• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 211
  • Last Modified:

wireshark setup a filter on a dns server

I have wireshark installed  on my dns/dc  2008 r2 server, and I don't know how to setup a filter for a dns query to a host.
The reason is that the host I am querying are part of a conditional forwarded, which has been having difficulty with dns  resolutions for the past four days.  The dns connections does go through  a vpn tunnel , which is working. and I can get to the site via ip address but sporadically I can't use dns to get to the site. Thus I wanted to setup a wireshark capture to validate dns from the dns/dc server to the destintation hosts
0
jim3725
Asked:
jim3725
  • 3
  • 2
  • 2
1 Solution
 
gheistCommented:
udp.port == 53
0
 
bbaoIT ConsultantCommented:
ip.addr == 1.2.3.4 && udp.port == 53

where 1.2.3.4 is your DNS server's IP address.
0
 
gheistCommented:
usually DNS request log tells something. if cache was too slow, or upstream DNS etc.
0
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

 
jim3725Author Commented:
bbao this works but how can I narrow down to a specific destination
0
 
gheistCommented:
There is autocomplete filter builder in wireshark
0
 
bbaoIT ConsultantCommented:
> how can I narrow down to a specific destination

i think you want to narrow down to the DNS traffic between the DNS server and a specifoc computer only. am i correct?

if so, try the following filter.

(ip.src == 1.2.3.4 && ip.dst == 5.6.7.8 && udp.port == 53) || (ip.src == 5.6.7.8 && ip.dst == 1.2.3.4 && udp.port == 53)

where 1.2.3.4 is the DNS server and 5.6.7.8 is the DNS client computer.
0
 
jim3725Author Commented:
thanks a lot bbao, this is very helpfull
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

  • 3
  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now