Recently I needed to capture some DNS traffic with Wireshark.
Because of a security incident at a client of mine it was important to know for which domain names DNS requests came in the DNS server.

After some investigation I needed to filter the capture based on certain domain names.
But how do you filter on a certain domain name with Wireshark?

The answer is quite simple but harder to find.
Below is the query you can enter in the Wireshark filter.

This filters all DNS queries which contains the part of the domain you specify, such as Microsoft.com.

dns.qry.name contains "microsoft.com"

You can also filter on the exact domain name.

dns.qry.name eq "microsoft.com"


No responses yet

Geef een reactie

Het e-mailadres wordt niet gepubliceerd. Vereiste velden zijn gemarkeerd met *