Wireshark mailing list archives

Re: are there any ways to filter specific DNS queries

From: nangergong <nangergong () gmail com>
Date: Wed, 20 Jun 2012 20:07:39 +0200

thanks, is it possible to specify part of the name?
for example, ntp1-mifd.com
                   ntp2-mifd.com ......

is is possible to specify these group of names with something like wildcard
*-mifd.com



On Sun, Jun 17, 2012 at 11:01 AM, Erik Hjelmvik <erik.hjelmvik () gmail com>wrote:

You can use the -T fields switch and print "dns.qry.name" with tshark.

I've written a blog post to answer your question in better detail here:
http://netresec.com/?b=126C5CB

I hope it helps!

/erik


2012/6/15 nangergong <nangergong () gmail com>:

thanks, this is OK,
but how to get the query name from a dns request packet with tshark?
for example, the DNS request frame number is 29
how to get the query name from this packet?

On Tue, Jun 12, 2012 at 4:31 PM, <Tim.Poth () bentley com> wrote:


Something like this

!dns.qry.name eq www.example.com



From: wireshark-users-bounces () wireshark org
[mailto:wireshark-users-bounces () wireshark org] On Behalf Of nangergong
Sent: Tuesday, June 12, 2012 10:22 AM


To: wireshark-users () wireshark org
Subject: [Wireshark-users] are there any ways to filter specific DNS
queries



Hi, all:



    I want to filter out some specific DNS queries. These DNS queries

are

for some specific domain name or websites, for example www.example.com
    are there any ways for this filtering? Thanks!

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <

wireshark-users () wireshark org>

Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users

mailto:wireshark-users-request () wireshark org?subject=unsubscribe

___________________________________________________________________________

Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org

Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org

?subject=unsubscribe



--
blog: http://www.netresec.com/?page=Blog
twitter: http://twitter.com/netresec
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
            mailto:wireshark-users-request () wireshark org
?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

are there any ways to filter specific DNS queries nangergong (Jun 12)
- Re: are there any ways to filter specific DNS queries Stefan (Jun 12)
- Re: are there any ways to filter specific DNS queries Tim.Poth (Jun 12)
  - Re: are there any ways to filter specific DNS queries nangergong (Jun 15)
    - Re: are there any ways to filter specific DNS queries Erik Hjelmvik (Jun 17)
    - Re: are there any ways to filter specific DNS queries nangergong (Jun 20)
    - Re: are there any ways to filter specific DNS queries Tony Trinh (Jun 20)
- Re: are there any ways to filter specific DNS queries Graham Bloice (Jun 12)
- Re: are there any ways to filter specific DNS queries Stegman, Bill (Jun 12)
  - Re: are there any ways to filter specific DNS queries Sake Blok (Jun 12)
    - Re: are there any ways to filter specific DNS queries Stegman, Bill (Jun 12)