Reputation: 143
Add length prefix to DNS request using TCP and Scapy
In the RFC 1035 about DNS, it's written :
4.2.2. TCP usage
Messages sent over TCP connections use server port 53 (decimal). The message is prefixed with a two byte length field which gives the message length, excluding the two byte length field. This length field allows the low-level processing to assemble a complete message before beginning to parse it.
I want to send a DNS request with TCP but I don't know how to add these two bytes before the DNS request. I try with that code :
from scapy.all import *
ip=IP(dst="216.239.32.10")
request = DNS(rd=1, qd=DNSQR(qname = "google.be", qtype="A")) #size = 27(dec) = 1b (hex)
twoBytesRequestSize = "\x1b\x00"
completeRequest = str(request) + twoBytesRequestSize
SYN=ip/TCP(sport=RandNum(1024,65535), dport=53, flags="S", seq=42)
SYNACK=sr1(SYN)
ACK=ip/TCP(sport=SYNACK.dport, dport=53, flags="A", seq=SYNACK.ack, ack=SYNACK.seq + 1)
send(ACK)
DNSRequest = ip/TCP(sport=SYNACK.dport, dport=53, flags="PA", seq=SYNACK.ack, ack=SYNACK.seq + 1) / completeRequest
DNSReply = sr1(DNSRequest, timeout = 1)
But my paquet is interpreted like a simple TCP packet without DNS layer.
Have you an idea to add these two bytes prefix before the DNS request?
Thank you !
Upvotes: 2
Views: 1670
Answers (1)
Reputation: 143
The solution uses Big endian notation. \x00\x1b instead of \x1b\x00. But the rest of the code above is correct. Thank you Armin.
Upvotes: 0
Related Questions
- DNS request with scapy (Python)
- Reading Raw Bytes using Scapy?
- Specifying packet length with scapy
- DNS Request with Scapy over IPv6
- Scapy DNS Request
- DNS request using TCP using scapy
- Python UDP DNS to TCP DNS converter
- scapy: get DNSQR / DNSRR field values in symbolic/string form
- Malformed DNS response packet (python + scapy)
- Converting a DNS packet to a string using Scapy