tshark regular expression to filter for MX requests?
greets~
any regex wiz out there willing to throw me a regular expression that can be used with tshark (or tcpdump or ngrep for that matter) which would filter results and show only DNS MX requests? A standard regular expression would work in any of the aforementioned tools... if I could actually write it correctly. ;) For the record, in tshark the request would look like this (well, specifically for gmail request anyway): Code:
49 708.208165 10.0.0.1 -> 10.0.0.2 DNS Standard query MX gmail.com I'm going around in circles with this and could really just use a helping hand. thanks for the interest...peace! ~k |
Code:
awk '$(NF-1)=="MX"{print $NF}' file |
All times are GMT -5. The time now is 01:50 PM. |