lost and found ( for me ? )

tshark small tips

collect MX query type DNS requests
# tshark -r foobar.pcap -R "dns.qry.type == MX and dns.flags.response == 0"

collects MX query DNS responses.
# tshark -r foobar.pcap -R "dns.qry.type == MX and dns.flags.response == 1"

A or AAAA query type DNS requests
# tshark -r foobar.pcap -R "dns.qry.type == A or dns.qry.type == AAAA and dns.flags.response == 0"

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.