-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Vadiraj Kulkarni wrote: | hello, | As i am only interested in DNS response packet, i am trying to apply filters | in Ethereal to capture. | I have tried all the below commands. Still not working. | | Say: | DNS is at 192.168.1.1 | Domain : abc.def.com | My system : 192.168.1.10 | | I am exuting command nslookup abc.def.com 192.168.1.1 | | Filters applied | 1). port 53 - Etehreal captures only DNS query packets from 192.168.1.10 to | 192.168.1.1 | 2). udp port 53 - Same as above | 3). udp src port 53 - Same as above | 4). udp dst port 53 - Same as above | 5). ip host 192.168.1.1 and udp port 53 - save as above | 6). proto domain - Same as above | 6). udp src port 53 - No packets captured. (This is what i am excepting. | because DNS response will come from src port 53) | | Can anyone of try to run nslookup and tell me how to capture only DNS | response? | | Thanks | Vadiraj Kulkarni
Assuming you are only interested in UDP DNS traffic you could try
'port 53 and udp[2] & 0x80 == 0x80'
For TCP it looks like it should be
'port 53 and tcp[4] & 0x80 == 0x80'
Works for me.
- -- There's no point in being grown up if you can't be childish sometimes. ~ -- Dr. Who -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFANnbDUpRmj8xnsFgRAnntAKCYrupyHiRoPPGgDYHZWbB44FkD4ACfdMkb jAELM92SDX+tIGp7eRylVrg= =mTzx -----END PGP SIGNATURE-----
_______________________________________________ Ethereal-users mailing list [EMAIL PROTECTED] http://www.ethereal.com/mailman/listinfo/ethereal-users
