Ask Your Question

Revision history [back]

How can I use dumpcap to capture traffic only on port 53?

I have a server set up that runs a continuous capture for one of my branches. My current argument is:

"C:\Program Files\Wireshark\dumpcap.exe" -i 2 -b files:80 -b filesize:512000 -port 53 -w e:\Captures\COL3_VoIP_Capture.pcap

This works great for capturing ALL traffic. However, I want to set it up to only capture DNS queries. I have tried the following, but it doesn't seem to work.

"C:\Program Files\Wireshark\dumpcap.exe" -i 2 -f "port 53" -b files:80 -b filesize:512000 -port 53 -w e:\Captures\COL3_VoIP_Capture.pcap

Any help would be appreciated!

click to hide/show revision 2
None

updated 2018-10-13 14:34:01 +0000

grahamb gravatar image

How can I use dumpcap to capture traffic only on port 53?

I have a server set up that runs a continuous capture for one of my branches. My current argument is: 

"C:\Program Files\Wireshark\dumpcap.exe" -i 2 -b files:80 -b filesize:512000 -port 53 -w e:\Captures\COL3_VoIP_Capture.pcap
e:\Captures\COL3_VoIP_Capture.pcap

This works great for capturing ALL traffic. However, I want to set it up to only capture DNS queries. I have tried the following, but it doesn't seem to work.

"C:\Program Files\Wireshark\dumpcap.exe" -i 2 -f "port 53" -b files:80 -b filesize:512000 -port 53 -w e:\Captures\COL3_VoIP_Capture.pcap
e:\Captures\COL3_VoIP_Capture.pcap

Any help would be appreciated!

Copyright Wireshark Foundation, 2017-2023 Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2