The solution uses Big endian notation. \x00\x1b
instead of \x1b\x00
. But the rest of the code above is correct. Thank you Armin.
Add length prefix to DNS request using TCP and Scapy
Question
In the RFC 1035 about DNS, it's written :
4.2.2. TCP usage
Messages sent over TCP connections use server port 53 (decimal). The message is prefixed with a two byte length field which gives the message length, excluding the two byte length field. This length field allows the low-level processing to assemble a complete message before beginning to parse it.
I want to send a DNS request with TCP but I don't know how to add these two bytes before the DNS request. I try with that code :
from scapy.all import *
ip=IP(dst="216.239.32.10")
request = DNS(rd=1, qd=DNSQR(qname = "google.be", qtype="A")) #size = 27(dec) = 1b (hex)
twoBytesRequestSize = "\x1b\x00"
completeRequest = str(request) + twoBytesRequestSize
SYN=ip/TCP(sport=RandNum(1024,65535), dport=53, flags="S", seq=42)
SYNACK=sr1(SYN)
ACK=ip/TCP(sport=SYNACK.dport, dport=53, flags="A", seq=SYNACK.ack, ack=SYNACK.seq + 1)
send(ACK)
DNSRequest = ip/TCP(sport=SYNACK.dport, dport=53, flags="PA", seq=SYNACK.ack, ack=SYNACK.seq + 1) / completeRequest
DNSReply = sr1(DNSRequest, timeout = 1)
But my paquet is interpreted like a simple TCP packet without DNS layer.
Have you an idea to add these two bytes prefix before the DNS request?
Thank you !
Solution
Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow