|
Hi there, I'm writing a program in which I parse a PDML XML file to obtain the domain names of web servers that a program tries to access. I'm using dns.resp.name for the name attribute in the field tag - i.e. <field name="dns.resp.name" ...=""/> - to identify the XML elements which contain the domain names. I have found that it is not only the DNS protocol which uses dns.resp.name, but the mDNS protocol too. Just to be sure, do any other protocols use this (and being overly pedantic like I am, could you point me to some documentation somewhere which says so/not)? Many thanks in advance, Lobster. |
|
From the dissector source code you can derive that also "Link-local Multicast Name Resolution", LLMNR, uses this same dissector code, so can produce this same field. One more sub-question: is it possible for there to be more than one 'num' field within a 'geninfo' protocol section, or more than one 'frame.time_relative' field within a 'frame' protocol section?
(12 Oct '16, 11:40)
Lobster
|
