?
Solved

Interrogating Wireshark for DNS queries/responses

Posted on 2014-10-12
4
Medium Priority
?
1,406 Views
Last Modified: 2014-10-19
Heyas,

Are there any other commands inside Wireshark other than 'dns.resp.addr' I could use to find what DNS addresses are being requested. My reason for doing this is that I am trying to exclude Apple traffic from my proxy and I would rather do it via DNS address than exclude whole ip ranges.

Thank you.
0
Comment
Question by:Zack
4 Comments
 
LVL 24

Assisted Solution

by:DMTechGrooup
DMTechGrooup earned 1000 total points
ID: 40378038
How many computers are you tying to scan for?  This might be something worth looking at.

http://www.nirsoft.net/utils/dns_query_sniffer.html

Also

http://wiki.wireshark.org/DNS
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40378140
Just be aware that dns.resp.addr is only supported in wireshark version 1.4.0 to 1.10.10.  After 1.10.10 it does not exist.

What proxy are you running?
0
 
LVL 66

Accepted Solution

by:
btan earned 1000 total points
ID: 40378940
You can use the -T fields switch and print "dns.qry.name" with tshark.
http://www.netresec.com/?page=Blog&month=2012-06&post=Extracting-DNS-queries
(sidenote - There is a DNS tab in NetworkMiner, which displays a nice list of all DNS queries and responses in a pcap file.)

or You can also use  tshark -2 -R "dns && (dns.flags.response == 0) && ! dns.response_in"
https://ask.wireshark.org/questions/18487/filter-dns-queries-without-matched-responses
0
 

Author Closing Comment

by:Zack
ID: 40391360
Cheers guys those apps are awesome.
0

Featured Post

Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Tech spooks aren't just for those who are tech savvy, it also happens to those of us running a business. Check out the top tech spooks for business owners.
This article will help to fix the below errors for MS Exchange Server 2016 I. Certificate error "name on the security certificate is invalid or does not match the name of the site" II. Out of Office not working III. Make Internal URLs and Externa…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …

593 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question