Wireshark mailing list archives

Re: Question regardingcapturing DNSpackets withtshark

From: Martin Visser <martinvisser99 () gmail com>
Date: Fri, 6 Jul 2012 14:57:08 +1000

The response you received doesn't have *Answers*, because there were none
to give. From the response flags, you didn't ask your DNS server to query
recursively. It doesn't have the actual A record in it's cache, but it is
able to tell you where to find it - look in the Authority and Additional
RRs.

If you had of queried recursively, it may have gone to get the actual
answer.

You can use display filter fields like "dns.count.answers != 0 &&
dns.flags.response == 1"  to find DNS responses that do have answers.

Regards, Martin

MartinVisser99 () gmail com

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe

Current thread:

Question regarding capturing DNS packets with tshark bbrelin (Jul 05)
- Re: Question regarding capturing DNS packets with tshark Stuart Kendrick (Jul 05)
  - Re: Question regarding capturing DNS packets with tshark bbrelin (Jul 05)
    - Re: Question regarding capturing DNS packets withtshark bbrelin (Jul 05)
    - Re: Question regarding capturing DNS packets withtshark Maynard, Chris (Jul 05)
    - Re: Question regarding capturing DNSpackets withtshark bbrelin (Jul 05)
    - Re: Question regarding capturing DNSpackets withtshark Maynard, Chris (Jul 05)
    - Re: Question regardingcapturing DNSpackets withtshark bbrelin (Jul 05)
    - Re: Question regarding capturing DNSpackets withtshark Maynard, Chris (Jul 05)
    - Re: Question regardingcapturing DNSpackets withtshark bbrelin (Jul 05)
    - Re: Question regardingcapturing DNSpackets withtshark Martin Visser (Jul 05)