Wireshark · Wireshark-bugs: [Wireshark-bugs] [Bug 12807] New: DNS "contains" filters containing a dot do not work as other proto

Wireshark-bugs: [Wireshark-bugs] [Bug 12807] New: DNS "contains" filters containing a dot do not

Date: Thu, 01 Sep 2016 00:15:14 +0000

Bug ID	12807
Summary	DNS "contains" filters containing a dot do not work as other protocols do.
Product	Wireshark
Version	2.2.0
Hardware	x86
OS	Mac OS X 10.11
Status	UNCONFIRMED
Severity	Trivial
Priority	Low
Component	Dissection engine (libwireshark)
Assignee	bugzilla-admin@wireshark.org
Reporter	betty@netdetect.co

Created attachment 14872 [details]
dns trace from wiki.wireshark.org

Build Information:
Version 2.2.0rc2 (v2.2.0rc2-0-g7670a27 from master-2.2)

Copyright 1998-2016 Gerald Combs <gerald@wireshark.org> and contributors.
License GPLv2+: GNU GPL version 2 or later
<http://www.gnu.org/licenses/old-licenses/gpl-2.0.html>
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.

Compiled (64-bit) with Qt 5.3.2, with libpcap, without POSIX capabilities, with
GLib 2.36.0, with zlib 1.2.5, with SMI 0.4.8, with c-ares 1.10.0, with Lua
5.2.4, with GnuTLS 2.12.19, with Gcrypt 1.5.0, with MIT Kerberos, with GeoIP,
with QtMultimedia, without AirPcap.

Running on Mac OS X 10.11.6, build 15G31 (Darwin 15.6.0), with locale C, with
libpcap version 1.5.3 - Apple version 54, with GnuTLS 2.12.19, with Gcrypt
1.5.0, with zlib 1.2.5.
Intel(R) Core(TM) i7-4650U CPU @ 1.70GHz (with SSE4.2)

Built using llvm-gcc 4.2.1 (Based on Apple Inc. build 5658) (LLVM build
2336.9.00).

Wireshark is Open Source Software released under the GNU General Public
License.

Check the man page and http://www.wireshark.org for more information.
--
The display filter; dns contains .com, will never return any packets.  Yet the
filter; http contains .com does.  This is true for any trace file, but I
attached the dns trace from the wiki to check.

My guess is the dot as I have tried various permutations such as using specific
fields versus the whole header, and .net/.org, all to no avail.

Using "contains" with other protocols and a dot works exactly as expected.

You are receiving this mail because:

You are watching all bug changes.

Follow-Ups:
- [Wireshark-bugs] [Bug 12807] DNS "contains" filters containing a dot do not work as other protocols do.
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12807] DNS "contains" filters containing a dot do not work as other protocols do.
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12807] DNS "contains" filters containing a dot do not work as other protocols do.
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12807] DNS "contains" filters containing a dot do not work as other protocols do.
  - From: bugzilla-daemon
- [Wireshark-bugs] [Bug 12807] DNS "contains" filters containing a dot do not work as other protocols do.
  - From: bugzilla-daemon

Prev by Date: [Wireshark-bugs] [Bug 12806] When press the stop button, it may click the Restart button by chance
Next by Date: [Wireshark-bugs] [Bug 12122] OCFS2 Dissector does not function properly on Linux tcpdump output
Previous by thread: [Wireshark-bugs] [Bug 12806] When press the stop button, it may click the Restart button by chance
Next by thread: [Wireshark-bugs] [Bug 12807] DNS "contains" filters containing a dot do not work as other protocols do.
Index(es):
- Date
- Thread