Well, I’ve ‘crafted’ a correct dns request packet but the following problem occurs.
Modifying the dns request is done by altering the domainname together with altering the length of the udp and ip packets (including calculation of the checksums). This should be ok otherwise redirected packets which are smaller would not work either.
Logging the packets with ethereal shows that :
1) if the new packet is smaller than the original (shorter domainname) the request is ‘valid’
2) if the new packet is larger than the original I get ‘mailformed packet’
What am I doing wrong here ? Ethereal shows that the length of the frame is not altered xxbytes on wire, xx bytes captured); should I modify this too ? And if so … how can I do that ?