Hi, I am currently doing research with Packetbeat for some project. I did realize the DNS was captured in a JSON, msg with Query and Answer. Just wonder is there any configuration that I could have get the result in both msg, JSON instead of one.
Example: JSON:
"method": "QUERY",
"destination": {
"ip": "192.168.205.2",
"port": 53,
"bytes": 45
"type": "dns",
"resource": "youtube.com",
"network": {
"transport": "udp",
"protocol": "dns",
"direction": "outbound",
"community_id": "1:kCntm9yW9MhVnSZn6e3GeKdBpX4=",
"bytes": 74,
"type": "ipv4"
"answers": [
{
"class": "IN",
"ttl": "5",
"data": "172.217.26.78",
"name": "youtube.com",
"type": "A"
}
Example - tcpdump:
11:23:59.711153 IP localhost.localdomain.33822 > gateway.domain: 25727+ A? youtube.com. (29)
11:23:59.712079 IP localhost.localdomain.37646 > gateway.domain: 40721+ PTR? 2.205.168.192.in-addr.arpa. (44)
11:23:59.719206 IP gateway.domain > localhost.localdomain.33822: 25727 4/0/0 A 172.217.194.136, A 172.217.194.93, A 172.217.194.91, A 172.217.194.190 (93)
Question: can we get dns query in one JSON / msg, while the answer in another JSON / msg?
Thank you.
Regards
Kaipeng