Could someone help me write a filter to select all DNS conversations with response "No such name". I believe this is a set of Flags value 0x8183, and not an actual text response. Thanks in Advance. asked 03 Jun '15, 07:42  fixit9660 |
2 Answers:
Sure. It's "dns.flags == 0x8183" answered 03 Jun '15, 07:49  Jasper ♦♦ |
Take a look at MATE You can group request/response with it. In the online MATE library you'll find a simple DNS example, which you'll have to extend to match "dns.flags == 0x8183" Regards answered 03 Jun '15, 08:33  Kurt Knochner ♦ |
Yes that shows the responses, but I need the whole conversation, to show the actual query too please.
Why? the query is repeated in the answer, too. And it's not possible to filter on packet relationships, you can only match on things that exists in a packet.
OK it's in the Queries section but I need to open the packet to see it. I was hoping to see it in the traffic flow on the screen. Unless you can tell me how to save the Queries to a file for further analysis? Otherwise I'll have to open 10,000's of packets manually.
Well, you could just add a custom column, displaying "dns.qry.name" to display the query FQDNs in an extra column in the packet list.
That's exactly what I want! Thank you for the prompt and accurate help.