Hi,
Yes the filter !(dns.flags.rcode == 0) works.
I have a domain for example, abc.com.
I have A record for abc,com but NO SRV record.
If a client queries for SRV record for abc.com, it should result in
NXRRSET ?
I have lot of such queries for SRV record, so I feel I should see
NXRRSET in my wireshark for all those queries.
Regards
Abdul Khader
On 3/29/2017 1:44 PM, Jaap Keuter wrote:
Hi,
Oke, so you’re using an up to date Wireshark version, that’s good.
How about filtering out all ‘problems’, using:
!(dns.flags.rcode == 0)
Does anything show up? Does it give you a clue? Why are you convinced NXRRSET should be present?
Thanks,
Jaap
On 29 Mar 2017, at 11:35, Abdul Khader <akhader@xxxxxxxxxxxxxxx> wrote:
Hi,
I am using Version 2.2.5 (v2.2.5-0-g440fd4d).
dns.flags.rcode == 8 does not work. It's not giving any results.
Regards
On 3/29/2017 1:32 PM, Jaap Keuter wrote:
Hi,
According to RFC 6895 that value (8) is used as RCODE for NXRRSET, so the filter
dns.flags.rcode == 8
Should be fine. What Wireshark version are you using?
Thanks,
Jaap
On 29 Mar 2017, at 10:23, Abdul Khader <akhader@xxxxxxxxxxxxxxx> wrote:
Dear All,
Any wireshark filter which would give me NXRRSET and does not include NXDOMAIN
To get NXDOMAIN, we can use dns.flags.rcode == 3
But how do we get NXRRSET ?
dns.flags.rcode == 8 or dns.flags.rcode == 0x8 does not work.
___________________________________________________________________________
Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives: https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe