How to filter ANY dns requests with tshark

domain-name-system pcap tshark

Does anyone know how I might be able to filter DNS requests in tshark which ask for the ANY record?
So far I am able to filter DNS queries with:
tshark -r capture.cap -T fields -e ip.src -e ip.dst -e dns.qry.name -R "dns.flags.response eq 0"
How would I also filter by ANY ?


Solution 1:

You would need to filter queries where the QTYPE is * (also known as ANY) (represented by the integer 255):

In WireShark or NetMon this would be 

"dns.qry.type==255"

So for tshark I assume it would be:

"dns.qry.type eq 255"

You can find the numerical values for all query types in RFC 1035 §3.2.3 "QTYPE Values"

Related

Is there a difference between en_US.utf8 and en_US.UTF-8?
ssmtp won't send cron email
PXE boot with Virtualbox
`psql` expanded mode equivalency for `mysql`
What happens when I delete the first of several AWS EBS snapshots?
Windows Server 2012 R2 Shutdown Event Tracker Details
What causes the error "Could not retrieve catalog from remote server: execution expired" in Puppet
Nginx: Redirect both http and https root to subdirectory
Allow users to log on to computers in a domain
full or incremental backup of large number of files
SSH public key login fails without pattern
High CPU load on Centos with process sync_supers