Tip: when searching DNS answers for cert ... / 2011-04-06

2011-04-06 Tip: when searching DNS answers for cert ...
Tip: when searching DNS answers for certain IP addresses, use the -n flag for tcpdump. Otherwise tcpdump will 'helpfully' resolve the IP back to a name.

You may need to scroll the output below to the right to see what I mean.
# tcpdump -r zorin.pcap port 53 -v | grep webcam
14:02:27.731039 IP (tos 0x0, ttl 128, id 24132, offset 0, flags [none], proto 17, length: 63) zorin.cs.uu.nl.53459 > kwak.cs.uu.nl.domain:  41099+ A? webcam.idefix.net. (35)
14:02:27.734230 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 17, length: 241) kwak.cs.uu.nl.domain > zorin.cs.uu.nl.53459:  41099 1/3/5 webcam.idefix.net. A koos.idefix.net (213)
And what I was testing for:
# tcpdump -nr zorin.pcap port 53 -v | grep webcam
reading from file zorin.pcap, link-type EN10MB (Ethernet)
14:02:27.731039 IP (tos 0x0, ttl 128, id 24132, offset 0, flags [none], proto 17, length: 63) 131.211.80.21.53459 > 131.211.80.32.domain:  41099+ A? webcam.idefix.net. (35)
14:02:27.734230 IP (tos 0x0, ttl  64, id 0, offset 0, flags [DF], proto 17, length: 241) 131.211.80.32.domain > 131.211.80.21.53459:  41099 1/3/5 webcam.idefix.net. A xx.xx.xx.xx (213)
That is something I can grep for a weird IP.

Tags: , ,

IPv6 check

Running test...
, reachable as koos+website@idefix.net. PGP encrypted e-mail preferred. PGP key 5BA9 368B E6F3 34E4 local copy PGP key 5BA9 368B E6F3 34E4 via keyservers

RSS
Meningen zijn die van mezelf, wat ik schrijf is beschermd door auteursrecht. Sommige publicaties bevatten een expliciete vermelding dat ze ongevraagd gedeeld mogen worden.
My opinions are my own, what I write is protected by copyrights. Some publications contain an explicit license statement which allows sharing without asking permission.
Other webprojects: Camp Wireless, wireless Internet access at campsites, The Virtual Bookcase, book reviews
This page generated by $Id: newsitem.cgi,v 1.55 2021/11/09 13:09:49 koos Exp $ in 0.005909 seconds.