如何过滤wireshark，只看到我的电脑发送/接收的dns查询？ [英] How to filter wireshark to see only dns queries that are sent/received from/by my computer?

问题描述

我是最新的wirehark，并试图写简单的查询。要查看仅从我的电脑发送或由我的电脑收到的dns查询，我尝试以下操作：

I am new to wireshark and trying to write simple queries. To see the dns queries that are only sent from my computer or received by my computer, i tried the following:

dns and ip.addr==159.25.78.7

其中159.25.78.7是我的IP地址。看起来我是在做过滤器的结果，但我想确保这一点。那个过滤器是否真的做我想要找到的东西？我怀疑了一点，因为在过滤结果中，我也只看到一个其他协议是ICMP的结果，其信息表示Destination unreachable（Port unreachable）。

where 159.25.78.7 is my ip address. It looks like i did it when i look at the filter results but i wanted to be sure about that. Does that filter really do what i am trying to find out? I doubted a little bit because in the filter results i also see only 1 other result whose protocol is ICMP and its info says "Destination unreachable (Port unreachable)".

可以有人帮我这个吗？

谢谢

推荐答案

我会去通过数据包捕获，看看是否有任何我知道的记录，我应该看到验证过滤器是否正常工作并缓解任何疑问。

I would go through the packet capture and see if there are any records that I know I should be seeing to validate that the filter is working properly and to assuage any doubts.

请尝试以下过滤器，看看是否收到您认为应该获得的条目：

That said, please try the following filter and see if you're getting the entries that you think you should be getting:

dns和ip.dst == 159.25.78.7或dns和ip.src == 159.57.78.7

dns and ip.dst==159.25.78.7 or dns and ip.src==159.57.78.7

这篇关于如何过滤wireshark，只看到我的电脑发送/接收的dns查询？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！