Ask Your Question
0

Configure Wireshark to use custom dns server port for dns name resolution

asked 2022-07-19 16:42:07 +0000

4k1l gravatar image

updated 2022-07-20 10:07:14 +0000

Hallo everybody, I want to analyse a pcap file (generated by tcpdump) from a server locally using wireshark. I would like to have DNS names instead of Ip adresses and i was wondering if it's possible to configure Wireshark to use an external DNS server.

Under Edit -> Preferences -> Namer Resolution it's possible to add DNS servers, but i didn't figure out how to add also the port number, as my external DNS server doesn't run on port 53.

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by ยป oldest newest most voted
0

answered 2022-07-19 18:05:52 +0000

Jim Aragon gravatar image

The port number is added in a different place from where you added the server IP address. Go to Edit -> Preferences -> Protocols -> DNS. There are two fields for which ports should be recognized as DNS, one for DNS over TCP and the other for DNS over UDP. To specify multiple ports, separate the port numbers with commas.

edit flag offensive delete link more

Comments

@JIM I configured Wireshark as suggested, it's though unable to resolve the DNS names from the DNS server running on localhost. Resolving the DNS name using nslookup is working fine nslookup -vc -port=5353 10.96.0.1 127.0.0.1 1.0.96.10.in-addr.arpa name = kubernetes.default.svc.cluster.local.

4k1l gravatar image4k1l ( 2022-07-20 09:15:20 +0000 )edit

What Jim is talking about is DNS packet dissection. What you are after is DNS name resolution. Those are different things. Wireshark has no option to set the port to use for DNS name resolution.

Jaap gravatar imageJaap ( 2022-07-20 10:01:41 +0000 )edit

Thanks @Jaap! This clarifies why it wasn't working. It would be nice though, to be able to configure the port for dns name resolution.

4k1l gravatar image4k1l ( 2022-07-20 10:05:04 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2022-07-19 16:42:07 +0000

Seen: 807 times

Last updated: Jul 20 '22

Related questions

is the domain from opendns ?

dns request, response malformed?

Malformed DNS response

ARP protocol in Handover

LUA script how to get all IPs from DNS.A (dns answer)

DNSSEC response marked as Malformed

DNS Checksum

DNS amplification attack

Wireshark keeps getting source port incorrect

what filter would display just dns or icmp traffic from 8.8.8.8

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2