ANNOUNCEMENT: Live Wireshark University & Allegro Packets online APAC Wireshark Training Session
April 17th, 2024 | 14:30-16:00 SGT (UTC+8) | Online
Wireshark logo

Wireshark-dev: Re: [Wireshark-dev] Getting destination IP

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Andrej Mikus <wireshark-dev@xxxxxxxx>
Date: Tue, 20 Mar 2007 13:17:54 +0100
Is your question somehow related to development of Wireshark?
I am afraid you are not asking at the best place.

Purpose of Wireshark is to analyze packets. The command mentioned below
gives brief display of the data. If you do not need all that info,
consider using other commands to process it further. Good candidate
would be cut.

I am not sure what you mean by DNS proxy. I would assume it is some kind
of application that will be listening for requests on udp port 53.
There should be system calls available to get the address info needed.

Hope this helps
Andrej

On Tue, 20.Mar.07 20:34:09 +0900, sara vanan wrote:
> Hi,
> 
> I am doing a DNS proxy for IPV6. For this I have to get the destination
> IP(DNS Sever IP stored  in the client PC.
> I am trying to use Wireshark source code for getting the desdtination IP.
> 
> for example
> 
> client IP -> 192.168.16.67        DNS ( destination IP)  -> 192.168.16.106
> 
> By using the Wireshark GUI  I use DNS filter  and it displays
> 
> source IP                   destination IP
> 192.168.16.67            192.168.16.106                  Request
> <http://192.168.16.106/>
> 
> then
> 192.168.16.106           192.168.16.67
> Response<http://192.168.16.67/>
> 
> 
> And in LINUX  when I am executing  with the  command
> 
> /home/saravanan/ethereal- 0.99.0/tethereal -c 10 port 53
> 
> 
> [root@hestia ethereal-0.99.0 ]# /home/saravanan/ethereal-0.99.0/tethereal -c
> 5 port 53
> Capturing on eth0
>  0.000000 192.168.16.67 -> 192.168.16.106 DNS Standard query A
> www.samedi.org
>  0.004528 192.168.16.106 -> 206.51.233.130 DNS Standard query A
> www.samedi.org
>  0.177348 206.51.233.130 -> 192.168.16.106 DNS Standard query response A
> 206.51.233.130
>  0.178324 192.168.16.106 -> 192.168.16.67 DNS Standard query response
> A 206.51.233.130
> 
>  6.968992 192.168.16.67 -> 192.168.16.106 DNS Standard query A
> statse.webtrendslive.com
>  6.970539 192.168.16.106 -> 220.73.220.4 DNS Standard query A
> statse.webtrends.akadns.net
>  7.028039 220.73.220.4 -> 192.168.16.106 DNS Standard query response A
> 63.236.111.50
> 
> 
> it displays (www.google.co.in) URL link IP.
> 
> Instead of this I want to filter only the source IP and destination IP.
> For this what kind of filters should I use.
> 
> Kindly help me regarding this.
> 
> 
> Thanks
> Saravanan

> _______________________________________________
> Wireshark-dev mailing list
> Wireshark-dev@xxxxxxxxxxxxx
> http://www.wireshark.org/mailman/listinfo/wireshark-dev
Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube