How to parse incoming DNS responses but do not query DNS server

[Matthew <matthew1471 () matthew1471 co uk>]

Hello,

I have already posted this to
http://ask.wireshark.org/questions/7339/parse-incoming-dns-but-do-not-query-dns-server
but know it is probably more likely to get answered on here:

I have a packet capture from my LAN that contains a DNS query (wireless)
and response (192.168.0.7).

When I copy it to another network and turn on name resolution it
attempts to ask the DNS server for the host name of the IP (192.168.0.7)
of the traffic... then gives up because the DNS server doesn't have it,
/but/ then notices that there is a DNS packet in the file already and
uses the results of that. The HTTP session is then showing a destination
of "wireless".

Turning off host name resolution shows only connections to 192.168.0.7

How can I make Wireshark (or tshark) look at the DNS in the file and see
if it resolves the IP addresses to hostnames but *not* have it issue
queries to the DNS server of my machine which take a while to time out
and slow the loading of files down?

Basically I want to do a filter on "ip.host == wireless" which the trace
contains the DNS request and response to (and it works if I leave name
resolution enabled even on a different network) but I want to cut out
querying my DNS servers (which turning on name resolution does).

Thanks for your time,
Matthew


___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe