collect MX query type DNS requests
# tshark -r foobar.pcap -R "dns.qry.type == MX and dns.flags.response == 0"
|
collects MX query DNS responses.
# tshark -r foobar.pcap -R "dns.qry.type == MX and dns.flags.response == 1"
|
A or AAAA query type DNS requests
# tshark -r foobar.pcap -R "dns.qry.type == A or dns.qry.type == AAAA and dns.flags.response == 0"
|
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.