Wireshark-dev: Re: [Wireshark-dev] Getting destination IP
Date Index · Thread Index · Other Months · All Mailing Lists
Date Prev · Date Next · Thread Prev · Thread Next
From: "sara vanan" <saravananbeitjj@xxxxxxxxx>
Date: Wed, 21 Mar 2007 20:22:52 +0900

I saw that today only and I tried executing in Linux OS but it gives error( Invalid filter).

Thanks for mailing me.



On 3/21/07, Jeff Morriss <jeff.morriss@xxxxxxxxxxx> wrote:

Did you see my answer to your question in your previous email?  (At the
top of the email I said something about the Excel doc but I tried to
answer your question below that.)

sara vanan wrote:
>
> Hi,
>
> I am doing a DNS proxy for IPV6. For this I have to get the destination
> IP(DNS Sever IP stored  in the client PC.
> I am trying to use Wireshark source code for getting the desdtination IP.
>
> for example
>
> client IP -> 192.168.16.67 <http://192.168.16.67/>        DNS (
> destination IP)  -> 192.168.16.106 <http://192.168.16.106/>
>
> By using the Wireshark GUI  I use DNS filter  and it displays
>
> source IP                   destination IP
> 192.168.16.67 <http://192.168.16.67/>
> 192.168.16.106                  Request < http://192.168.16.106/>
>
> then
> 192.168.16.106 <http://192.168.16.106/>
> 192.168.16.67                     Response <http://192.168.16.67/>
>
>
> And in LINUX  when I am executing  with the  command
>
> /home/saravanan/ethereal- 0.99.0 /tethereal -c 10 port 53
>
>
> [root@hestia ethereal-0.99.0 ]#
> /home/saravanan/ethereal-0.99.0/tethereal -c 5 port 53
> Capturing on eth0
>   0.000000 192.168.16.67 <http://192.168.16.67/> -> 192.168.16.106
> <http://192.168.16.106/> DNS Standard query A www.samedi.org
> <http://www.samedi.org/>
>   0.004528 192.168.16.106 < http://192.168.16.106/> -> 206.51.233.130
> <http://206.51.233.130/> DNS Standard query A www.samedi.org
> <http://www.samedi.org/>
>   0.177348 206.51.233.130 <http://206.51.233.130/> -> 192.168.16.106
> <http://192.168.16.106/> DNS Standard query response A 206.51.233.130
> < http://206.51.233.130/>
>   0.178324 192.168.16.106 <http://192.168.16.106/> -> 192.168.16.67
> <http://192.168.16.67/> DNS Standard query response A 206.51.233.130
> <http://206.51.233.130/ >
>   6.968992 192.168.16.67 <http://192.168.16.67/> -> 192.168.16.106
> < http://192.168.16.106/> DNS Standard query A statse.webtrendslive.com
> <http://statse.webtrendslive.com/>
>   6.970539 192.168.16.106 <http://192.168.16.106/> -> 220.73.220.4
> < http://220.73.220.4/> DNS Standard query A statse.webtrends.akadns.net
> <http://statse.webtrends.akadns.net/ >
>   7.028039 220.73.220.4 <http://220.73.220.4/> -> 192.168.16.106
> < http://192.168.16.106/> DNS Standard query response A 63.236.111.50
> <http://63.236.111.50/>
>
>
> it displays ( www.google.co.in <http://www.google.co.in/>) URL link IP.
>
> Instead of this I want to filter only the source IP and destination
> IP.   For this what kind of filters should I use.
>
> Kindly help me regarding this.
>
>
> Thanks
> Saravanan
>
>
>
>
>
>
>
>
>
>
>
> ------------------------------------------------------------------------
>
> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev