DNS Analysis Using Wireshark

When you get to the task of digging into packets to determine why something is slow, learning how to use a network analysis tool effectively is critical. I’ve been using and training network analysts how to use Wireshark for more than 10 years, and enjoy sharing tips and tricks to make your life easier.

As a protocol analyst, you should be aware of the protocols your applications use. This includes more than the usual ones like IPv4, IPv6, TCP, TCP, and HTTP.  You must also consider additional protocols your application depends on for proper operation.

For example, Domain Name System (DNS) is one of those name resolution protocols we all take for granted. For example, we type www.networkcomputing.com into our address bar and the webpage simply appears. When clients report poor internet response times, you should verify that DNS is operating efficiently. In short, if the name takes too long to resolve, the webpage will take longer to compose.

In the video below, I use a trace file with DNS packets show you how to filter for a specific DNS transaction as well as how to add response time values as a column.

Either technique can help document current performance metrics or aid in seeing patterns within DNS. They also can be used in security investigations to determine abnormal DNS behavior, a problem that's been making headlines lately.