Question about payload
Paul Schmehl
pschmehl_lists at tx.rr.com
Tue Apr 27 16:43:30 EDT 2010
We're using argus to capture partial payloads. The output is quite a bit
different from tcpdump, and there's some parts I don't understand. I'm hoping
the experts here can enlighten me.
What does s[51]= mean?
What does d[135]= mean?
I took the first one to mean the payload, but then the second seems unclear to
me.
Here's the packet I'm referring to:
27 Apr 10 18:21:39.137180 M udp 129.110.31.40.18677 <->
92.241.190.252.domain CON
s[51]=d............sandra.prichaonica.com.......)........
d[135]=d............sandra.prichaonica.com.................\................ns2...............ns1...V..........\....D..........\.....)........
Clearly it's a DNS lookup, but I don't get what the s[51]= and d[135]= refer to.
--
Paul Schmehl, Senior Infosec Analyst
As if it wasn't already obvious, my opinions
are my own and not those of my employer.
*******************************************
"It is as useless to argue with those who have
renounced the use of reason as to administer
medication to the dead." Thomas Jefferson
More information about the argus
mailing list