Re: are there any ways to filter specific DNS queries

[Tony Trinh <tony19 () gmail com>]

On Wed, Jun 20, 2012 at 2:07 PM, nangergong <nangergong () gmail com> wrote:

> thanks, is it possible to specify part of the name?
> for example, ntp1-mifd.com
>                    ntp2-mifd.com ......
>
> is is possible to specify these group of names with something like wildcard
> *-mifd.com
The <contains> operator should suffice for that pattern:

    dns.qry.name contains "-mifd.com"

...but you can also use the <matches> operator for regular-expression
matching, as in one of the following examples:

    dns.qry.name matches ".*-mifd.com$"
    dns.qry.name matches "ntp[12]-mifd.com"


See the wiki for more on display-filter syntax:
http://wiki.wireshark.org/DisplayFilters

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    http://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe