Menu
I want to filter my pcap file by their domains. I mean, I want to see the packets comes on a website ends with ".com", ".org" or ".net".
I tried: dns contains "com", ip.src_host == com, ip.src_host == com, http contains "com". None of them worked correctly.
530
DNS filtering defined DNS filtering or DNS blocking describes a cybersecurity measure used to stop internet users from accessing unapproved websites on a server. Organizations use DNS blocking to secure their environment against phishing attacks and other cyberthreats.
From Setup, in the Quick Find box, enter Email Domain Filters , and then select Email Domain Filters. Select Create Email Domain Filter. Configure these settings. Restricts the email relay to send emails based on the listed sender domains.
Assuming it's http web traffic, try http.host contains ".com"
Better yet, try http.host matches "\.com$"
Neither one will require DNS resolution since they search on the web host.
From http://wiki.wireshark.org/DisplayFilters
The matches operator makes it possible to search for text in string fields
and byte sequences using a regular expression, using Perl regular expression
syntax. Note: Wireshark needs to be built with libpcre in order to be able to
use the matches operator.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
