Tuesday, May 31, 2016

IPv6 DNS query

60097aef004b11fffe800000000000006e4008fffe91dd48ff0200000000000000000000000000fb14e914e9004bf4df0000000000020000000000001b4f66666963656a65742050726f2038363030205b4336414335335d045f697070045f746370056c6f63616c0000218001c00c00108001

IPv6 Header
60097aef004b11fffe800000000000006e4008fffe91dd48ff0200000000000000000000000000fb

Version,                    Traffic class,          Flow label
6                   00       97aef
NOTE: anything other than 0x00 for traffic class would bear investigation

Payload length, Next Header,    Hop Count
004b,(75)  11, (UDP)  ff,(255)

Source address: (abbreviated to fe80::6e40:8ff:fe91:dd48)
fe800000000000006e4008fffe91dd48

Destination address: (abbreviated to ff02::fb)
ff0200000000000000000000000000fb
Any DNS query for a name ending with ".local." MUST be sent
to the mDNS multicast address (224.0.0.251 or its IPv6 equivalent FF02::FB). DNS top-level domain ".local.", any fully
qualified name ending in ".local." is link-local, and names within
this domain are meaningful only on the link where they originate.

UDP Header
14e914e9004bf4df
Source port 5353 to Destination port 5353

DNS 
0000000000020000000000001b4f66666963656a65742050726f2038363030205b4336414335335d045f697070045f746370056c6f63616c0000218001c00c00108001
Transaction ID 0x0000 Flags 0x0000 (Std Query)

0000000000020000000000001b4f66666963656a65742050726f2038363030205b4336414335335d045f697070045f746370056c6f63616c0000218001c00c00108001
2 questions

0000000000020000000000001b4f66666963656a65742050726f2038363030205b4336414335335d045f697070045f746370056c6f63616c0000218001c00c00108001
0 answers, 0 authority, 0 additional

0000000000020000000000001b4f66666963656a65742050726f2038363030205b4336414335335d045f697070045f746370056c6f63616c0000218001c00c00108001
Office jet pro 8600 [C6AC53]._ipp._tcp.local_
0x1b = 27 length of label, 4f = O, 5d = ]

0000000000020000000000001b4f66666963656a65742050726f2038363030205b4336414335335d045f697070045f746370056c6f63616c0000218001c00c00108001
            04     p p04       p
0000000000020000000000001b4f66666963656a65742050726f2038363030205b4336414335335d045f697070045f746370056c6f63616c0000218001c00c00108001
                                05 l o c a l00

0000000000020000000000001b4f66666963656a65742050726f2038363030205b4336414335335d045f697070045f746370056c6f63616c0000218001c00c00108001
TYPE 33 Server Selection, (SRV) 0x21 = 33
CLASS 0x80 = 1000 0000 (QU Question is true). Multicast DNS defines the top bit in the class field of a DNS question as the unicast-response bit.  When this bit is set in a question, it indicates that the querier is willing to accept unicast replies in response to this specific query, as well as the usual multicast responses.  These questions requesting unicast responses are referred to as "QU" questions, to distinguish them from the more
usual questions requesting multicast responses ("QM" questions).

CLASS = IN

0000000000020000000000001b4f66666963656a65742050726f2038363030205b4336414335335d045f697070045f746370056c6f63616c0000218001c00c00108001
Pointer c00c, Type 0x0010 (16), TXT or Text Strings, CLASS 0x8001

No comments:

Post a Comment