BigSnarf blog

Infosec FTW

DNS tshark example

Screen Shot 2014-03-13 at 2.41.31 PM

tshark -i en1 -nn -e http://dns.qry.name  -E separator=”;” -T fields port 53

tshark -i en1 -R “dns” -T pdml | tee dns_log.xml

tshark -i en1 -T fields -e ip.src -e ip.dst -e frame.time -e dns.qry.name -Y “dns.flags.response eq 0”

sudo tshark -i en1 -nn -T fields -e ip.src -e ip.dst -e frame.time -e dns.qry.name -Y “dns.flags.response eq 0” >> dns.log

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: