Divert icon indicating copy to clipboard operation
Divert copied to clipboard

Published 20 hours ago verified publisher icon basil00

DNS-Malformed Packet

Open BadBoy-a opened this issue 1 year ago • 1 comments
trafficstars

Hi,I intercepted all DNS messages but no response was received.Through Wireshark packet capturing, I found that the packet is incorrect.After comparing with the correct packets,I found an error byte--'2e',which should have been the length. Here is my code:

void main() { HANDLE handle; unsigned char packet[65535]; UINT packet_len; WINDIVERT_ADDRESS addr; handle = WinDivertOpen("udp.DstPort == 53", WINDIVERT_LAYER_NETWORK, 0, 0); if (handle == INVALID_HANDLE_VALUE) { printf("WinDivertOpen error:", GetLastError()); return; } while (1) { if (!WinDivertRecv(handle, packet, sizeof(packet), &packet_len, &addr)) { printf("WinDivertRecv error:", GetLastError()); continue; } WinDivertHelperCalcChecksums(packet, packet_len, &addr, 0); WinDivertSend(handle, packet, packet_len, NULL, &addr); } }

Screenshot of Wireshark: correct error

BadBoy-a avatar Nov 30 '23 07:11 BadBoy-a

Have you tried the netdump.exe example program on your system? Seems to work on mine... see highlight 03

image

majibow avatar Dec 12 '23 22:12 majibow

I think this is unlikely this is a WinDivert bug, or else there should be a flood of similar reports.

basil00 avatar Apr 03 '24 00:04 basil00