How To Find Domain Name In Wireshark?
Share
Sign Up to our social questions and Answers Engine to ask questions, answer people’s questions, and connect with other people.
Lost your password? Please enter your email address. You will receive a link and will create a new password via email.
Please briefly explain why you feel this question should be reported.
Please briefly explain why you feel this answer should be reported.
Please briefly explain why you feel this user should be reported.
To find the domain name in Wireshark, you will need to look for the DNS (domain name system) traffic. To do this, click on the “Analyze” drop-down menu and select “Follow TCP/UDP Stream”. From the resulting window, select the “DNS” tab. In the “DNS” tab, you will be able to view the domain names associated with the traffic.
1. Select your desired capture interface and press the Start button.
2. Once the capture has begun, search for the domain name by typing it into the Filter field.
3. Look for the first packet in the capture that contains the domain name in the “Info” column.
4. Select that packet, and under the “Protocol” column, look for the DNS protocol.
5. Expand the DNS protocol, and look for the “Queries” section.
6. Under the “Queries” section, the domain name should be displayed.