Project

General

Profile

Actions
Copy link

Bug #7478

open

DNS packets not on port 53 are identified as DHCP protocol

Added by baixiaopeng bai 13 days ago. Updated 12 days ago.

Status:
New
Priority:
Normal
Assignee:
OISF Dev
Target version:
TBD
Affected Versions:
7.0.6
Effort:
Difficulty:
Label:

Description

Suricata 7.0.6 version

DNS packets not on port 53 are identified as DHCP protocol。

Files

Download all files
dnscat-clean.pcap (94.6 KB) dnscat-clean.pcap dns pcap not on port 53 baixiaopeng bai, 01/09/2025 04:14 AM
gdb.jpg (38.8 KB) gdb.jpg alproto is 22(dhcp) when debugging baixiaopeng bai, 01/09/2025 04:16 AM
evelog-is-dhcp.jpg (101 KB) evelog-is-dhcp.jpg dns packets output eve-log as dhcp. baixiaopeng bai, 01/09/2025 04:19 AM
Actions
Copy link
 #1

Updated by baixiaopeng bai 13 days ago

Actions
Copy link
 #3

Updated by Jason Ish 12 days ago

Not able to replicate with this PCAP, do you have configuration changes as well?

DNS and DHCP are both probing parsers and should only pickup those protocols on the configured ports.

Actions
Copy link

Also available in: Atom PDF