Hi there, I'm writing a program in which I parse a PDML XML file to obtain the domain names of web servers that a program tries to access. I'm using dns.resp.name for the name attribute in the field tag - i.e. <field name="dns.resp.name" ...=""/> - to identify the XML elements which contain the domain names. I have found that it is not only the DNS protocol which uses dns.resp.name, but the mDNS protocol too. Just to be sure, do any other protocols use this (and being overly pedantic like I am, could you point me to some documentation somewhere which says so/not)? Many thanks in advance, Lobster. asked 02 Sep '16, 11:42  Lobster edited 02 Sep '16, 12:28 |
One Answer:
From the dissector source code you can derive that also "Link-local Multicast Name Resolution", LLMNR, uses this same dissector code, so can produce this same field. answered 02 Sep '16, 15:35  Jaap ♦ |
One more sub-question: is it possible for there to be more than one 'num' field within a 'geninfo' protocol section, or more than one 'frame.time_relative' field within a 'frame' protocol section?