How to filter wireshark to see only dns queries that are sent received from by my computer

Question

I am new to wireshark and trying to write simple queries  To see the dns queries that are only sent from my computer or received by my computer  i tried the following   dns and ip addr  159 25 78 7   where 159 25 78 7 is my ip address  It looks like i did it when i look at the filter results but i wanted to be sure about that  Does that filter really do what i am trying to find out  I doubted a little bit because in the filter results i also see only 1 other result whose protocol is ICMP and its info says  Destination unreachable  Port unreachable     Can anyone help me with this   Thanks

User · Accepted Answer

I would go through the packet capture and see if there are any records that I know I should be seeing to validate that the filter is working properly and to assuage any doubts.

That said, please try the following filter and see if you're getting the entries that you think you should be getting:

dns and ip.dst==159.25.78.7 or dns and ip.src==159.57.78.7

User · Answer

Rather than using a DisplayFilter you could use a very simple CaptureFilter like  port 53   See the  Capture only DNS  port 53  traffic  example on the CaptureFilters wiki

User · Answer

use this filter    dns flags response    0  and  ip src    159 25 78 7    what this query does is it only gives dns queries originated from your ip

[dns] How to filter wireshark to see only dns queries that are sent/received from/by my computer?

Examples related to dns

Examples related to wireshark

Examples related to packet-capture