This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

dns.resp.name - to which protocols does it apply?

0

Hi there,

I'm writing a program in which I parse a PDML XML file to obtain the domain names of web servers that a program tries to access. I'm using dns.resp.name for the name attribute in the field tag - i.e. <field name="dns.resp.name" ...=""/> - to identify the XML elements which contain the domain names.

I have found that it is not only the DNS protocol which uses dns.resp.name, but the mDNS protocol too. Just to be sure, do any other protocols use this (and being overly pedantic like I am, could you point me to some documentation somewhere which says so/not)?

Many thanks in advance, Lobster.

asked 02 Sep '16, 11:42

Lobster's gravatar image

Lobster
11448
accept rate: 0%

edited 02 Sep '16, 12:28


One Answer:

1

From the dissector source code you can derive that also "Link-local Multicast Name Resolution", LLMNR, uses this same dissector code, so can produce this same field.

answered 02 Sep '16, 15:35

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

One more sub-question: is it possible for there to be more than one 'num' field within a 'geninfo' protocol section, or more than one 'frame.time_relative' field within a 'frame' protocol section?

(12 Oct '16, 11:40) Lobster