The DNS Activity analysis tool was introduced in CloudShark 3.0 and provides a high-level overview of the DNS traffic observed in the capture file. On the top right are links to pre-built bandwidth graphs for queries, responses, and both kinds of traffic.
The tool has 3 tabs providing different pieces of information:
The Summary tab has pie charts showing the number of Queries, Responses, and the Resource Record (RR) types. Queries are divided into slices for each DNS query type. Responses break out by the response rcode, and RR Types shows all the record types from the DNS Responses.
Clicking on any slice of the pie will apply a display filter to your capture file for just those packets.
The Response Stats tab contains information about DNS responses such as response time, a breakdown of responses by server, and a chart showing DNS errors by server. This view is very useful if you are troubleshooting an environment with multiple DNS servers.
The DNS Server Response Time line chart indicates the round-trip time calculated from when the DNS query was sent until the corresponding DNS response was received. Issues with long DNS response times are very easy to identify with this view. Each server is displayed as a separate series and can be toggled on and off by clicking on the legend.
Clicking on a data-point will popup the response frame.
The Query List is a detailed listing of every DNS request and response that was found in the capture file. Each column can be used to sort the entire table. They include:
Clicking on a row will display the Request packet in a popup. Clicking on the Response column will display the response packet instead.