Lost In Cyberia Posted January 27, 2014 Share Posted January 27, 2014 Hello everyone, so I'm getting this tcpdump, and it looks like..quite a mess... Can anyone decipher this? I can tell that one IP is requesting DNS info? but I'm having trouble finding out what some of the fields actually mean.. 19:44:50.707637 IP 188.8.131.52.53 > 184.108.40.206.28638: 52313 243/2/7 SOA, A 220.127.116.11, A 18.104.22.168, A 22.214.171.124, A 126.96.36.199, A 188.8.131.52, A 184.108.40.206, A 220.127.116.11, A 18.104.22.168, A 22.214.171.124, A 126.96.36.199, A 188.8.131.52, A 184.108.40.206, A 220.127.116.11, A 18.104.22.168, A 22.214.171.124, A 126.96.36.199, A 188.8.131.52, A 184.108.40.206, A 220.127.116.11, A 18.104.22.168 I know the first set of numbers if the time stamp...the 2nd is the IP address..and the next is the destination IP...with the port number after the last octet of the IP What comes next the '243/2/7 is what confuses me... I know SOA is the start of authority but what does it all mean together? I have a huuuge flood of traffic with these type of output.. I know the A's represent A records, but are these being requested or sent? Can some one break this down for me in what is actually happening here? Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.