Wireshark-dev: Re: [Wireshark-dev] Getting destination IP
From: "sara vanan" <saravananbeitjj@xxxxxxxxx>
Date: Tue, 20 Mar 2007 19:08:16 +0900

Ok,

Here after I will not send any attachments to the wireshark developer list.
Sorry for attaching the excel sheet.



On 3/20/07, Jeff Morriss <jeff.morriss@xxxxxxxxxxx> wrote:

Hi,

[Please don't send Excel docs to the mailing list--especially if they
contain a picture.  Not everyone has high speed Internet connections and
not everyone can read Excel docs.]

sara vanan wrote:
[...]
> /home/saravanan/ethereal-0.99.0/tethereal -c 10 port 53
> Capturing on eth0
[...]
> it displays (www.google.co.in < http://www.google.co.in>) URL link IP.
> Instead of this I want to filter only   DNS. 192.168.16.67
> <http://192.168.16.67/>   and   192.168.16.106 <http://192.168.16.106/>.
>
> client IP)                (DNS server IP)
> I had attached the sample excel file for your reference.
>
> for this what kind of filters should I use in my command.

With a filter of just "dns" Wireshark will show you all the DNS queries
it sees.

If you want only DNS to/from the specific IP addresses listed, you could do:

dns && ip.addr == 192.168.16.67 && ip.addr == 192.168.16.106

for example.

If you want only DNS from a specific IP to a specific IP you could do:

dns && ip.src == 192.168.16.67 && ip.dest == 192.168.16.106
_______________________________________________
Wireshark-dev mailing list
Wireshark-dev@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-dev