Wireshark mailing list archives
Re: How to parse incoming DNS responses but do not query DNS server
From: Marco Zuppone <msz () msz it>
Date: Wed, 9 Nov 2011 23:48:03 +0000
Hello, maybe something like this?? dns && (dns && (!ip==<mydns1> || !ip==<mydns2> || .. || !ip==<mydnsN>) ) I have not tried it yet (is night here :-) ) StockTrader - Marco On 9 Nov 2011, at 23:25, Matthew wrote:
Hello, I have already posted this to http://ask.wireshark.org/questions/7339/parse-incoming-dns-but-do-not-query-dns-server but know it is probably more likely to get answered on here: I have a packet capture from my LAN that contains a DNS query (wireless) and response (192.168.0.7). When I copy it to another network and turn on name resolution it attempts to ask the DNS server for the host name of the IP (192.168.0.7) of the traffic... then gives up because the DNS server doesn't have it, /but/ then notices that there is a DNS packet in the file already and uses the results of that. The HTTP session is then showing a destination of "wireless". Turning off host name resolution shows only connections to 192.168.0.7 How can I make Wireshark (or tshark) look at the DNS in the file and see if it resolves the IP addresses to hostnames but *not* have it issue queries to the DNS server of my machine which take a while to time out and slow the loading of files down? Basically I want to do a filter on "ip.host == wireless" which the trace contains the DNS request and response to (and it works if I leave name resolution enabled even on a different network) but I want to cut out querying my DNS servers (which turning on name resolution does). Thanks for your time, Matthew ___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: http://www.wireshark.org/lists/wireshark-users Unsubscribe: https://wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How to parse incoming DNS responses but do not query DNS server Matthew (Nov 09)
- Re: How to parse incoming DNS responses but do not query DNS server Marco Zuppone (Nov 09)
- Re: How to parse incoming DNS responses but do not query DNS server Frank Cui (Nov 09)
- Re: How to parse incoming DNS responses but do not query DNS server Matthew (Nov 10)
- Re: How to parse incoming DNS responses but do not query DNS server Frank Cui (Nov 11)
- Re: How to parse incoming DNS responses but do not query DNS server M Holt (Nov 13)
- Re: How to parse incoming DNS responses but do not query DNS server Matthew (Nov 14)
- Re: How to parse incoming DNS responses but do not query DNS server Matthew (Nov 10)