How can you tell if DNS queries are using UDP or TCP?

DNS can ride over either UDP or TCP, both using the same DNS port number 53. By default, most queries travel over UDP, but if a response is larger than UDP allows or a zone transfer is needed, DNS switches to TCP on port 53. In a capture, you identify the transport by looking at the protocol field: UDP or TCP. You can also filter to separate them by port, for example filtering UDP traffic on port 53 shows DNS queries/answers over UDP, while filtering TCP traffic on port 53 shows those DNS messages carried over TCP. If you encounter DNS over TLS or DNS over HTTPS, those use different mechanisms and ports (for example DoT on 853, DoH on 443). The essential idea is that DNS traffic is distinguished by its transport protocol and port, so you can tell which transport is in use by inspecting those fields in the capture.