 | 1 | initial version |
Use the Statistics / Endpoints menu in Wireshark and select 'Name resolution'. To export use the button 'Copy' to copy to the clipboard.
Make sure network resolution is enabled in the menu View / Name Resolution and 'Use captured DNS packet data for name resolution' is enabled in the preferences.
| | 2 | No.2 Revision |
Use the Statistics / Endpoints menu in Wireshark and select 'Name resolution'. To export use the button 'Copy' to copy to the clipboard.
Make sure network resolution is enabled in the menu View / Name Resolution and 'Use captured DNS packet data for name resolution' is enabled in the preferences.
The same can be done using tshark:
tshark -r myfile.pcapng -q -z endpoints,ip
Or list all hostnames:
tshark -r myfile.pcapng -q -z hosts,ip
To list the names from DNS responses only:
tshark -r myfile.pcapng -T fields -e dns.resp.name -Y dns.resp.name | sort -u
TShark uses the profile 'Default' if not specified using the -C option.
For more options see the online help: https://www.wireshark.org/docs/man-pages/tshark.html