ystero-dev / scalpel

Packet Dissection and sculpting in Rust
Other
3 stars 6 forks source link

Error during dissection of DNS packets #25

Closed gabhijit closed 8 months ago

gabhijit commented 10 months ago

During dissection of DNS packets, it appears that the packet is alright and data is also available but we get TooShort Error. Below is the dump of the Error and the data

Err: TooShort { required: 20, available: 9, data: "07080000038400093a800001518000002904d0000000000000" }, data: "000000010006001a9adead05000008004500008eee3240003611927701010101c0a8010b0035c441007a2f68f60c81a300010000000100010a6964656e7469747964620000010001000006000100014e51004001610c726f6f742d73657276657273036e657400056e73746c640c766572697369676e2d67727303636f6d007896689d000007080000038400093a800001518000002904d0000000000000"
aadilshabier commented 8 months ago

While pasting the DNS packet here: https://hpd.gasmi.net/ , it seems to be an invalid packet. To make it valid, I had to remove the bytes at positions 12 and 13(00 00). After which I'm getting the same error as above.

gabhijit commented 8 months ago

@aadilshabier : These were packet dumps from one of the PCAP captures on my machine. I am not very sure whether the packets are correct or not, but since they are sent by some program, likely they are correct.

My suspicion is somewhere in the name compression, there might still be a bug lurking.

gabhijit commented 8 months ago

Fixed by changes in #35