Hello,
maybe something like this??
dns && (dns && (!ip==<mydns1> || !ip==<mydns2> || .. || !ip==<mydnsN>) )
I have not tried it yet (is night here :-) )
StockTrader - Marco
On 9 Nov 2011, at 23:25, Matthew wrote:
> Hello,
>
> I have already posted this to
> http://ask.wireshark.org/questions/7339/parse-incoming-dns-but-do-not-query-dns-server
> but know it is probably more likely to get answered on here:
>
> I have a packet capture from my LAN that contains a DNS query (wireless)
> and response (192.168.0.7).
>
> When I copy it to another network and turn on name resolution it
> attempts to ask the DNS server for the host name of the IP (192.168.0.7)
> of the traffic... then gives up because the DNS server doesn't have it,
> /but/ then notices that there is a DNS packet in the file already and
> uses the results of that. The HTTP session is then showing a destination
> of "wireless".
>
> Turning off host name resolution shows only connections to 192.168.0.7
>
> How can I make Wireshark (or tshark) look at the DNS in the file and see
> if it resolves the IP addresses to hostnames but *not* have it issue
> queries to the DNS server of my machine which take a while to time out
> and slow the loading of files down?
>
> Basically I want to do a filter on "ip.host == wireless" which the trace
> contains the DNS request and response to (and it works if I leave name
> resolution enabled even on a different network) but I want to cut out
> querying my DNS servers (which turning on name resolution does).
>
> Thanks for your time,
> Matthew
>
>
> ___________________________________________________________________________
> Sent via: Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
> mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe
