Re: How to breakdown the dns queries and show total number against each domain

[Sherry Herdman <sherry.herdman1 () gmail com>]

I would like the community to stop contacting me...

On Feb 8, 2017 9:32 AM, "Peter Wu" <peter () lekensteyn nl> wrote:

> Hi Abdul,
>
> On Wed, Feb 08, 2017 at 10:18:18AM +0400, Abdul Khader wrote:
> > Dear All,
> > I have DNS capture. I would like to know total DNS queries against each
> > domain.
> > For example :
> > If there are DNS queries for google.com, facebook.com and 1000 other
> domains
> > etc in my capture file, I want to know total queries for against each
> > domain.
>
> Using the "tshark" program, you can produce a text file with all names
> from DNS queries. Using coreutils tools (sort and uniq), you can then
> for obtain a report. For example:
>
>     tshark -r dns.pcapng -Y dns.flags.response==0 -Tfields -e dns.qry.name
> | sort | uniq -c | sort -n
>
> Note that it happens quite often that two queries are done for each
> name, an A and AAAA lookup (for IPv4 and IPv6 addresses respectively).
> This can result in larger numbers than you would expect.
> --
> Kind regards,
> Peter Wu
> https://lekensteyn.nl
> ____________________________________________________________
> _______________
> Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
> Archives:    https://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
>              mailto:wireshark-users-request () wireshark org?subject=
> unsubscribe
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users () wireshark org>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request () wireshark org?subject=unsubscribe