Huge thanks to our Platinum Members Endace and LiveAction,
and our Silver Member Veeam, for supporting the Wireshark Foundation and project.
Wireshark logo

Wireshark-users: Re: [Wireshark-users] How to breakdown the dns queries and show total number aga

Date Prev · Date Next · Thread Prev · Thread Next
Date Index · Thread Index · Other Months · All Mailing Lists
From: Jeff Morriss <jeff.morriss.ws@xxxxxxxxx>
Date: Wed, 8 Feb 2017 10:33:24 -0500
As mentioned by Graham yesterday you need to use the "unsubscribe" option at the bottom of each email in order to unsubscribe from this mailing list.

On Wed, Feb 8, 2017 at 9:46 AM, Sherry Herdman <sherry.herdman1@xxxxxxxxx> wrote:
I would like the community to stop contacting me...

On Feb 8, 2017 9:32 AM, "Peter Wu" <peter@xxxxxxxxxxxxx> wrote:
Hi Abdul,

On Wed, Feb 08, 2017 at 10:18:18AM +0400, Abdul Khader wrote:
> Dear All,
> I have DNS capture. I would like to know total DNS queries against each
> domain.
> For example :
> If there are DNS queries for google.com, facebook.com and 1000 other domains
> etc in my capture file, I want to know total queries for against each
> domain.

Using the "tshark" program, you can produce a text file with all names
from DNS queries. Using coreutils tools (sort and uniq), you can then
for obtain a report. For example:

    tshark -r dns.pcapng -Y dns.flags.response==0 -Tfields -e dns.qry.name | sort | uniq -c | sort -n

Note that it happens quite often that two queries are done for each
name, an A and AAAA lookup (for IPv4 and IPv6 addresses respectively).
This can result in larger numbers than you would expect.
--
Kind regards,
Peter Wu
https://lekensteyn.nl
___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

___________________________________________________________________________
Sent via:    Wireshark-users mailing list <wireshark-users@xxxxxxxxxxxxx>
Archives:    https://www.wireshark.org/lists/wireshark-users
Unsubscribe: https://www.wireshark.org/mailman/options/wireshark-users
             mailto:wireshark-users-request@xxxxxxxxxxxxx?subject=unsubscribe

Wireshark logo footer

© Wireshark Foundation · Privacy Policy

Facebook·Mastodon·Twitter·YouTube