Wireshark

  • Riverbed Technology
  • WinPcap
the world's foremost network protocol analyzer
  • Wireshark
    • About
    • Download
    • Blog
  • Get Help
    • Ask a Question
    • FAQs
    • Documentation
    • Mailing Lists
    • Online Tools
    • Wiki
    • Bug Tracker
  • Develop
    • Get Involved
    • Developer's Guide
    • Browse the Code
    • Latest Builds

Wireshark-users: Re: [Wireshark-users] DNS traffic - newbie question

Date Index Thread Index Other Months All Mailing Lists
Date Prev Date Next Thread Prev Thread Next


From: Stephen Fisher <stephentfisher@xxxxxxxxx>
Date: Mon, 11 Dec 2006 11:48:32 -0800

On Mon, Dec 11, 2006 at 11:33:14AM -0800, Scott Parkis wrote:

> I am looking at my capture. My machine is connected via a swith to the 
> LAN. I have a ton of standard queries coming from my machine going out 
> to the LAN. Not sure why, I am not making the DNS request. It does go 
> to my internal DNS servers. But half of the machines are on the LAN 
> and the other half do not exist.
> 
> What is it that I am seeing here. Thanks,

You're probably seeing DNS requests from Wireshark.  By default, it 
does a DNS lookup on every IP address it sees in the capture that you're 
doing.  This can be disabled under the View -> Name Resolution menu by 
unchecking "Enable for Network Layer."


Steve
  • Follow-Ups:
    • Re: [Wireshark-users] DNS traffic - newbie question
      • From: Hans Nilsson
  • References:
    • [Wireshark-users] DNS traffic - newbie question
      • From: Scott Parkis
  • Prev by Date: Re: [Wireshark-users] DNS traffic - newbie question
  • Next by Date: Re: [Wireshark-users] DNS traffic - newbie question
  • Previous by thread: Re: [Wireshark-users] DNS traffic - newbie question
  • Next by thread: Re: [Wireshark-users] DNS traffic - newbie question
  • Index(es):
    • Date
    • Thread

Wireshark and the "fin" logo are registered trademarks of the Wireshark Foundation