SyntaxFix

[dns] How to filter wireshark to see only dns queries that are sent/received from/by my computer?

I am new to wireshark and trying to write simple queries. To see the dns queries that are only sent from my computer or received by my computer, i tried the following:

dns and ip.addr==159.25.78.7

where 159.25.78.7 is my ip address. It looks like i did it when i look at the filter results but i wanted to be sure about that. Does that filter really do what i am trying to find out? I doubted a little bit because in the filter results i also see only 1 other result whose protocol is ICMP and its info says "Destination unreachable (Port unreachable)".

Can anyone help me with this?

Thanks

This question is related to dns wireshark packet-capture

The answer is

Rather than using a DisplayFilter you could use a very simple CaptureFilter like

port 53

See the "Capture only DNS (port 53) traffic" example on the CaptureFilters wiki.

use this filter:

(dns.flags.response == 0) and (ip.src == 159.25.78.7)

what this query does is it only gives dns queries originated from your ip

Source: Stackoverflow.com

Examples related to dns

How is VIP swapping + CNAMEs better than IP swapping + A records? ping: google.com: Temporary failure in name resolution What's the source of Error: getaddrinfo EAI_AGAIN? How do I solve the "server DNS address could not be found" error on Windows 10? Creating self signed certificate for domain and subdomains - NET::ERR_CERT_COMMON_NAME_INVALID How to force DNS refresh for a website? ssh: Could not resolve hostname [hostname]: nodename nor servname provided, or not known How to filter wireshark to see only dns queries that are sent/received from/by my computer? How can I list ALL DNS records? How to redirect DNS to different ports

Examples related to wireshark

How to filter wireshark to see only dns queries that are sent/received from/by my computer? Understanding [TCP ACKed unseen segment] [TCP Previous segment not captured] What is the reason and how to avoid the [FIN, ACK] , [RST] and [RST, ACK] Capturing mobile phone traffic on Wireshark Why doesn't wireshark detect my interface? Wireshark localhost traffic capture Monitor network activity in Android Phones How do I monitor all incoming http requests? Wireshark vs Firebug vs Fiddler - pros and cons? How to filter by IP address in Wireshark?

Examples related to packet-capture

How can I capture packets in Android? How to filter wireshark to see only dns queries that are sent/received from/by my computer? Wireshark localhost traffic capture iPhone and WireShark

Tags

Dynamic-forms Literate-programming Matrix Database-caching Dynamic-ip Key-bindings Reddot Malformed Wm-command Queueuserworkitem Canonicalization Capslock Ora-00907 Slidingdrawer Ttstyledtextlabel Clr4.0 Pre-compilation Fmle Adorner Null-object-pattern Congestion-control Petri-net Intrusion-detection Qif Libdc1394 Socketchannel Null-uniqueidentifier Rightjs Multi-user Safe-browsing Memory-editing Run-app Time-t Jsr223 Boost-statechart Fallback Css-parsing Selecteditemtemplate Cloud-hosting Vliw Pscx Server-application Jmenuitem Livecycle Struct Fuslogvw Wordpress Pathelement Compc Msbuild Geshi Proxy-authentication Udev Latexmk mysql-loadfile Esb-toolkit-2.0 Batch-rename Tinn-r Pdfptable Datarowview Autonumber Magnet-uri Typedreference Alternate Sift File-security Splat Namespace-organisation Shellexecute Autocomplete Check-constraints Formatter Google-local-business Remedy Framemaker Working-directory Media Ora-12705 Zend-rest Datapersistance Asyncfileupload Oembed Least-squares Object-composition Django-comments Pygame Pastrykit Invocation Unjar Standards-compliance Feedly Mod-rails Data-dump Nbehave Assembly-attributes Emacs-ediff Sharedservicesprovider Entityset Pocketc Dimension