<div dir="ltr"><div class="gmail_default" style="font-size:small">Hello, DNS gurus,</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Does anybody have a good set of tcpdump/tshark capture filters, associated with DNS, already prep-ed for specific fields in the payload (so beyond just the simplistic udp 53 or tcp 53)? </div>
<div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Why am I asking?</div><div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">
- I need to set up traffic captures in various tiers of servers-hosting-applications whose owners cannot tell where the inter-tiers reachability depends (and maybe fails) on FWD or REVERSE lookups. This cannot be done by asking the server or apps folks to use the DNS traditional tools (dig, nslookup, host, etc.) simply because they cannot tell which hostnames or IPs make up the functionality of very complex apps, and have dependency on name resolution (direct or reverse) in order to work</div>
<div class="gmail_default" style="font-size:small">- I would be mostly interested (of course) in DNS packets with no responses</div><div class="gmail_default" style="font-size:small">- I would like to avoid re-inventing the wheel by trying to figure out at which byte offset I would have to start reading a string (is it even possible to identify that, knowing that certain strings are variable in length??), and identify no response, if someone has already figured out such things ;-)</div>
<div class="gmail_default" style="font-size:small"><br></div><div class="gmail_default" style="font-size:small">Thanks in advance for directions or "no way - forget about it"</div><div class="gmail_default" style="font-size:small">
***Stefan</div>
</div>