Hi Abdul,
On Wed, Feb 08, 2017 at 10:18:18AM +0400, Abdul Khader wrote:
> Dear All,
> I have DNS capture. I would like to know total DNS queries against each
> domain.
> For example :
> If there are DNS queries for google.com, facebook.com and 1000 other domains
> etc in my capture file, I want to know total queries for against each
> domain.
Using the "tshark" program, you can produce a text file with all names
from DNS queries. Using coreutils tools (sort and uniq), you can then
for obtain a report. For example:
tshark -r dns.pcapng -Y dns.flags.response==0 -Tfields -e dns.qry.name | sort | uniq -c | sort -n
Note that it happens quite often that two queries are done for each
name, an A and AAAA lookup (for IPv4 and IPv6 addresses respectively).
This can result in larger numbers than you would expect.
--
Kind regards,
Peter Wu
https://lekensteyn.nl