Which display filter isolates DNS query names?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which display filter isolates DNS query names?

Explanation:
Isolating the domain being queried in DNS messages comes from filtering on the QNAME field in the DNS Question section. The display filter dns.qry.name points to that domain name—the actual name the client is asking about in a query. So using something like dns.qry.name == www.example.com shows only packets where a DNS query is for that domain. This is different from the other filters: dns.flags.response distinguishes between queries and responses, not the name itself; dns.qry.type selects the type of record requested (A, AAAA, MX, etc.); and dns.qry.class filters by the DNS class (usually IN). The query name filter is the direct way to focus on which domain is being looked up.

Isolating the domain being queried in DNS messages comes from filtering on the QNAME field in the DNS Question section. The display filter dns.qry.name points to that domain name—the actual name the client is asking about in a query. So using something like dns.qry.name == www.example.com shows only packets where a DNS query is for that domain.

This is different from the other filters: dns.flags.response distinguishes between queries and responses, not the name itself; dns.qry.type selects the type of record requested (A, AAAA, MX, etc.); and dns.qry.class filters by the DNS class (usually IN). The query name filter is the direct way to focus on which domain is being looked up.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy