2025-4-8-详细解释wiresharkDNS数据包

四月 08, 2025

真包刨析

Frame 2: 215 bytes on wire (1720 bits), 215 bytes captured (1720 bits) on interface \Device\NPF_{CD546E7A-55BC-4A77-99F8-0D39B3221883}, id 0
    Section number: 1
    Interface id: 0 (\Device\NPF_{CD546E7A-55BC-4A77-99F8-0D39B3221883})
        Interface name: \Device\NPF_{CD546E7A-55BC-4A77-99F8-0D39B3221883}
        Interface description: WLAN
    Encapsulation type: Ethernet (1)
    Arrival Time: Apr  8, 2025 07:37:29.946837000 中国标准时间
    UTC Arrival Time: Apr  7, 2025 23:37:29.946837000 UTC
    Epoch Arrival Time: 1744069049.946837000
    [Time shift for this packet: 0.000000000 seconds]
    [Time delta from previous captured frame: 0.040862000 seconds]
    [Time delta from previous displayed frame: 0.040862000 seconds]
    [Time since reference or first frame: 0.040862000 seconds]
    Frame Number: 2
    Frame Length: 215 bytes (1720 bits)
    Capture Length: 215 bytes (1720 bits)
    [Frame is marked: False]
    [Frame is ignored: False]
    [Protocols in frame: eth:ethertype:ip:udp:dns]
    [Coloring Rule Name: UDP]
    [Coloring Rule String: udp]

1. 帧信息（Frame 2）

长度：215 字节（1720 比特），全部捕获。
捕获时间：
- UTC 时间：Apr 7, 2025 23:37:29.946837000
- 本地时间（中国标准时间）：Apr 8, 2025 07:37:29.946837000
时间差：距离前一帧 0.040862 秒。
协议栈：eth:ethertype:ip:udp:dns（以太网 → IPv4 → UDP → DNS）。

Ethernet II, Src: 4e:7d:05:50:45:02 (4e:7d:05:50:45:02), Dst: LiteonTechno_dd:f1:c1 (c0:35:32:dd:f1:c1)
    Destination: LiteonTechno_dd:f1:c1 (c0:35:32:dd:f1:c1)
        .... ..0. .... .... .... .... = LG bit: Globally unique address (factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Source: 4e:7d:05:50:45:02 (4e:7d:05:50:45:02)
        .... ..1. .... .... .... .... = LG bit: Locally administered address (this is NOT the factory default)
        .... ...0 .... .... .... .... = IG bit: Individual address (unicast)
    Type: IPv4 (0x0800)
    [Stream index: 0]

2. 以太网帧（Ethernet II）

源 MAC 地址：
1
4e:7d:05:50:45:02
- 第 2 位为 1，表示是本地管理地址（非厂商默认地址）。
目标 MAC 地址：
1
c0:35:32:dd:f1:c1
（厂商为 Liteon Technology）。
- 第 2 位为 0，表示是全局唯一地址（厂商分配）。
类型字段：0x0800，表示上层协议是 IPv4。

Internet Protocol Version 4, Src: 192.168.234.75, Dst: 192.168.234.182
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
        0000 00.. = Differentiated Services Codepoint: Default (0)
        .... ..00 = Explicit Congestion Notification: Not ECN-Capable Transport (0)
    Total Length: 201
    Identification: 0x995d (39261)
    010. .... = Flags: 0x2, Don't fragment
        0... .... = Reserved bit: Not set
        .1.. .... = Don't fragment: Set
        ..0. .... = More fragments: Not set
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 64
    Protocol: UDP (17)
    Header Checksum: 0x4a73 [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 192.168.234.75
    Destination Address: 192.168.234.182
    [Stream index: 0]

3. IPv4 数据包

版本与头部长度：IPv4，头部 20 字节。
服务类型（DSCP）：0x00（默认优先级，未启用 QoS）。
标识符：0x995d（用于分片重组，此处未分片）。
标志位：Don't fragment (DF) 置 1，禁止分片。
TTL：64（常见于 Linux/Windows 系统）。
协议：17（UDP）。
源 IP：192.168.234.75（DNS 服务器）。
目标 IP：192.168.234.182（客户端）。

User Datagram Protocol, Src Port: 53, Dst Port: 55360
    Source Port: 53
    Destination Port: 55360
    Length: 181
    Checksum: 0x2866 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 0]
    [Stream Packet Number: 2]
    [Timestamps]
        [Time since first frame: 0.040862000 seconds]
        [Time since previous frame: 0.040862000 seconds]
    UDP payload (173 bytes)

4. UDP 数据段

源端口：53（DNS 服务标准端口）。
目标端口：55360（客户端随机端口）。
长度：181 字节（UDP 头部 8 字节 + 载荷 173 字节）。
校验和：0x2866（未验证）。

Domain Name System (response)
    Transaction ID: 0x6c98
    Flags: 0x8180 Standard query response, No error
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .0.. .... .... = Authoritative: Server is not an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...1 .... .... = Recursion desired: Do query recursively
        .... .... 1... .... = Recursion available: Server can do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 1
    Answer RRs: 8
    Authority RRs: 0
    Additional RRs: 0
    Queries
        s1.hdslb.com.w.kunlunar.com: type A, class IN
            Name: s1.hdslb.com.w.kunlunar.com
            [Name Length: 27]
            [Label Count: 6]
            Type: A (1) (Host Address)
            Class: IN (0x0001)
    Answers
        s1.hdslb.com.w.kunlunar.com: type A, class IN, addr 117.21.229.243
            Name: s1.hdslb.com.w.kunlunar.com
            Type: A (1) (Host Address)
            Class: IN (0x0001)
            Time to live: 33 (33 seconds)
            Data length: 4
            Address: 117.21.229.243
        s1.hdslb.com.w.kunlunar.com: type A, class IN, addr 117.21.229.244
            Name: s1.hdslb.com.w.kunlunar.com
            Type: A (1) (Host Address)
            Class: IN (0x0001)
            Time to live: 33 (33 seconds)
            Data length: 4
            Address: 117.21.229.244
        s1.hdslb.com.w.kunlunar.com: type A, class IN, addr 117.21.229.231
            Name: s1.hdslb.com.w.kunlunar.com
            Type: A (1) (Host Address)
            Class: IN (0x0001)
            Time to live: 33 (33 seconds)
            Data length: 4
            Address: 117.21.229.231
        s1.hdslb.com.w.kunlunar.com: type A, class IN, addr 117.21.229.241
            Name: s1.hdslb.com.w.kunlunar.com
            Type: A (1) (Host Address)
            Class: IN (0x0001)
            Time to live: 33 (33 seconds)
            Data length: 4
            Address: 117.21.229.241
        s1.hdslb.com.w.kunlunar.com: type A, class IN, addr 117.21.229.242
            Name: s1.hdslb.com.w.kunlunar.com
            Type: A (1) (Host Address)
            Class: IN (0x0001)
            Time to live: 33 (33 seconds)
            Data length: 4
            Address: 117.21.229.242
        s1.hdslb.com.w.kunlunar.com: type A, class IN, addr 117.21.229.248
            Name: s1.hdslb.com.w.kunlunar.com
            Type: A (1) (Host Address)
            Class: IN (0x0001)
            Time to live: 33 (33 seconds)
            Data length: 4
            Address: 117.21.229.248
        s1.hdslb.com.w.kunlunar.com: type A, class IN, addr 117.21.229.249
            Name: s1.hdslb.com.w.kunlunar.com
            Type: A (1) (Host Address)
            Class: IN (0x0001)
            Time to live: 33 (33 seconds)
            Data length: 4
            Address: 117.21.229.249
        s1.hdslb.com.w.kunlunar.com: type A, class IN, addr 117.21.229.232
            Name: s1.hdslb.com.w.kunlunar.com
            Type: A (1) (Host Address)
            Class: IN (0x0001)
            Time to live: 33 (33 seconds)
            Data length: 4
            Address: 117.21.229.232
    [Request In: 1]
    [Time: 0.040862000 seconds]

5. DNS 响应（核心内容）

DNS 头部

事务 ID：0x6c98（匹配请求与响应）。
标志字段

：
1
0x8180
- Response=1：这是一个响应报文。
- Recursion desired=1：客户端请求递归查询。
- Recursion available=1：服务器支持递归查询。
- Reply code=0000：无错误（No error）。
记录数

：
- Questions: 1（查询 1 个域名）。
- Answer RRs: 8（返回 8 条 A 记录）。

查询部分（Queries）

查询域名
1
s1.hdslb.com.w.kunlunar.com
- 类型：A（IPv4 地址）。
- 类：IN（Internet）。

应答部分（Answers）

返回了 8 条 A 记录，指向以下 IP 地址（TTL 均为 33 秒）：

117.21.229.243
117.21.229.244
117.21.229.231
117.21.229.241
117.21.229.242
117.21.229.248
117.21.229.249
117.21.229.232

查看评论

1. 真包刨析
2. 1. 帧信息（Frame 2）
3. 2. 以太网帧（Ethernet II）
4. 3. IPv4 数据包
5. 4. UDP 数据段
6. 5. DNS 响应（核心内容）