Just a quick note here, mostly as documentation for my future self. While working on the DNS parsing in pyatv, I wanted to run some of the logs reported in issues through Wireshark. The logs had the raw DNS message hex encoded, for example (from issue #919):
2021-01-09 22:15:43 DEBUG: Failed to decode message (Msg=35ff840000030003000000000b5f6170706c6574762d7632045f746370056c6f63616c00000c80010b5f746f7563682d61626c65c018000c8001085f616972706c6179c018000c8001c028000c00010000000a00131032444632453735303736333943323639c028c00c000c00010000000a00131032444632453735303736333943323639c00cc03a000c00010000000a0013104170706c65c2a0545620283431363729c03a)
I already had an idea of what was happening (the full stack trace says that the IDNA encoding can't decode
0xc2, which looks a lot like a pointer for DNS name compression), but I wanted to run the message through Wireshark to get a better overview of the message without decoding it manually myself. Thankfully Wireshark can do this out of the box, but I just needed to format the hex dump a little bit:
# Assuming the hex bytes from the above log (35ff...c03a) are in $DNSMSG echo "$DNSMSG" | xxd -r -p | od -Ax -tx1 -v > dns.hex
hexdump -r -p converts the hex back into binary data, while
od -Ax -tx1 -v re-encodes it to hex, but adds offset numbers and splits it up like Wireshark wants. This could also be done by splitting up the input string without decoding and re-encoding it, but this way also lets me pipe it back into
xxd to get a quick look at the ASCII representation as well.
After that, importing is done from within Wireshark, setting the options to add a dummy UDP header (with source and destination ports of both 5353 in my case).