Why is the Wireshark not detecting DNS packet?

Question

i'm simulating a simple DNS Server in JAVA (using UDP). I've done DNS Request parsing and sending back response to the client. i'm using DIG command in shell for testing. i've this problem here :

In wireshark, when i start monitoring packets on Loopback , it detects DNS request and response packets as Malformed ENIP packets. I'm a beginner, please guide on how to resolve this issue. Thanks in advance.

its a simple UDP server, thats why i'm using port no >1023. doest it makes any difference ? — Adeel Ahmad, Mar 25 '16 at 14:53

score 3 · Accepted Answer · 2016-03-28T06:00:31.957

3

Why is the Wireshark not detecting DNS packet?

Because you're not using a standard DNS port, and Wireshark only recognizes DNS by port number. You'll have to use the "Decode As..." menu item in the "Analyze" menu to tell it to decode port 2222 traffic as DNS. You will also need to disable the ENIP dissector, as it dissects traffic to and from port 2222.

edited Mar 28 '16 at 06:00

answered Mar 25 '16 at 17:21

i've tried that already, it doesn't change. keeps displaying packets as ENIP packs. – Adeel Ahmad Mar 25 '16 at 18:01
If the UDP preference "Try heuristic sub-dissectors first" is set, try unsetting it. – Mar 25 '16 at 19:21
1

Then you'll need to disable the ENIP dissector. – Mar 28 '16 at 06:00

Why is the Wireshark not detecting DNS packet?

1 Answers1