Which display filter shows only DNS responses?

Study for the Wireshark Block 5 Exam. Prepare with flashcards and multiple choice questions, each offering hints and explanations. Ace your exam with the best resources!

Multiple Choice

Which display filter shows only DNS responses?

Explanation:
Filtering DNS messages to show only responses hinges on the DNS header’s QR bit, which indicates whether a message is a query or a response. In Wireshark this is exposed as dns.flags.response. A value of 1 means the message is a response, while 0 means it’s a query. Therefore, using dns.flags.response == 1 will display only DNS responses. The other options don’t achieve that. dns.flags.response == 0 would select only queries, not responses. dns.type == A looks for DNS resource record type A, which can appear in both queries and responses (in different sections of the message), so it doesn’t isolate responses. dns.flags.query == 1 isn’t the standard filter to identify queries in Wireshark; the established way to distinguish responses is through the response flag.

Filtering DNS messages to show only responses hinges on the DNS header’s QR bit, which indicates whether a message is a query or a response. In Wireshark this is exposed as dns.flags.response. A value of 1 means the message is a response, while 0 means it’s a query. Therefore, using dns.flags.response == 1 will display only DNS responses.

The other options don’t achieve that. dns.flags.response == 0 would select only queries, not responses. dns.type == A looks for DNS resource record type A, which can appear in both queries and responses (in different sections of the message), so it doesn’t isolate responses. dns.flags.query == 1 isn’t the standard filter to identify queries in Wireshark; the established way to distinguish responses is through the response flag.

More Multiple Choice Questions
Subscribe

Get the latest from Passetra

You can unsubscribe at any time. Read our privacy policy