Actions
Bug #7478
openDNS packets not on port 53 are identified as DHCP protocol
Affected Versions:
Effort:
Difficulty:
Label:
Description
Suricata 7.0.6 version
DNS packets not on port 53 are identified as DHCP protocol。
Files
Actions
Added by baixiaopeng bai about 1 year ago. Updated 11 months ago.
Description
Suricata 7.0.6 version
DNS packets not on port 53 are identified as DHCP protocol。
Files
| dnscat-clean.pcap (94.6 KB) dnscat-clean.pcap | dns pcap not on port 53 | baixiaopeng bai, 01/09/2025 04:14 AM | |
| gdb.jpg (38.8 KB) gdb.jpg | alproto is 22(dhcp) when debugging | baixiaopeng bai, 01/09/2025 04:16 AM | |
| evelog-is-dhcp.jpg (101 KB) evelog-is-dhcp.jpg | dns packets output eve-log as dhcp. | baixiaopeng bai, 01/09/2025 04:19 AM |
Not able to replicate with this PCAP, do you have configuration changes as well?
DNS and DHCP are both probing parsers and should only pickup those protocols on the configured ports.