collect MX query type DNS requests
# tshark -r foobar.pcap -R "dns.qry.type == MX and dns.flags.response == 0"
|
collects MX query DNS responses.
# tshark -r foobar.pcap -R "dns.qry.type == MX and dns.flags.response == 1"
|
A or AAAA query type DNS requests
# tshark -r foobar.pcap -R "dns.qry.type == A or dns.qry.type == AAAA and dns.flags.response == 0"
|