0

I'm looking for a packet capture showing a mDNS unicast response following an mDNS request with the Unicast-Response bit at 1 (QU) in the QUERY field

I use Wireshark to capture a packet with QU bit to 0 and change it in an txt file, then I use Scapy to send it in the network but I have no response from the device (the device respond with the QU bit to 0). The Device is a Chromecast 3. I can see the modified packet on the network and wireshark does not detect a malformation

I want to see if a chromecast could respond to a unicast mDNS QUERY.

Ondra K.
  • 2,767
  • 4
  • 23
  • 39
Kevin Lous
  • 1
  • 3
  • Hey, I think this is a perfect use case for the two tools I've written [pdml2flow](https://github.com/Enteee/pdml2flow) and [FluentFlow](https://github.com/Enteee/FluentFlow#readme). If you can provide me with some test data I might be able to help you. – Ente Apr 19 '19 at 11:43

1 Answers1

0

For those interested, I have read RFC 6762 https://www.rfc-editor.org/rfc/rfc6762 on mDNS and it states that "A Multicast DNS querier MUST only accept unicast responses if they answer a recently sent query (e.g., sent within the last two seconds) that explicitly requested unicast responses. A Multicast DNS querier MUST silently ignore all other unicast responses. "

I think that the chromecast are not made to respond in unicast to devices so they must ignore the request. (I can't be sure, I don't have access to the source code :))

Community
  • 1
  • 1
Kevin Lous
  • 1
  • 3