[Winpcap-users] Filtering for DNS

31adeelz at niit.edu.pk 31adeelz at niit.edu.pk
Tue Oct 9 04:32:54 GMT 2007 

Hi Prasant !
Why dont you try using "dst port 53". DNS uses port 53 for resolving
host/domain names. One more thing, whether your DNS query will use UDP or
TCP will depend on the size of the name resolving query. So dont restrict
the filter string to either TCP or UDP.

On Sat, October 6, 2007 1:21 pm, Umesh Chandra Sahoo wrote:
> Hi Prasant,
>
>
>
>
> I think u need to check ur filtering string. For protocol filtering
> things you need to mention like "proto Protocol name". I had used this some
> time b4 for tcp filtering things so u can use like as follows
>
>
>
> I used "proto \tcp"
>
>
> So u need to use  "proto \dns"  instead of "dns" only. Another thing you
> need to check what is the pnemonics for dns. Since tcp is a keyword for
> libpcap so we need to give a "\" b4 that. U need to check this for dns.
>
>
>
> Another thing is dns is layer 4 protocol so if the above one is not
> working try with " protochain \dns".
>
>
>
> Below is the link for ur help
>
>
> http://www.winpcap.org/docs/docs_41b/html/group__language.html
>
>
>
>
>
>
> Thanks n Regds
>
>
> Umesh
>
>
> IXIA(leader in performance Network testing domain)
>
>
> Calcutta
>
>
>
>
> ________________________________
>
>
> From: winpcap-users-bounces at winpcap.org
> [mailto:winpcap-users-bounces at winpcap.org] On Behalf Of Prashant Kasal
> Sent: Saturday, October 06, 2007 3:11 AM
> To: winpcap-users at winpcap.org
> Subject: [Winpcap-users] Filtering for DNS
>
>
>
>
> Hi All,
>
>
>
>
> I'm trying to filter the network packets to get DNS information
>
>
>
>
> pcap_compile( adhandle, &fcode, "dns", 1, netmask), but when I executed
> this line I'm getting the return value < 0;
>
> does anybody know how to filter the network packets for DNS?
>
> Any help would greatly appricated.
>
>
>
> --
> Thanks & Regds
> Prashanth Kasal
> Google Inc.,
> 1600, Amphitheater
> parkway, Mountain View, CA-94040
>
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is believed to be clean.
>
> _______________________________________________
> Winpcap-users mailing list
> Winpcap-users at winpcap.org
> https://www.winpcap.org/mailman/listinfo/winpcap-users
>
>



-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

More information about the Winpcap-users mailing list