CloudShark Support

Analyze DNS Activity

The DNS Activity analysis tool was introduced in CloudShark 3.0 and provides a high-level overview of the DNS traffic observed in the capture file. On the top right are links to pre-built bandwidth graphs for queries, responses, and both kinds of traffic.

The tool has 3 tabs providing different pieces of information:

DNS Summary

The Summary tab has pie charts showing the number of Queries, Responses, and the Resource Record (RR) types. Queries are divided into slices for each DNS query type. Responses break out by the response rcode, and RR Types shows all the record types from the DNS Responses.

Clicking on any slice of the pie will apply a display filter to your capture file for just those packets.

Response Stats

The Response Stats tab contains information about DNS responses such as response time, a breakdown of responses by server, and a chart showing DNS errors by server. This view is very useful if you are troubleshooting an environment with multiple DNS servers.

The DNS Server Response Time line chart indicates the round-trip time calculated from when the DNS query was sent until the corresponding DNS response was received. Issues with long DNS response times are very easy to identify with this view. Each server is displayed as a separate series and can be toggled on and off by clicking on the legend.

Clicking on a data-point will popup the response frame.

Query List

The Query List is a detailed listing of every DNS request and response that was found in the capture file. Each column can be used to sort the entire table. They include:

  • Frame (request)
  • Client (source address of the request)
  • Type
  • Full Query
  • Domain
  • DNS Server (source address of the response)
  • Response (frame number)
  • Response Types
  • # of answers
  • Response Time (in seconds)
  • Error

Clicking on a row will display the Request packet in a popup. Clicking on the Response column will display the response packet instead.

About CloudShark

CloudShark is made by QA Cafe, a technology company based in Portsmouth, NH. Our passion for packet captures has grown out of our other product CDRouter.

Get in touch via our Contact us page or by following us on your favorite service: