![]() !dns.response_in and = 0 and dns # the lack of a recorded reply (!dns.response_in) combined with only looking for DNS queries ( = 0) that are only UDP port 53 (dns)ĭns.flags.response = 0 # only DNS queriesĭns.flags.response eq 1 # only DNS response queries Port not 53 and not arp #Capture except all ARP and DNS traffic Port 53 #Capture only DNS (port 53) traffic 6 # greater than 600 milisecondsĭns and = "" #filter based on the queried domain name #If retransmits the query to either their secondary or ternary servers, the UDP stream number changes.The transaction ID does not. #Retransmit the query with the same transaction ID to their secondary (or ternary) server ![]() #Retransmit the query with the same transaction ID to their primary server (tcp.srcport = 53)
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |