I’ve been Reading RFC’s all day, and can’t seem to find where a few things are coming from:
0000 01 00 5e 00 00 fb 00 1f 3b 18 18 69 08 00 45 00
0010 00 c8 5b 60 00 00 01 11 b9 8c c0 a8 02 95 e0 00
0020 00 fb d1 fe 14 e9 00 b4 92 77 00 00 84 00 00 00
0030 00 02 00 00 00 00 0d 5f 74 6f 75 63 68 2d 72 65
0040 6d 6f 74 65 04 5f 74 63 70 05 6c 6f 63 61 6c 00
0050 00 21
80 01 <<What is this? This should be the CLASS which is IN which according to RFC should be a 2 byte value of 1 for IN. Should be 0001 Wireshark also refers to this as the cache being true. Can someone explain this?
00 00 00 78 00 18 00 00 00 00 10 00
0060 0f 53 65 6e 69 63 61 2d 4e 6f 74 65 62 6f 6f 6b
0070
c0 48 c0 0c <<What is this? I can't figure this one out. I guess that it corresponds to the next DNS query which is a TXT. According to the RFC, this should be the owner. http://tools.ietf.org/html/rfc1464 But how does it translate? I thought it might be the 4 octet ip address value, but that doesn't seem right at all.
00 10 80 01 00 00 11 94 00 58 14 44
0080 76 4e 6d 3d 43 72 65 73 74 72 6f 6e 20 52 65 6d
0090 6f 74 65 15 50 61 69 72 3d 30 30 30 30 30 30 30
00a0 30 30 30 30 30 30 30 30 32 0a 52 65 6d 56 3d 31
00b0 30 30 30 30 09 74 78 74 76 65 72 73 3d 31 0b 52
00c0 65 6d 4e 3d 52 65 6d 6f 74 65 0b 44 76 54 79 3d
00d0 69 50 68 6f 6e 65
Thank you so much!!! If you can answer, I appreciate tremendously.