Solved

Interrogating Wireshark for DNS queries/responses

Posted on 2014-10-12
4
1,158 Views
Last Modified: 2014-10-19
Heyas,

Are there any other commands inside Wireshark other than 'dns.resp.addr' I could use to find what DNS addresses are being requested. My reason for doing this is that I am trying to exclude Apple traffic from my proxy and I would rather do it via DNS address than exclude whole ip ranges.

Thank you.
0
Comment
Question by:Zack
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 24

Assisted Solution

by:DMTechGrooup
DMTechGrooup earned 250 total points
ID: 40378038
How many computers are you tying to scan for?  This might be something worth looking at.

http://www.nirsoft.net/utils/dns_query_sniffer.html

Also

http://wiki.wireshark.org/DNS
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40378140
Just be aware that dns.resp.addr is only supported in wireshark version 1.4.0 to 1.10.10.  After 1.10.10 it does not exist.

What proxy are you running?
0
 
LVL 64

Accepted Solution

by:
btan earned 250 total points
ID: 40378940
You can use the -T fields switch and print "dns.qry.name" with tshark.
http://www.netresec.com/?page=Blog&month=2012-06&post=Extracting-DNS-queries
(sidenote - There is a DNS tab in NetworkMiner, which displays a nice list of all DNS queries and responses in a pcap file.)

or You can also use  tshark -2 -R "dns && (dns.flags.response == 0) && ! dns.response_in"
https://ask.wireshark.org/questions/18487/filter-dns-queries-without-matched-responses
0
 

Author Closing Comment

by:Zack
ID: 40391360
Cheers guys those apps are awesome.
0

Featured Post

Webinar: Aligning, Automating, Winning

Join Dan Russo, Senior Manager of Operations Intelligence, for an in-depth discussion on how Dealertrack, leading provider of integrated digital solutions for the automotive industry, transformed their DevOps processes to increase collaboration and move with greater velocity.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Meet the world's only “Transparent Cloud™” from Superb Internet Corporation. Now, you can experience firsthand a cloud platform that consistently outperforms Amazon Web Services (AWS), IBM’s Softlayer, and Microsoft’s Azure when it comes to CPU and …
I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…

724 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question