The "= 1" ensures that only dns packets with a response flag are displayed.Īfter using that filter, 90 packets were displayed.Ĥ. To get more specific packets, the dns filter has some options that can be chained together with it:ĭns.flags.response = 1 - This filter checks through the over 200 dns packets, to determine which packets have a response flag in them. I’m now close to getting the dns query responses captured. In this case, the word dns prompts me to check if there’s a dns display filter. It’s prudent to highlight that, I use key words in the questions to determine which filter I would use. How many DNS query response packets were captured?
However, only 8.8.4.4 received the request and replied successfully.ģ. Knowing this, I specified the icmp display filter that showed all the ICMP requests and responses.įrom the displayed packets above, 8.8.8.8 & 8.8.4.4 were pinged twice.
What is the IP address of the host that was pinged twice? Using the two protocols I specify a filter to get the protocol used over port 3942.Ģ. I discover that there are two main protocols( tcp & udp) in the conversation. I start by looking at the Statistics of the PCAP. What can PCAP files help us discover? Let’s find out.ġ. I have two files that I’m required to do an analysis on, and thereafter, answer some questions. I’d recommend you read that first, to farmiliarize yourself with some terms and concepts. This piece is a sequel to Wireshark Filters & PCAP File Analysis.
0 kommentar(er)
