Ethereal-users: RE: [Ethereal-users] how to capture only DNS packets byapplyingfilterin ethereal

Note: This archive is from the project's previous web site, ethereal.com. This list is no longer active.

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: "Vadiraj Kulkarni" <vkulkarni@xxxxxx>
Date: Fri, 20 Feb 2004 09:32:16 +0530
Hello Marco,
Can you please tell me which version of ethereal and winpcap you are using?.
I have already tried what you have suggested. But it is not working. Only
suspection is
on version of ethereal and winpcap.

Please tell me the version of winpcap and ethereal.


thanks
Vadiraj Kulkarni

-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx]On Behalf Of Marco van den
Bovenkamp
Sent: Thursday, February 19, 2004 7:12 PM
To: Ethereal user support
Subject: Re: [Ethereal-users] how to capture only DNS packets
byapplyingfilterin ethereal?


Moses Hernandez wrote:

> The reason you don't see the DNS response is because DNS will not respond
> back on port 53 it will only listen on that port for incoming requests.

DNS requests are sent *to* port 53 on the server (where it listens), and
the replies are sent *from* port 53.

'udp port 53' as capture filter (which matches either source or
destination port or both being 53) should capture both requests and
replies, and does so for me.

I can't explain why it doesn't work for him. Perhaps he could try just
'port 53', capturing both UDP & TCP? The server shouldn't use TCP
(although the client *might*), but that's all I can think of.

'dns' is not valid *capture* filter syntax; it's a display filter.

--

		Regards,

			Marco.

_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users