How can I find http or https requests without a corresponding dns request?

cache
dns
retag add tags

I can find the packets for the requests, ssl.handshake.extensions_server_name or http.host or dns. But how do I find ones where the dns isn't there (cache)?

Is this going to have to be a lua script?

Betty DuBois

asked 2018-02-15 18:24:13 +0000

6.2k

sindy

updated 2018-02-15 21:33:22 +0000

edit flag offensive 0 remove flag close merge delete

Comments

Is it possible to run tshark with filters and produce output in the pcap file that will allow me to map a dns query to a response?

nerdman224 (2018-02-28 20:04:54 +0000) edit

add a comment see more comments

Be the first one to answer this question!

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

How can I find http or https requests without a corresponding dns request? edit

Comments

Be the first one to answer this question!

How can I find http or https requests without a corresponding dns request?