how can I filter DNS request by process #389
Description
I want to filter DNS request by process. I tried
.\netdump.exe "outbound and udp.DstPort == 53 and processId == 8140 " 1000
error: invalid filter "Filter expression contains a bad token for layer"
but it failed. netdump.exe is the sample you provided. why i cannot filter with condition processId? In windivert doc it has such filter condition