Good afternoon, all! I wonder if Wireshark can do what I want, or if I need to recap and run through another process. Essentially, I need Wireshark to take a packet capture, sort out all DNS and export the packets to a text file that I can use to dedupe and isolate which PTR records are being queried on. Is this something Wireshark can do? Thanks! Gregg asked 20 May '16, 13:59  gregg_hughes |
One Answer:
Wireshark currently doesn't have a mechanism to do tasks of that sort, but you might be able to do it with TShark - use a "read filter" to select only DNS packets with PTR queries and responses, and then use the answered 20 May '16, 14:53  Guy Harris ♦♦ |
