Wireshark · Wireshark-users: [Wireshark-users] Tshark DNS Query Response Answer Addr

Wireshark-users: [Wireshark-users] Tshark DNS Query Response Answer Addr

From: Blake Hartstein <urule99@xxxxxxxxx>

Date: Wed, 14 May 2008 21:40:11 -0400

I'm trying to find an appropriate filter for the IP address in a DNSresponse, a filter that doesn't currently exist (dns.resp.addr).

Either of these values is what I'm looking for:
   crl.microsoft.com: type A, class IN, addr 131.107.115.28
   Addr: 131.107.115.28

Here is the full packet layout, using the command: $ tshark -r my.pcap -V -n
Domain Name System (response)
   [Request In: 1]
   [Time: 0.040794000 seconds]
   Transaction ID: 0x2a34
   Flags: 0x8180 (Standard query response, No error)
   Questions: 1
   Answer RRs: 1
   Authority RRs: 0
   Additional RRs: 0
   Queries
       crl.microsoft.com: type A, class IN
           Name: crl.microsoft.com
           Type: A (Host address)
           Class: IN (0x0001)
   Answers
       crl.microsoft.com: type A, class IN, addr 131.107.115.28
           Name: crl.microsoft.com
           Type: A (Host address)
           Class: IN (0x0001)
           Time to live: 7 minutes, 30 seconds
           Data length: 4
           Addr: 131.107.115.28

Prev by Date: Re: [Wireshark-users] Sniffing Windows Update Traffic
Next by Date: [Wireshark-users] Tshark fields output
Previous by thread: Re: [Wireshark-users] Sniffing Windows Update Traffic
Next by thread: [Wireshark-users] Tshark fields output
Index(es):
- Date
- Thread