any regex wiz out there willing to throw me a regular expression that can be used with tshark (or tcpdump or ngrep for that matter) which would filter results and show only DNS MX requests? A standard regular expression would work in any of the aforementioned tools... if I could actually write it correctly.
For the record, in tshark the request would look like this (well, specifically for gmail request anyway
49 708.208165 10.0.0.1 -> 10.0.0.2 DNS Standard query MX gmail.com
...and i was trying to write an expression that looked for "MX", case-sensitive (since it will always be upper-case).
I'm going around in circles with this and could really just use a helping hand.
thanks for the interest...peace!