Wireshark mailing list archives
Re: How to breakdown the dns queries and show total number against each domain
From: Jeff Morriss <jeff.morriss.ws () gmail com>
Date: Wed, 8 Feb 2017 10:33:24 -0500
As mentioned by Graham yesterday you need to use the "unsubscribe" option at the bottom of each email in order to unsubscribe from this mailing list. On Wed, Feb 8, 2017 at 9:46 AM, Sherry Herdman <sherry.herdman1 () gmail com> wrote:
I would like the community to stop contacting me... On Feb 8, 2017 9:32 AM, "Peter Wu" <peter () lekensteyn nl> wrote:Hi Abdul, On Wed, Feb 08, 2017 at 10:18:18AM +0400, Abdul Khader wrote:Dear All, I have DNS capture. I would like to know total DNS queries against each domain. For example : If there are DNS queries for google.com, facebook.com and 1000 otherdomainsetc in my capture file, I want to know total queries for against each domain.Using the "tshark" program, you can produce a text file with all names from DNS queries. Using coreutils tools (sort and uniq), you can then for obtain a report. For example: tshark -r dns.pcapng -Y dns.flags.response==0 -Tfields -e dns.qry.name | sort | uniq -c | sort -n Note that it happens quite often that two queries are done for each name, an A and AAAA lookup (for IPv4 and IPv6 addresses respectively). This can result in larger numbers than you would expect. -- Kind regards, Peter Wu https://lekensteyn.nl ____________________________________________________________ _______________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubs cribe____________________________________________________________ _______________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject= unsubscribe
___________________________________________________________________________ Sent via: Wireshark-users mailing list <wireshark-users () wireshark org> Archives: https://www.wireshark.org/lists/wireshark-users Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users mailto:wireshark-users-request () wireshark org?subject=unsubscribe
Current thread:
- How to breakdown the dns queries and show total number against each domain Abdul Khader (Feb 07)
- Re: How to breakdown the dns queries and show total number against each domain Hugo van der Kooij (Feb 08)
- Re: How to breakdown the dns queries and show total number against each domain Peter Wu (Feb 08)
- Re: How to breakdown the dns queries and show total number against each domain Sherry Herdman (Feb 08)
- Re: How to breakdown the dns queries and show total number against each domain Jeff Morriss (Feb 08)
- Re: How to breakdown the dns queries and show total number against each domain Abdul Khader (Feb 08)
- Re: How to breakdown the dns queries and show total number against each domain Sherry Herdman (Feb 08)