Solved

Interrogating Wireshark for DNS queries/responses

Posted on 2014-10-12
4
997 Views
Last Modified: 2014-10-19
Heyas,

Are there any other commands inside Wireshark other than 'dns.resp.addr' I could use to find what DNS addresses are being requested. My reason for doing this is that I am trying to exclude Apple traffic from my proxy and I would rather do it via DNS address than exclude whole ip ranges.

Thank you.
0
Comment
Question by:Zack
4 Comments
 
LVL 24

Assisted Solution

by:DMTechGrooup
DMTechGrooup earned 250 total points
ID: 40378038
How many computers are you tying to scan for?  This might be something worth looking at.

http://www.nirsoft.net/utils/dns_query_sniffer.html

Also

http://wiki.wireshark.org/DNS
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40378140
Just be aware that dns.resp.addr is only supported in wireshark version 1.4.0 to 1.10.10.  After 1.10.10 it does not exist.

What proxy are you running?
0
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 40378940
You can use the -T fields switch and print "dns.qry.name" with tshark.
http://www.netresec.com/?page=Blog&month=2012-06&post=Extracting-DNS-queries
(sidenote - There is a DNS tab in NetworkMiner, which displays a nice list of all DNS queries and responses in a pcap file.)

or You can also use  tshark -2 -R "dns && (dns.flags.response == 0) && ! dns.response_in"
https://ask.wireshark.org/questions/18487/filter-dns-queries-without-matched-responses
0
 

Author Closing Comment

by:Zack
ID: 40391360
Cheers guys those apps are awesome.
0

Featured Post

Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
Internet Business Fax to Email Made Easy - With  eFax Corporate (http://www.enterprise.efax.com), you'll receive a dedicated online fax number, which is used the same way as a typical analog fax number. You'll receive secure faxes in your email, f…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

785 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question