Wireshark · Wireshark-users: Re: [Wireshark-users] are there any ways to filter specific DNS queries

Wireshark-users: Re: [Wireshark-users] are there any ways to filter specific DNS queries

From: Tony Trinh <tony19@xxxxxxxxx>

Date: Wed, 20 Jun 2012 15:32:15 -0400

On Wed, Jun 20, 2012 at 2:07 PM, nangergong <nangergong@xxxxxxxxx> wrote:

thanks, is it possible to specify part of the name?
for example, ntp1-mifd.com
ntp2-mifd.com ......

is is possible to specify these group of names with something like wildcard
*-mifd.com

The <contains> operator should suffice for that pattern:

dns.qry.name contains "-mifd.com"

...but you can also use the <matches> operator for regular-_expression_ matching, as in one of the following examples:

dns.qry.name matches ".*-mifd.com$"

dns.qry.name matches "ntp[12]-mifd.com"

See the wiki for more on display-filter syntax: http://wiki.wireshark.org/DisplayFilters

References:
- [Wireshark-users] are there any ways to filter specific DNS queries
  - From: nangergong
- Re: [Wireshark-users] are there any ways to filter specific DNS queries
  - From: Tim.Poth
- Re: [Wireshark-users] are there any ways to filter specific DNS queries
  - From: nangergong
- Re: [Wireshark-users] are there any ways to filter specific DNS queries
  - From: Erik Hjelmvik
- Re: [Wireshark-users] are there any ways to filter specific DNS queries
  - From: nangergong

Prev by Date: Re: [Wireshark-users] are there any ways to filter specific DNS queries
Next by Date: [Wireshark-users] how to get round trip time and identify FIN-ACK and ACK pairs
Previous by thread: Re: [Wireshark-users] are there any ways to filter specific DNS queries
Next by thread: Re: [Wireshark-users] are there any ways to filter specific DNS queries
Index(es):
- Date
- Thread