First time here? Check out the FAQ!
THIS IS A TEST INSTANCE. Feel free to ask and answer questions, but take care to avoid triggering too many notifications.
Ask Your Question
0

capture is not showing all dns traffic

  • retag add tags

Recently new to wireshark, so I clear my host cache and perform a capture on my wifi interface then I go to explore.org on a web browser and thenn I go back to wireshark to stop the capture, I filter my search to dns but it does not show the dns with information for explore.org webpage. Why is this not showing is there something I'm not catching, my capture is showing a bunch of doh-01.spectrum.com responses.

siles018@yahoo.com's avatar
1
[email protected]
asked 2024-06-21 09:57:49 +0000
edit flag offensive 0 remove flag close merge delete

Comments

The DNS requests may be encrypted: DNS over TLS vs. DNS over HTTPS | Secure DNS

Chuckc's avatar Chuckc (2024-06-21 11:46:39 +0000) edit
more
  • delete

is there anything that can be done to allow the requests to be shown in the capture?

siles018@yahoo.com's avatar [email protected] (2024-06-21 14:47:47 +0000) edit
more
  • delete

Try using neverssl.com instead

Jaap's avatar Jaap (2024-06-21 17:14:17 +0000) edit
more
  • delete

Please update the question with output of wireshark -v or Help->About Wireshark:Wireshark.
Also include the same type of information (which program, version, ...?) for the browser you're testing with.

Chuckc's avatar Chuckc (2024-06-22 17:00:08 +0000) edit
more
  • delete
add a comment see more comments

1 Answer

0

I clear my host cache

Did you clear your browser cache or your DNS cache? You might want to clear both

I filter my search to dns but it does not show the dns with information for explore.org webpage

Does it show other DNS requests and responses? Please try a site you never visited before. If there is no DNS request visible for that site, then your browser is most likely using DoT or DoH as @Chuckc suggested (the doh in doh-01.spectrum.com kind of hints into that direction too).

You might want to look at the (DNS) configuration of your OS and Browser to see if it is doing DoH. Change it to normal DNS if you want to capture and see the DNS requests and responses.

SYN-bit's avatar
18.5k
SYN-bit
answered 2024-06-23 10:16:44 +0000
edit flag offensive 0 remove flag delete link
more

Comments

add a comment see more comments

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account. This space is reserved only for answers. If you would like to engage in a discussion, please instead post a comment under the question or an answer that you would like to discuss.

Add Answer