[SLUG] Using packit with DNS

• Next message: Paul M Foster: "Re: Editors? Use pico. Simple, but effective RE: [SLUG] Samba help for Linux Newbee"
• Previous message: Paul M Foster: "[SLUG] Suncoast LUG Meetings"
• Next in thread: Jason Copenhaver: "Re: [SLUG] Using packit with DNS"
• Reply: Jason Copenhaver: "Re: [SLUG] Using packit with DNS"
• Reply: Jason Copenhaver: "Re: [SLUG] Using packit with DNS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I'm having a bear of a time trying to do something that seems simple.
There's a program called 'packit' that allows you to craft custom
TCP/UDP packets. You can specify a payload and most of the IP header
pieces. What I'm trying to do (at first) is mimic a standard A query
from packit. Next, I want to create packets bigger than 512 bytes.

Here's the command I'm using:

packit -t UDP -T 64 -s 10.1.1.100 -S 32767 \
-d 10.1.1.1 -V 4 --D 53 -p \
'0x DE AD 01 00 00 01 00 00 \
    00 00 00 00 03 41 42 43 \
    03 31 32 33 00 00 01 00 \
    01'

Above hex corresponds to:
0x DEAD - Transaction ID
01 00 - Query type (Query or response), various DNS flags
00 01 - number of queries
00 00
00 00
00 00 - Number of answers, similar stuff
03 41 42 43 03 31 32 333 00 - the query (03 represents length)
00 01 00 01 - Type of response desired

The payload above corresponds (or should correspond) with a standard
query for host ABC.123. I.e., I request a single recursive query,
setting all other DNS flags to 0. However, it looks like bytes are being
skipped over. On the bottom you can see that it thinks I'm making 833
queries when I'm asking for just one.

Here's an Ethereal log of the packet:

Domain Name System (query)
    Transaction ID: 0xdead
    Flags: 0x0101 (Standard query)
        0... .... .... .... = Response: Message is a query
        .000 0... .... .... = Opcode: Standard query (0)
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... .0.. .... = Z: reserved (0)
        .... .... ...0 .... = Non-authenticated data OK:
Non-authenticated data is unacceptable
    Questions: 833
    Answer RRs: 16963
    Authority RRs: 817
    Additional RRs: 12851
    Queries
[Malformed Packet: DNS]

I've gone so far as to capture a valid query (using nslookup) and just
copied over the dump but it still seems to skip the zeros and push the
actual query into the header area.

Any ideas what I'm doing wrong? Anyone know of another tool that will
allow this to be done?

Thanks,
Kwan

-----------------------------------------------------------------------
This list is provided as an unmoderated internet service by Networked
Knowledge Systems (NKS). Views and opinions expressed in messages
posted are those of the author and do not necessarily reflect the
official policy or position of NKS or any of its employees.

• Next message: Paul M Foster: "Re: Editors? Use pico. Simple, but effective RE: [SLUG] Samba help for Linux Newbee"
• Previous message: Paul M Foster: "[SLUG] Suncoast LUG Meetings"
• Next in thread: Jason Copenhaver: "Re: [SLUG] Using packit with DNS"
• Reply: Jason Copenhaver: "Re: [SLUG] Using packit with DNS"
• Reply: Jason Copenhaver: "Re: [SLUG] Using packit with DNS"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 20:30:26 EDT