Name resolution on DNS queries

asked 2020-03-08 06:24:51 +0000

Hi,

So I have a PCAP file with only DNS queries in them, is there a way where I can use Wireshark to perform name resolution on them? I can see the option 'Edit Preference' -> 'Resolve Name' works fine for the sources that have sent the queries, but the actual query is never resolved by the Wireshark. Am I missing something?

edit retag flag offensive close merge delete

Comments

So what do you mean by "the actual query is never resolved"? Queries don't get resolved, network addresses get resolved; do you mean that this is a PTR query, and Wireshark isn't resolving the IP address being looked up by the query, or an A or AAAA query, and Wireshark isn't resolving the IP address being returned in the response to the query, or something else?

Guy Harris gravatar imageGuy Harris ( 2020-03-08 08:56:46 +0000 )edit