How can I find http or https requests without a corresponding dns request?

asked 2018-02-15 18:24:13 +0000

Betty DuBois gravatar image

updated 2018-02-15 21:33:22 +0000

sindy gravatar image

I can find the packets for the requests, ssl.handshake.extensions_server_name or or dns. But how do I find ones where the dns isn't there (cache)?

Is this going to have to be a lua script?

Is it possible to run tshark with filters and produce output in the pcap file that will allow me to map a dns query to a response?

nerdman224 gravatar imagenerdman224 ( 2018-02-28 20:04:54 +0000 )edit