Hello, As in the title, does anyone know how to capture the dns packets but only for external resources? If I simply specify port 53, then it captures all the packets including the internal resources which are on 10.0.0.0/24 range. 10.0.0.0/24 is a range I need to exclude to capture only external resources. I also tried port 53 and not dst net 10.0.0.0/24 but does not work. Thanks in advance, Peter asked 27 Jul '11, 02:53  wooju |
One Answer:
Yes, you can filter out the whole subnet except for one host with the following filter: answered 28 Jul '11, 11:24  SYN-bit ♦♦ |
Sorry, i specified wrong interface and the quare actually works.
Ok, as I mentioned, the qury worked, but reqiarements changed a bit.
Is there a way I can exclude destination network 10.0.0.0/8 except of host 10.X.X.X ?
Curret code:
port 53 and not dst net 10.0.0.0/8Thanks in advance