我是最新的wirehark,并试图写简单的查询。要查看仅从我的电脑发送或由我的电脑收到的dns查询,我尝试以下操作:
I am new to wireshark and trying to write simple queries. To see the dns queries that are only sent from my computer or received by my computer, i tried the following:
dns and ip.addr==159.25.78.7其中159.25.78.7是我的IP地址。看起来我是在做过滤器的结果,但我想确保这一点。那个过滤器是否真的做我想要找到的东西?我怀疑了一点,因为在过滤结果中,我也只看到一个其他协议是ICMP的结果,其信息表示Destination unreachable(Port unreachable)。
where 159.25.78.7 is my ip address. It looks like i did it when i look at the filter results but i wanted to be sure about that. Does that filter really do what i am trying to find out? I doubted a little bit because in the filter results i also see only 1 other result whose protocol is ICMP and its info says "Destination unreachable (Port unreachable)".
可以有人帮我这个吗?
谢谢
推荐答案我会去通过数据包捕获,看看是否有任何我知道的记录,我应该看到验证过滤器是否正常工作并缓解任何疑问。
I would go through the packet capture and see if there are any records that I know I should be seeing to validate that the filter is working properly and to assuage any doubts.
请尝试以下过滤器,看看是否收到您认为应该获得的条目:
That said, please try the following filter and see if you're getting the entries that you think you should be getting:
dns和ip.dst == 159.25.78.7或dns和ip.src == 159.57.78.7
dns and ip.dst==159.25.78.7 or dns and ip.src==159.57.78.7
更多推荐
如何过滤wireshark,只看到我的电脑发送/接收的dns查询?
发布评论