Wireshark mailing list archives

Re: are there any ways to filter specific DNS queries

From: Erik Hjelmvik <erik.hjelmvik () gmail com>
Date: Sun, 17 Jun 2012 02:01:11 -0700

You can use the -T fields switch and print "dns.qry.name" with tshark.

I've written a blog post to answer your question in better detail here:
http://netresec.com/?b=126C5CB

I hope it helps!

/erik


2012/6/15 nangergong <nangergong () gmail com>:

thanks, this is OK,
but how to get the query name from a dns request packet with tshark?
for example, the DNS request frame number is 29
how to get the query name from this packet?

On Tue, Jun 12, 2012 at 4:31 PM, <Tim.Poth () bentley com> wrote:


Something like this

!dns.qry.name eq www.example.com



From: wireshark-users-bounces () wireshark org
[mailto:wireshark-users-bounces () wireshark org] On Behalf Of nangergong
Sent: Tuesday, June 12, 2012 10:22 AM


To: wireshark-users () wireshark org
Subject: [Wireshark-users] are there any ways to filter specific DNS
queries



Hi, all:



    I want to filter out some specific DNS queries. These DNS queries are
for some specific domain name or websites, for example www.example.com
    are there any ways for this filtering? Thanks!



___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe




___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org?subject=unsubscribe




-- 
blog: http://www.netresec.com/?page=Blog
twitter: http://twitter.com/netresec
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

are there any ways to filter specific DNS queries nangergong (Jun 12)
- Re: are there any ways to filter specific DNS queries Stefan (Jun 12)
- Re: are there any ways to filter specific DNS queries Tim.Poth (Jun 12)
  - Re: are there any ways to filter specific DNS queries nangergong (Jun 15)
    - Re: are there any ways to filter specific DNS queries Erik Hjelmvik (Jun 17)
    - Re: are there any ways to filter specific DNS queries nangergong (Jun 20)
    - Re: are there any ways to filter specific DNS queries Tony Trinh (Jun 20)
- Re: are there any ways to filter specific DNS queries Graham Bloice (Jun 12)
- Re: are there any ways to filter specific DNS queries Stegman, Bill (Jun 12)
  - Re: are there any ways to filter specific DNS queries Sake Blok (Jun 12)
    - Re: are there any ways to filter specific DNS queries Stegman, Bill (Jun 12)