04-22-2010 07:59 AM - edited 03-11-2019 10:36 AM
Hi Expert,
Could someone help to explan the following packets about udp 45 and udp 47 captured from PIX, thanks.
04-22-2010 08:26 AM
Those look like DNS packets since the port is UDP 53. DNS request probably. What is the server with IP 10.68.68.201?
04-23-2010 01:28 AM
The 10.68.68.201 is a terminal server, my problem is the ip 61.20.223.89 to query DNS server 10.64.176.106, what does udp 45 mean ?
If I permit port 53 rule only, the DNS query was not work. it's need permit a range udp ports as 1 - 100 for this ip 61.20.223.89.
04-23-2010 04:09 AM
45 is just the length of the UDP packet. It is still a DNS packet (on UDP/53)
From your example:
5: 13:54:07.974116 61.20.223.89.3835 > 10.64.176.106.53: udp 45
Highlighted in red is the port number (53) - which is DNS.
04-23-2010 07:00 AM
How are you creating rules?
UDP is stateless so you may need to allow both directions (outbound DNS requests and inbound DNS replies) if you are filtering on either direction.
Would help to see the access lists you are having problems with.
04-23-2010 09:25 AM
5: 13:54:07.974116 61.20.223.89.3835 > 10.64.176.106.53: udp 45
3835 is the udp source port used by the client 61.20.223.89
53 is the dns port that the DNS server 10.64.176.106 listens and responds to.
45 is the udp packet size.
-KS
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide