hello, As i am only interested in DNS response packet, i am trying to apply filters in Ethereal to capture. I have tried all the below commands. Still not working.
Say: DNS is at 192.168.1.1 Domain : abc.def.com My system : 192.168.1.10 I am exuting command nslookup abc.def.com 192.168.1.1 Filters applied 1). port 53 - Etehreal captures only DNS query packets from 192.168.1.10 to 192.168.1.1 2). udp port 53 - Same as above 3). udp src port 53 - Same as above 4). udp dst port 53 - Same as above 5). ip host 192.168.1.1 and udp port 53 - save as above 6). proto domain - Same as above 6). udp src port 53 - No packets captured. (This is what i am excepting. because DNS response will come from src port 53) Can anyone of try to run nslookup and tell me how to capture only DNS response? Thanks Vadiraj Kulkarni -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Marco van den Bovenkamp Sent: Friday, February 20, 2004 12:34 PM To: Ethereal user support Subject: Re: [Ethereal-users] how to capture only DNSpackets byapplyingfilterin ethereal? Vadiraj Kulkarni wrote: > Can you please tell me which version of ethereal and winpcap you are using?. > I have already tried what you have suggested. But it is not working. Only > suspection is > on version of ethereal and winpcap. > > Please tell me the version of winpcap and ethereal. I'm not using Windows; I'm running Linux, with libpcap 0.7.2 and the latest CVS snapshot. But unless something very odd is happening, I don't see that making a difference in this case. If you capture all traffic from and to your DNS server (using the IP address as a filter), like someone else suggested, how do the DNS replies look, if you see them? -- Regards, Marco. _______________________________________________ Ethereal-users mailing list [EMAIL PROTECTED] http://www.ethereal.com/mailman/listinfo/ethereal-users _______________________________________________ Ethereal-users mailing list [EMAIL PROTECTED] http://www.ethereal.com/mailman/listinfo/ethereal-users
