I'm new to security and was working on a problem where I need to figure out the external DNS used to resolve names to IP. I can filter how to look for dns traffic but how do I figure out the external DNS used to resolve addresses?
Wireshark pcap file - figuring out external dns
562 Views Asked by zerose At
1
There are 1 best solutions below
Related Questions in SECURITY
- Can MVC.NET prevent SQL-injection at razor or controller level?
- Forgotten password reset page: should the user need to enter a username/email as well?
- Dynamic roles list in CustomAuthorize ASP MVC
- Access roles from multiple applications
- How to Fix TLS CBC Incorrect Padding Abuse Vulnerability on Windows 2003 Server
- Evernote Web Clipper and Content Security Policy
- Invalidate user credentials when password changes
- Spring Boot MVC non-role based security
- Correct Captcha behaviour on error
- Is macro more secure than static const if I don't want someone to know or change the hardcode value?
- In Android, ensuring only pre-decided users can only use the app
- Authenticating plain text passwords against md5 hash in DB using Apache Shiro
- Symfony2 - handle HTTP/Entity user access restrictions
- Client side computation without exposing code?
- searchable row level encryption using java?
Related Questions in DNS
- Configured TTL for A record(s) backing CNAME records
- Redirecting subdomain to directory on Azure
- SPF and DKIM records for Mandrill on DigitalOcean
- How to convert hostname to DNS name?
- Could someone bring Google OAuth2 for Cloud DNS via Rest to light?
- Spoof Captive Portal Screen on an iOS Device using DNS
- DNS_PROBE_FINISHED_NXDOMAIN on Google App Engine website
- How to check if a redirect leads to a different domain
- IP address to Domain Name? DNS?
- error CS1729: The type `ARSoft.Tools.Net.Dns.DnsServer' does not contain a constructor that takes `4' arguments
- Windows, Apache, Acrylic DNS, and wildcard subdomains
- How to configure DNS for microsoft odbc driver for oracle (in 64 bit arch.)
- How to use one time domain name in android?
- logstash dns filter miss
- Redirect website to another website if blocked in particular region
Related Questions in WIRESHARK
- Bulletproof HTTP Monitor for iOS
- Bytes Accessor in Wireshark in c
- HttpWebRequest timing out, but no packets leaving client
- wireshark - install stable and development builds in OS X
- Why Kryonet sending Object take too much network space?
- Find the SYN and ACK flags from the TCP Packets By TCPDUMP
- Wireshark Capture Filter - IPv4 and IPv6
- Receive UDP broadcast packets across subnetworks the way wireshark can do it
- Wireshark / Fiddler not displaying traffic through C# Webclient when using proxy
- Unable to get accurate results from Browserlocation API with curl
- Bridging ethernet traffic between two interfaces (USB-CDC ECM and Ethernet) using an mbed LPC1768
- How the pcap_next_ex() method is filling the pcp_pkthdr structure passing as input at driver level?
- Wireshark dissector that works with tls/ssl
- Decrypt SSL no client certificate in Wireshark Tutorial
- Unrelated packets in TCP communication capturing results
Related Questions in PCAP
- pcap to Avro on Hadoop
- Merging two pcap files with libpcap
- pcap_dispatch() always returns 0 on Mac OSX for wifi interface
- pcap file viewing library in python 3
- Writing pcap packets into a structure with libpcap
- Querying Interfaces to find device with libpcap
- Capture RRC Messages using Libpcap on android
- OSI Layers on local host
- How the pcap_next_ex() method is filling the pcp_pkthdr structure passing as input at driver level?
- Winpcap - pcap_next_ex vs pcap_loop
- Export raw packet bytes in tshark, tcpdump, or similar?
- Mergecap not working
- Parse pcap files to sip message in c++
- Use IP or TCP packet length to analyze how much data transferred
- access all packets from Pcap file
Related Questions in TSHARK
- Export raw packet bytes in tshark, tcpdump, or similar?
- Mergecap not working
- 2-pass filter in Wireshark/tshark
- Cannot locate the init.lua file
- wireshark capture sip traffic and save an XML file with a specific format
- Can't get wireshark -R working in unix shell
- Error while executing python code
- Tshark how to decode rtp.pt
- using tshark with variable in python
- tshark extract fields with their string representation
- Wireshark pcap file - figuring out external dns
- tshark: extract rtp payload of the codec G.723
- Resolving protocol names in custom tshark display filter
- Using subprocess to call a tshark command
- How do I use tshark to print request-response pairs from a pcap file?
Trending Questions
- UIImageView Frame Doesn't Reflect Constraints
- Is it possible to use adb commands to click on a view by finding its ID?
- How to create a new web character symbol recognizable by html/javascript?
- Why isn't my CSS3 animation smooth in Google Chrome (but very smooth on other browsers)?
- Heap Gives Page Fault
- Connect ffmpeg to Visual Studio 2008
- Both Object- and ValueAnimator jumps when Duration is set above API LvL 24
- How to avoid default initialization of objects in std::vector?
- second argument of the command line arguments in a format other than char** argv or char* argv[]
- How to improve efficiency of algorithm which generates next lexicographic permutation?
- Navigating to the another actvity app getting crash in android
- How to read the particular message format in android and store in sqlite database?
- Resetting inventory status after order is cancelled
- Efficiently compute powers of X in SSE/AVX
- Insert into an external database using ajax and php : POST 500 (Internal Server Error)
Popular Questions
- How do I undo the most recent local commits in Git?
- How can I remove a specific item from an array in JavaScript?
- How do I delete a Git branch locally and remotely?
- Find all files containing a specific text (string) on Linux?
- How do I revert a Git repository to a previous commit?
- How do I create an HTML button that acts like a link?
- How do I check out a remote Git branch?
- How do I force "git pull" to overwrite local files?
- How do I list all files of a directory?
- How to check whether a string contains a substring in JavaScript?
- How do I redirect to another webpage?
- How can I iterate over rows in a Pandas DataFrame?
- How do I convert a String to an int in Java?
- Does Python have a string 'contains' substring method?
- How do I check if a string contains a specific word?
There can be several DNS resolvers used. If you know they all listen on standard port UDP/53, you can simply retrieve the destination IP addresses:
The above will give you the list of destination IP addresses for UDP/53 packets. In my case, I have a local resolver (
127.0.0.1) which only calls the above resolver (192.168.1.13) for records that are not cached. Thus, most requests only go to the local resolver (31 out of 34).It's also fairly common for DNS resolvers to listen on TCP/53. You can use the following command to select these requests as well:
You can also apply filter packets while capturing, to avoid saving unnecessary packets: