如何过滤wireshark以仅查看从我的计算机发送/接收的DNS查询? [英] How to filter wireshark to see only dns queries that are sent/received from/by my computer?

问题描述

我是wireshark的新手，正在尝试编写简单的查询.要查看仅从我的计算机发送或由我的计算机接收的 dns 查询，我尝试了以下操作:

I am new to wireshark and trying to write simple queries. To see the dns queries that are only sent from my computer or received by my computer, i tried the following:

dns and ip.addr==159.25.78.7

其中 159.25.78.7 是我的 IP 地址.当我查看过滤器结果时，看起来我做到了，但我想确定这一点.那个过滤器真的能做我想要找出的东西吗?我有点怀疑，因为在过滤器结果中，我也只看到其他 1 个结果，其协议是 ICMP，其信息显示目标无法访问(端口无法访问)".

where 159.25.78.7 is my ip address. It looks like i did it when i look at the filter results but i wanted to be sure about that. Does that filter really do what i am trying to find out? I doubted a little bit because in the filter results i also see only 1 other result whose protocol is ICMP and its info says "Destination unreachable (Port unreachable)".

谁能帮我解决这个问题?

Can anyone help me with this?

谢谢

推荐答案

我会检查数据包捕获并查看是否有任何我知道我应该查看的记录以验证过滤器是否正常工作并缓解任何疑问.

I would go through the packet capture and see if there are any records that I know I should be seeing to validate that the filter is working properly and to assuage any doubts.

也就是说，请尝试以下过滤器，看看您是否获得了您认为应该获得的条目:

That said, please try the following filter and see if you're getting the entries that you think you should be getting:

dns and (ip.dst==159.25.78.7 or ip.src==159.57.78.7)

此过滤器将仅显示来自 159.57.78.7 或到 159.25.78.7 的 DNS 流量.

This filter will show only DNS traffic from 159.57.78.7 or to 159.25.78.7.

这篇关于如何过滤wireshark以仅查看从我的计算机发送/接收的DNS查询?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！