Hi,
[Please don't send Excel docs to the mailing list--especially if they
contain a picture. Not everyone has high speed Internet connections and
not everyone can read Excel docs.]
sara vanan wrote:
[...]
/home/saravanan/ethereal-0.99.0/tethereal -c 10 port 53
Capturing on eth0
[...]
it displays (www.google.co.in <http://www.google.co.in>) URL link IP.
Instead of this I want to filter only DNS. 192.168.16.67
<http://192.168.16.67/> and 192.168.16.106 <http://192.168.16.106/>.
client IP) (DNS server IP)
I had attached the sample excel file for your reference.
for this what kind of filters should I use in my command.
With a filter of just "dns" Wireshark will show you all the DNS queries
it sees.
If you want only DNS to/from the specific IP addresses listed, you could do:
dns && ip.addr == 192.168.16.67 && ip.addr == 192.168.16.106
for example.
If you want only DNS from a specific IP to a specific IP you could do:
dns && ip.src == 192.168.16.67 && ip.dest == 192.168.16.106