PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS Query capture and analysis

From: Jon Molesa <rjmolesa () consoltec net>
Date: Tue, 28 May 2013 10:55:26 -0400
To create a pcap that contains only dns lookups tcpdump -vvv -i wan0 -s 0
-l port 53 -w dns-only.pcap.

To parse a larger pcap containing other protocols tcpdump -vvv -s 0 -l port
53 -r alltraffic.pcap.


On Sun, May 26, 2013 at 9:53 PM, Tim Parker <timparkersec () gmail com> wrote:


What's the best way to capture and analyze DNS queries and responses on my
LAN?  Are there any good tools out there for this?  I can run a full
capture on the WAN interface, but then what's good for automating the
extraction of the DNS traffic?

Thanks!

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com





-- 
Jon Molesa
rjmolesa () consoltec net

Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht
oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist
and lsat ltteer are in the rghit pclae. The rset can be a toatl mses  and
you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed
ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it
out aynawy.

... so please excuse me for every typo in the email above.

Reference: https://github.com/Ettercap/ettercap/blob/master/README

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: