Filtering DNS traffic
DNS is a protocol responsible for resolving names to the IP addresses. In this recipe, we will learn how to filter important parameters that are related to the DNS service.
Getting ready
When suspecting a network problem, port mirror the suspected server or install Wireshark on it, then, start capturing the data.
How to do it...
There are some common filters that will assist you in troubleshooting DNS problems. The common display filters are given as follows:
- The basic filter is simply for filtering DNS traffic. The filter is
dns.- For filtering only DNS queries we have
dns.flags.response == 0 - For filtering only DNS responses we have
dns.flags.response == 1
- For filtering only DNS queries we have
- For filtering error codes, we have the following filters:
- No error (rcode—reply ...
Get Network Analysis Using Wireshark Cookbook now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
