Ask Your Question

How to get all the domains which use DNS query?

asked 2021-11-19 02:54:31 +0000

markleo gravatar image

How to list all the DNS domains?

I have a requirement: check my snapshot, in a duration there have several DNS queries, this link below is one:

Queries: type A, class IN

how to get all the domains of all queries as a list?

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted

answered 2021-11-19 09:27:02 +0000

grahamb gravatar image

This is a classic case for using tshark with the -T fields option. With a display filter set so that only answers are shown:

tshark -r <yourcapture> -Y "dns.count.answers > 0" -T fields -e -e

replacing <yourcapture> with the path to the capture file.

Output looks like this, with first the query, then the answer(s):,,,

Note in this case there were multiple answer records for the query, all comma separated.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower


Asked: 2021-11-19 02:54:31 +0000

Seen: 2,064 times

Last updated: Nov 19 '21