Wireshark http and dns lac
| Column #0 | Column #1 | Column #2 | Column #3 | Column #4 | Column #5 | Column #6 | Column #7 | Column #8 | Column #9 | Column #10 | Column #11 | Column #12 Press ^C after 60 seconds or more to see resultsĬolumn #0: COUNT() and =AĬolumn #1: COUNT() and =AAAAĬolumn #2: COUNT() and =CNAMEĬolumn #3: COUNT() and =MXĬolumn #4: COUNT() and =NSĬolumn #5: COUNT() and =PTRĬolumn #6: COUNT() and =SOAĬolumn #7: COUNT() and =SRVĬolumn #8: COUNT() and =TXTĬolumn #9: COUNT() and =AXFRĬolumn #10: COUNT() and =IXFRĬolumn #11: COUNT() and =0Ĭolumn #12: COUNT() and !=0 Tshark -i eth0 -qz "io,stat,60,COUNT() and =A,COUNT() and =AAAA,COUNT() and =CNAME,COUNT() and =MX,COUNT() and =NS,COUNT() and =PTR,COUNT() and =SOA,COUNT() and =SRV,COUNT() and =TXT,COUNT() and =AXFR,COUNT() and =IXFR,COUNT() and =0,COUNT() and !=0" dst port 53 and dst host 10.100.5.5 Note this query shows ingress and egress DNS traffic, so you'll see DNS queries/responses that were sent to the server where you are running shark as well as queries/responses that originated on the server where tshark is running.
#WIRESHARK HTTP AND DNS LAC CODE#
Number of Unsuccessful queries, which are those where the response code was non-zero ( rcode!=0)Ī complete listing of rcodes can be found at.Number of Successful queries, which are those where the response code was zero ( rcode=0).Number of IXFR (incremental zone transfers) ….Number of AXFR (complete zone transfers) ….Number of AAAA (IPv6) queries in the last minute.Number of A (IPv4) queries in the last minute.If you run a DNS server, you may want to quickly see what types of queries are coming into the server as well as the response codes. TShark 1.2.15, Oracle Enterprise Linux 6.5Īs part of a series on Wireshark, this is the first of many tips on using this versatile network tool.