This is our old Q&A Site. Please post any new questions and answers at ask.wireshark.org.

My DNS trace contains more than 1 'Answer RRs'. How do I extract 'Name' (dns.resp.name) and 'Addr' (dns.resp.addr) field from each response & print it in same line as requested domain name. I tried using -Tfields -e "dns.resp.name" -e "dns.resp.addr" but I don't get any response at all.

asked 15 Jan '15, 08:20

Vijay%20Gharge's gravatar image

Vijay Gharge
36151620
accept rate: 0%


Hello,

I found issue. It is due to older version I could not print those fields. Thanks to Kali live linux CDs I found newer version !

After processing data using -T & -e options, I got request / response data on separate lines and then just wrote following bash script to map request & response on the same line.

#!/bin/bash
for i in `cat Gn_ADNS1.txt`
do
        line=`echo $i`
        response_frame=`echo $line | awk -F',' '{ print $2}'`
        if [ ${#response_frame} -gt 0 ] ; then
                req=`cat Gn_ADNS1.txt | grep -w "^$response_frame"`
                echo "$req => $line"
#       else
#               echo "$line !="
        fi
done
permanent link

answered 08 Mar '15, 09:22

Vijay%20Gharge's gravatar image

Vijay Gharge
36151620
accept rate: 0%

edited 08 Mar '15, 09:24

Your answer
toggle preview

Follow this question

By Email:

Once you sign in you will be able to subscribe for any updates here

By RSS:

Answers

Answers and Comments

Markdown Basics

  • *italic* or _italic_
  • **bold** or __bold__
  • link:[text](http://url.com/ "title")
  • image?![alt text](/path/img.jpg "title")
  • numbered list: 1. Foo 2. Bar
  • to add a line break simply add two spaces to where you would like the new line to be.
  • basic HTML tags are also supported

Question tags:

×832
×109
×55

question asked: 15 Jan '15, 08:20

question was seen: 3,557 times

last updated: 08 Mar '15, 09:24

p​o​w​e​r​e​d by O​S​Q​A