3

I want to log the websites visited in a system. So i decided to record the packets send by the system. I am using Jpcap API. I am able to record a lot of packets. Now what i want to do is i want to filter only DNS packets. I think that will be able to log the websites.

I want a way to filter the DNS packets. How can I do it?

Simon Nickerson
  • 42,159
  • 20
  • 102
  • 127
rgksugan
  • 3,521
  • 12
  • 45
  • 53

3 Answers3

2

One uglier approach is to scan on port 53 for UDP. However, previous answer looks cleaner from implementation aspect.

Jack
  • 1,398
  • 3
  • 16
  • 26
  • is the port number the source port or the destination port – rgksugan Apr 27 '10 at 06:13
  • 2
    Well, as we are sending this packet to well-known port 53 of server. That means, destination port number. PS: You may want to check for TCP and UDP both. – Jack Apr 27 '10 at 10:45
0

Here it says

You can check the following homepage for more details about filter expression. Designing Capture Filters for Ethereal/Wireshark

Thus, I believe 

captor.setFilter("dns", true);

should work

nc3b
  • 15,562
  • 5
  • 51
  • 63
  • its the exception that throws when i tried your solution Exception in thread "main" java.io.IOException: Error occurred while compiling or setting filter: syntax error at jpcap.JpcapCaptor.setFilter(Native Method) at test1.JpcapTip.main(JpcapTip.java:25) Java Result: 1 – rgksugan Apr 27 '10 at 06:12
-1

i found it easy processing all the packets in port 53 and so i used this filter

udp dst port 53

tanx jack for ur hint

rgksugan
  • 3,521
  • 12
  • 45
  • 53