Solved

Interrogating Wireshark for DNS queries/responses

Posted on 2014-10-12
4
969 Views
Last Modified: 2014-10-19
Heyas,

Are there any other commands inside Wireshark other than 'dns.resp.addr' I could use to find what DNS addresses are being requested. My reason for doing this is that I am trying to exclude Apple traffic from my proxy and I would rather do it via DNS address than exclude whole ip ranges.

Thank you.
0
Comment
Question by:Zack
4 Comments
 
LVL 24

Assisted Solution

by:DMTechGrooup
DMTechGrooup earned 250 total points
ID: 40378038
How many computers are you tying to scan for?  This might be something worth looking at.

http://www.nirsoft.net/utils/dns_query_sniffer.html

Also

http://wiki.wireshark.org/DNS
0
 
LVL 57

Expert Comment

by:giltjr
ID: 40378140
Just be aware that dns.resp.addr is only supported in wireshark version 1.4.0 to 1.10.10.  After 1.10.10 it does not exist.

What proxy are you running?
0
 
LVL 62

Accepted Solution

by:
btan earned 250 total points
ID: 40378940
You can use the -T fields switch and print "dns.qry.name" with tshark.
http://www.netresec.com/?page=Blog&month=2012-06&post=Extracting-DNS-queries
(sidenote - There is a DNS tab in NetworkMiner, which displays a nice list of all DNS queries and responses in a pcap file.)

or You can also use  tshark -2 -R "dns && (dns.flags.response == 0) && ! dns.response_in"
https://ask.wireshark.org/questions/18487/filter-dns-queries-without-matched-responses
0
 

Author Closing Comment

by:Zack
ID: 40391360
Cheers guys those apps are awesome.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Let’s list some of the technologies that enable smooth teleworking. 
For many of us, the  holiday season kindles the natural urge to give back to our friends, family members and communities. While it's easy for friends to notice the impact of such deeds, understanding the contributions of businesses and enterprises i…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now