This is a static archive of our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

what’s the meaning of this mDNS response packet without any answer/authority/additional RRs?

1
1

As the title says, I got such a mDNS response from the link local ipv6 multicast address, my mDNS program complains about its empty response body and its truncated bit is not set, so what's the purpose of this?

Frame 27: 74 bytes on wire (592 bits), 74 bytes captured (592 bits) on interface 0
Ethernet II, Src: Apple_98:31:19 (98:01:a7:98:31:19), Dst: IPv6mcast_fb (33:33:00:00:00:fb)
Internet Protocol Version 6, Src: fe80::70c9:a23a:12a2:4a45, Dst: ff02::fb
    0110 .... = Version: 6
    .... 0000 0000 .... .... .... .... .... = Traffic class: 0x00 (DSCP: CS0, ECN: Not-ECT)
    .... .... .... 0000 0000 0000 0000 0000 = Flow label: 0x00000
    Payload length: 20
    Next header: UDP (17)
    Hop limit: 1
    Source: fe80::70c9:a23a:12a2:4a45
    Destination: ff02::fb
    [Source GeoIP: Unknown]
    [Destination GeoIP: Unknown]
User Datagram Protocol, Src Port: 5353, Dst Port: 5353
    Source Port: 5353
    Destination Port: 5353
    Length: 20
    Checksum: 0xe389 [unverified]
    [Checksum Status: Unverified]
    [Stream index: 3]
Multicast Domain Name System (response)
    Transaction ID: 0x0000
    Flags: 0x8400 Standard query response, No error
        1... .... .... .... = Response: Message is a response
        .000 0... .... .... = Opcode: Standard query (0)
        .... .1.. .... .... = Authoritative: Server is an authority for domain
        .... ..0. .... .... = Truncated: Message is not truncated
        .... ...0 .... .... = Recursion desired: Don't do query recursively
        .... .... 0... .... = Recursion available: Server can't do recursive queries
        .... .... .0.. .... = Z: reserved (0)
        .... .... ..0. .... = Answer authenticated: Answer/authority portion was not authenticated by the server
        .... .... ...0 .... = Non-authenticated data: Unacceptable
        .... .... .... 0000 = Reply code: No error (0)
    Questions: 0
    Answer RRs: 0
    Authority RRs: 0
    Additional RRs: 0

asked 15 Mar '17, 19:18

jfly's gravatar image

jfly
41459
accept rate: 0%


One Answer:

2

How about this?

answered 16 Mar '17, 02:31

Jaap's gravatar image

Jaap ♦
11.7k16101
accept rate: 14%

Indeed, I checked the source of these packets, they are all Windows 10 PC.

(17 Mar '17, 02:29) jfly