Ask Your Question
0

Export each DNS Host name along with its consumed Traffic

asked 2025-04-19 15:16:51 +0000

justdream gravatar image

Dear Experts,

Kindly could you guide me how to Export each DNS Host name in my PCAP file along with its consumed Traffic Bytes

I have managed to get DNS host name by using below filter dns.qry.name contains "ABC"

But I still don't know how to get the consumed traffic for each DNS

edit retag flag offensive close merge delete
add a comment

1 Answer

Sort by » oldest newest most voted
0

answered 2025-04-20 10:25:05 +0000

André gravatar image

updated 2025-04-20 19:04:48 +0000

Use the Statistics / Endpoints menu in Wireshark and select 'Name resolution'. To export use the button 'Copy' to copy to the clipboard.

Make sure network resolution is enabled in the menu View / Name Resolution and 'Use captured DNS packet data for name resolution' is enabled in the preferences.

The same can be done using tshark:

 tshark -r myfile.pcapng -q -z endpoints,ip

Or list all hostnames:

 tshark -r myfile.pcapng -q -z hosts,ip

To list the names from DNS responses only:

tshark -r myfile.pcapng -T fields -e dns.resp.name -Y dns.resp.name | sort -u

TShark uses the profile 'Default' if not specified using the -C option.
For more options see the online help: https://www.wireshark.org/docs/man-pa...

edit flag offensive delete link more

Comments

Thanks, I'm trying to use tshark to export all DNS Host and their traffic do you know which (indicator name) I can use to get Traffic or total bytes?

justdream gravatar imagejustdream ( 2025-04-20 16:03:50 +0000 )edit

Please next time add a 'comment' instead of "answering" your own question.

André gravatar imageAndré ( 2025-04-20 19:08:54 +0000 )edit

"Answer" moved to a question comment.

grahamb gravatar imagegrahamb ( 2025-04-22 07:33:40 +0000 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2025-04-19 15:16:51 +0000

Seen: 46 times

Last updated: 2 days ago

Related questions

How to capture ethernet traffic?

Why am I not seeing unique traffic

Am I able to use wireshark to observe large (10G) traffic congestion?

How can I extract parameters from pcap

How to identify the facebook traffic in wireshark?

Filtering out normal traffic

How to capture clear text traffic from devices that arent my computer

is the domain from opendns ?

How can I see the traffic of an Android APP?

dns request, response malformed?