First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

Configure Wireshark to use custom dns server port for dns name resolution

  • retag add tags

Hallo everybody, I want to analyse a pcap file (generated by tcpdump) from a server locally using wireshark. I would like to have DNS names instead of Ip adresses and i was wondering if it's possible to configure Wireshark to use an external DNS server.

Under Edit -> Preferences -> Namer Resolution it's possible to add DNS servers, but i didn't figure out how to add also the port number, as my external DNS server doesn't run on port 53.

4k1l's avatar
1
4k1l
asked 2022-07-19 16:42:07 +0000, updated 2022-07-20 10:07:14 +0000
edit flag offensive 0 remove flag close merge delete

Comments

add a comment see more comments

1 Answer

0

The port number is added in a different place from where you added the server IP address. Go to Edit -> Preferences -> Protocols -> DNS. There are two fields for which ports should be recognized as DNS, one for DNS over TCP and the other for DNS over UDP. To specify multiple ports, separate the port numbers with commas.

Jim Aragon's avatar
7.5k
Jim Aragon
answered 2022-07-19 18:05:52 +0000
edit flag offensive 0 remove flag delete link
more

Comments

@JIM I configured Wireshark as suggested, it's though unable to resolve the DNS names from the DNS server running on localhost. Resolving the DNS name using nslookup is working fine nslookup -vc -port=5353 10.96.0.1 127.0.0.1 1.0.96.10.in-addr.arpa name = kubernetes.default.svc.cluster.local.

4k1l's avatar 4k1l (2022-07-20 09:15:20 +0000) edit
more
  • delete

What Jim is talking about is DNS packet dissection. What you are after is DNS name resolution. Those are different things. Wireshark has no option to set the port to use for DNS name resolution.

Jaap's avatar Jaap (2022-07-20 10:01:41 +0000) edit
more
  • delete

Thanks @Jaap! This clarifies why it wasn't working. It would be nice though, to be able to configure the port for dns name resolution.

4k1l's avatar 4k1l (2022-07-20 10:05:04 +0000) edit
more
  • delete
add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer