] 192.168.0.2 [53] -> 192.168.10.1 [1476] udpheadlen = 8 udpdatalen = 165BYTEARRAY [165 BYTES] ----> 00000000 30 8F 81 80 00 01 00 02-00 02 00 02 03 62 62 73 0 弫 € ......... BBS00000010 08 74 73 69 6E 67 68 75 -61 03 65 64 75 02 63 6e .tsinghua.edu.cn00000020 00 00 01 00 01 50 DC 00 ..... ... P? 0000000030 19 03 62 62 73 03 6E 65-74 08 74 73 69 6e 67 68.bbs.Net.tsingh0000000040 75 61 03 45 44 55 02 43-4e 00 c0 31 00 01 00 01 ua.edu.cn.?.... 00000050 00 00 14 71 00 04 CA 70-3A C8 C0 35 00 02 00 01 ... Q .. 蕄: Soil 5 .... 00000060 00 01 50 DD 00 06 03 6F-61 72 C0 35 C0 35 00 02. .P? .. oar ?? .. 00000070 00 01 00 01 50 DD 00 0D-04 6D 6F 6F 6e 05 62 6A .... p? .. moon.bj00000080 6E 65 74 C0 42 C0 66 00-01 00 01 00 01 50 DD 00 Net 繠纅 ... p? 00000090 04 CA 70 3A CE C0 78 00-01 00 01 00 01 50 DD 00. 蕄: 卫 卫 x ... p? 000000a0 04 CA 70 04 41蕄 .A Due to the two queries, the identifier of the DNS response message and the identifier of the previous DNS query message are inconsistent, and if it is a paired two packets, the identifier is consistent. The answer group is likely to use a compressed format, and the request packet will never use compressed formats.
30 8F identifier 81 80 parameter forward parsing response packet, recursive resolution to get 00 01 question 00 02 answer number 00 0200 0203 62 62 73 BBS <- pointer = 12 (calculated from the head of the data area) 08 74 73 69 6E 67 68 75 6103 65 64 75 02 63 6E0000 01 00 01C0 0C pointer = 12 (calculated from the head of the data area) 00 05 TYPE = CNAME00 01 Class00 01 50 DC Life 00 19 LEN = 2503 62 62 73 BBS <- - Pointer = 49 (calculated from the head of the data area) 03 6E 65 74 NET <- pointer = 53 (start calculation from the head of the data area) 08 74 73 69 6E 67 68 75 61 TsingHUA03 45 44 55 EDU <- Pointer = 66 (calculated from the head of the data area) 02 43 4E CN00 ends C0 31 pointer = 49 (calculated from the header of the data area) 00 01 TYPE = A00 01 Class00 00 14 71 Life 00 04 LEN = 4CA 70 3A C8 202.112.58.200c0 35 pointer = 53 (calculated from the head of the data area) 00 02 TYPE = NS00 01 Class00 01 50 DD Life 00 06 LEN = 603 6F 61 72 OAR <- pointer = 102 (calculated from the data area head start) C0 35 pointer = 53 (start calculation from the data area header) C0 35 pointer = 53 (Calculated from the head of the data area) 00 02 TYPE = NS00 01 Class00 01 50 DD Life 00 0D LEN = 1304 6D 6F 6F 6e Moon <- Pointer = 120 (calculated from the data area header) 05 62 6A 6E 65 74 BJNETC0 42 pointer = 66c0 66 pointer = 10200 01 TYPE =
