Find the max value of TTL in DNS Wireshark

Question

I have pcap file which contains many DNS request and responses and i want to find the max value of ttl field from all of these packets for example:

If my pcap packets are the following:

• DNS response ttl 1045
• DNS response ttl 202
• DNS response ttl 45
• DNS response ttl 162
• DNS response ttl 398

I want to find out how to recieve the value 1045 or even the packet itself. It's all new to me so please try to explain carefully.

thanks for the helpers

Answer 1

To find the maximum TTL among packets from your pcap file, you could add a new TTL column and sort by this column.

To do this, you can right click on one of the column's name (e.g., Source), go to Column Preferences..., click the + sign at the bottom of the new window, and complete the new row that appeared with a title and dns.resp.ttl as the Fields option.

If you go back to the main Wireshark window, you should have a new column, which you can use to sort packets.