Which display filter shows only DNS responses?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which display filter shows only DNS responses?

Explanation:
DNS messages indicate whether they are a query or a response using the QR flag, which Wireshark exposes as dns.flags.response. Filtering on dns.flags.response shows only the DNS messages where the QR bit is set, i.e., the responses. The other filters look at fields that can appear in both queries and responses (such as the domain name, query type like A/AAAA, or the DNS class), so they won’t limit results to just responses.

DNS messages indicate whether they are a query or a response using the QR flag, which Wireshark exposes as dns.flags.response. Filtering on dns.flags.response shows only the DNS messages where the QR bit is set, i.e., the responses. The other filters look at fields that can appear in both queries and responses (such as the domain name, query type like A/AAAA, or the DNS class), so they won’t limit results to just responses.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy