|Main Archive Page > Month Archives > wireshark-users archives|
Thanks you for all of your help. I believe I found the solution:
tshark -o column.format:'"Time", "%Yt", "Source", "%s", "No.", "%m",
"Info", "%i", "ID", "%Cus:dns.id"' port 53
On 07/20/2011 11:09 AM, Jaap Keuter wrote:
> On Wed, 20 Jul 2011 09:52:42 -0400, Eric Howard wrote:
>> Hi. I love the functionality that wireshark gives me. I am trying to
>> log DNS transactions. The stand text display gives me most of what I
>> want. For example:
>> [root@myserv~]# tshark -tad port 53
>> Running as user "root" and group "root". This could be dangerous.
>> Capturing on eth0
>> 2011-07-20 09:46:46.971987 220.127.116.11 -> 18.104.22.168 DNS Standard
>> query A www.yahoo.com 
>> 2011-07-20 09:46:46.972226 22.214.171.124 -> 126.96.36.199 DNS Standard
>> query response CNAME fp.wg1.b.yahoo.com CNAME any-fp.wa1.b.yahoo.com A
>> 188.8.131.52 A 184.108.40.206
>> However, I want to somehow capture queries and responses into a database
>> base and need a way to associate the query and response data. In the
>> above example I get a CNAME result but need to also record the fact the
>> original request was for 'www.yahoo.com ' I believe that "dns.id"
>> would allow me to associate the query and response. Is there an easy
>> way to modify the standard output to append this single field or do I
>> have to write an extremely complicated fields directive to create the
>> standard output with the additional field?
>> Thanks for your help!
>> -- Eric --
> Have a look at custom columns. You can show there (almost) anything.
> Sent via: Wireshark-users mailing list <firstname.lastname@example.org>
> Archives: http://www.wireshark.org/lists/wireshark-users
> Unsubscribe: https://wireshark.org/mailman/options/wireshark-users
Sent via: Wireshark-users mailing list <email@example.com>