hello,
As i am only interested in DNS response packet, i am trying to apply filters
in Ethereal to capture.
I have tried all the below commands. Still not working.
Say:
DNS is at 192.168.1.1
Domain : abc.def.com
My system : 192.168.1.10
I am exuting command nslookup abc.def.com 192.168.1.1
Filters applied
1). port 53 - Etehreal captures only DNS query packets from 192.168.1.10 to
192.168.1.1
2). udp port 53 - Same as above
3). udp src port 53 - Same as above
4). udp dst port 53 - Same as above
5). ip host 192.168.1.1 and udp port 53 - save as above
6). proto domain - Same as above
6). udp src port 53 - No packets captured. (This is what i am excepting.
because DNS response will come from src port 53)
Can anyone of try to run nslookup and tell me how to capture only DNS
response?
Thanks
Vadiraj Kulkarni
-----Original Message-----
From: ethereal-users-bounces@xxxxxxxxxxxx
[mailto:ethereal-users-bounces@xxxxxxxxxxxx]On Behalf Of Marco van den
Bovenkamp
Sent: Friday, February 20, 2004 12:34 PM
To: Ethereal user support
Subject: Re: [Ethereal-users] how to capture only DNSpackets
byapplyingfilterin ethereal?
Vadiraj Kulkarni wrote:
> Can you please tell me which version of ethereal and winpcap you are
using?.
> I have already tried what you have suggested. But it is not working. Only
> suspection is
> on version of ethereal and winpcap.
>
> Please tell me the version of winpcap and ethereal.
I'm not using Windows; I'm running Linux, with libpcap 0.7.2 and the
latest CVS snapshot.
But unless something very odd is happening, I don't see that making a
difference in this case.
If you capture all traffic from and to your DNS server (using the IP
address as a filter), like someone else suggested, how do the DNS
replies look, if you see them?
--
Regards,
Marco.
_______________________________________________
Ethereal-users mailing list
Ethereal-users@xxxxxxxxxxxx
http://www.ethereal.com/mailman/listinfo/ethereal-users