How to apply DNS filter in tcpdump?

I need to find the packet number where Ip of goggle is resolving , for that I need to apply DNS filter how to do that?

You can also find that by searching google in wireshark

I am getting all the protocols in wireshark except DNS why?

try running tcpdump with port number of dns to filter only the required packets

1 Like

@ankyy Are you run tcpdump when ping or traceroute is running?

Make sure your tcpdump is running while you perform ping and traceroute.

  • run ping command
  • In the parallel terminal, run tcpdump.
  • Then perform traceroute while your tcpdump is listening.

This will definitely capture the dns protocols.

The note in the milestone says that the .pcap file should be <=2MB , how to ensure this?

Apply filters… There are tcpdump options and try not to run tcpdump too long

should I apply only the dns filter?

No, applying only dns filter will restrict some packets
And you will not able to complete the milestone

can u specifiy what filters should I apply?

There is a reference link for tcpdump… Just go through examples… I’m sure that’s enough

if I take say first 200 packets will there be any problem

may be you will miss important packets if not applied the filter properly
because tcpdump store large number of packets if not monitored
properly.

If not using any filters, then it may be a problem as this would include packets of other protocols too and the required one might escape the limit.

1 Like

I am filtering my .pcap file by listening to only ports 8081, 8082, 8083 as 8081 listens to connection requests and 8082, 8083 ports establishes connections. But I am not getting any output in the .pcap file as it shows 0 packets received.
If I use “not port 8080” it is storing unnecessary packets and the file is getting too big in size. Same if I use my workspace public IP as “src”.
Any hint what should I do?

check if you are using the correct command for multiple port
see this for reference