impacket
impacket copied to clipboard
fortra
DNS.py: No more data to parse. Offset is bigger than length of buffer.
Configuration
impacket version: 0.11.0 Python version: 3.11 Target OS: Linux
Debug Output With Command String
code example:
dns = DNS(buffer)
print(dns.get_questions())
exception stack trace:
Traceback (most recent call last):
File "../main.py", line 20, in lean_dns
print(dns.get_questions())
^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/impacket/dns.py", line 277, in get_questions
return self.__get_questions()[0]
^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/impacket/dns.py", line 285, in __get_questions
offset, qname = self.parseCompressedMessage(data, offset)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/impacket/dns.py", line 338, in parseCompressedMessage
offset, unnamed = self.parseCompressedMessage(buf, offset)
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/impacket/dns.py", line 318, in parseCompressedMessage
raise Exception("No more data to parse. Offset is bigger than length of buffer.")
Exception: No more data to parse. Offset is bigger than length of buffer.
PCAP
this is an example for a package in question:
b'\x00<\xe7E\x81\x80\x00\x01\x00\x01\x00\x00\x00\x01\x04live\x06github\x03com\x00\x00\x01\x00\x01\xc0\x0c\x00\x01\x00\x01\x00\x00\x00;\x00\x04\x8cRq\x19\x00\x00)\x04\xd0\x00\x00\x80\x00\x00\x00'
Explanation
i write a program to snoop traffic via pcap. the dns traffic is decoded using impacket and most requests are decoded correctly. Sometimes the buffer cant be decoded with that shown error.
this is strange: i noticed that there are two garbage bytes in the beginning. if i skip these bytes decoding works fine. i got that buffer from the pcap library and that happens with TCP only, not with DNS via UDP. probably my fault, but what am i missing?
