[tcpdump-workers] Support for "-T domain"

Michael Richardson mcr at sandelman.ca
Thu Dec 3 08:59:20 EST 2015

Noah <noah.robin at gmail.com> wrote:
    > I've written a small patch against HEAD which adds support for decoding
    > DNS traffic on nonstandard ports; useful for those of us who run DNS
    > serves behind VIPs, for instance. I haven't written any tests as yet,
    > however there aren't any DNS tests set up yet anyway. Happy to write
    > some if that would speed the inclusion of the update. I've committed
    > the patch to my fork of tcpdump on github, run tests, etc.  How should
    > I proceed from here, just issue the pull request?

Yes, but we'll want to see some tests.
That we haven't any tests shouldn't stop you: tcpdump -w some packets that
you don't mind sharing, on both port 53 and a not port 53.  Add a list to
tests/TESTLIST, without the -T domain, and you should of course, not see the
non-port-53 decoded, and a line *with* -T domain, and you should see
the not-port-53 packets decoded.

]               Never tell me the odds!                 | ipv6 mesh networks [
]   Michael Richardson, Sandelman Software Works        | network architect  [
]     mcr at sandelman.ca  http://www.sandelman.ca/        |   ruby on rails    [

More information about the tcpdump-workers mailing list