LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Newbie (https://www.linuxquestions.org/questions/linux-newbie-8/)
-   -   tshark regular expression to filter for MX requests? (https://www.linuxquestions.org/questions/linux-newbie-8/tshark-regular-expression-to-filter-for-mx-requests-719366/)

kr0m3 04-15-2009 02:24 PM
tshark regular expression to filter for MX requests?
 
greets~

any regex wiz out there willing to throw me a regular expression that can be used with tshark (or tcpdump or ngrep for that matter) which would filter results and show only DNS MX requests? A standard regular expression would work in any of the aforementioned tools... if I could actually write it correctly.

;)

For the record, in tshark the request would look like this (well, specifically for gmail request anyway):

Code:
49 708.208165  10.0.0.1 -> 10.0.0.2  DNS Standard query MX gmail.com
...and i was trying to write an expression that looked for "MX", case-sensitive (since it will always be upper-case).

I'm going around in circles with this and could really just use a helping hand.
thanks for the interest...peace!
~k

ghostdog74 04-16-2009 06:51 AM
Code:
awk '$(NF-1)=="MX"{print $NF}' file


All times are GMT -5. The time now is 01:50 PM.