ALL THAT JAZZĭisplay everything with a new display filter. Wireshark and TShark share a powerful filter engine that helps remove the noise from a packet trace and lets you see only the packets that interest you. You can then find all the TCP stream indexes of all the Yahoo related TCP conversations. You may build a more complex filter using the IP addresses you found to (somewhat) automate this process. You need to find the TCP stream index where the destination IP address matches the IP address from the DNS answer. You can now display all TCP SYN segment with this filter. There are probably a lot of DNS for a site like Yahoo so if you want everything you need to make a note of every IP addresses in the answer field of every DNS packets. Use this display filter to find the DNS queries and answers for the domain:ĭns.qry.name contains "(Deprecated using dns contains after reading Jim's comment.) This function lets you get to the packets that are relevant to your research. You'll need to use display filters to all the information. Wireshark filters reduce the number of packets that you see in the Wireshark data viewer. When you are done close your browser and then stop the capture.
This is how I do it but there are probably other (better?) ways.Ĭapture all traffic when you are browsing to the website.
0 kommentar(er)
