Wireshark-users: Re: [Wireshark-users] How to parse incoming DNS responses but do not query DNS s
From: Marco Zuppone <msz@xxxxxx>
Date: Wed, 9 Nov 2011 23:48:03 +0000
Hello,

maybe something like this??

dns && (dns && (!ip==<mydns1> || !ip==<mydns2> || .. || !ip==<mydnsN>) )

I have not tried it yet (is night here :-) )
 StockTrader - Marco

On 9 Nov 2011, at 23:25, Matthew wrote:

> Hello,
> 
> I have already posted this to
> http://ask.wireshark.org/questions/7339/parse-incoming-dns-but-do-not-query-dns-server
> but know it is probably more likely to get answered on here:
> 
> I have a packet capture from my LAN that contains a DNS query (wireless)
> and response (192.168.0.7).
> 
> When I copy it to another network and turn on name resolution it
> attempts to ask the DNS server for the host name of the IP (192.168.0.7)
> of the traffic... then gives up because the DNS server doesn't have it,
> /but/ then notices that there is a DNS packet in the file already and
> uses the results of that. The HTTP session is then showing a destination
> of "wireless".
> 
> Turning off host name resolution shows only connections to 192.168.0.7
> 
> How can I make Wireshark (or tshark) look at the DNS in the file and see
> if it resolves the IP addresses to hostnames but *not* have it issue
> queries to the DNS server of my machine which take a while to time out
> and slow the loading of files down?
> 
> Basically I want to do a filter on "ip.host == wireless" which the trace
> contains the DNS request and response to (and it works if I leave name
> resolution enabled even on a different network) but I want to cut out
> querying my DNS servers (which turning on name resolution does).
> 
> Thanks for your time,
> Matthew
> 
> 
> ___________________________________________________________________________
> Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives:    http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
>             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe