Richard Sharpe <realrichardsharpe@...> writes:
> Sure, I can do the search, and I did, but the actual info I am
> interested in, like the priority, etc, is buried among 230 entries and
> I have to patiently scroll until I find it.
>
> That is hard to do.
I see your point. My attempt using tshark didn't produce very good results
either.
tshark -r kdcqueries.pcap -Y dns.resp.addr -T fields -e frame.number -e
dns.resp.name -e dns.resp.addr
There does seem to be a limitation in the search feature where it only finds
a packet containing a match, but not each highlighted matching instance of
the search criteria within a packet when you "search next/previous".