views:

172

answers:

3

I want to log the websites visited in a system. So i decided to record the packets send by the system. I am using Jpcap API. I am able to record a lot of packets. Now what i want to do is i want to filter only DNS packets. I think that will be able to log the websites.

I want a way to filter the DNS packets. How can I do it?

A: 

Here it says

You can check the following homepage for more details about filter expression. Designing Capture Filters for Ethereal/Wireshark

Thus, I believe

captor.setFilter("dns", true);

should work

nc3b
its the exception that throws when i tried your solutionException in thread "main" java.io.IOException: Error occurred while compiling or setting filter: syntax error at jpcap.JpcapCaptor.setFilter(Native Method) at test1.JpcapTip.main(JpcapTip.java:25)Java Result: 1
rgksugan
A: 

One uglier approach is to scan on port 53 for UDP. However, previous answer looks cleaner from implementation aspect.

Jack
is the port number the source port or the destination port
rgksugan
Well, as we are sending this packet to well-known port 53 of server. That means, destination port number. PS: You may want to check for TCP and UDP both.
Jack
A: 

i found it easy processing all the packets in port 53 and so i used this filter

udp dst port 53

tanx jack for ur hint

rgksugan