Application to DNS query mapping
Is there any way(application or command) that I can use to find out what application is sending out DNS queries from my computer.
|
tcpdump <options> and port 53
or if you're new to the process, http://www.cyberciti.biz/faq/how-to-...p-dns-traffic/ |
...or
Code:
iptables -t filter -I OUTPUT 1 -m tcp -p tcp -m conntrack --ctstate NEW --dport 53 -j LOG --log-prefix "DNS_TCP_req " Code:
auditctl -a exit,always -F a0=2 -F a1=2 -S socket -k DNS_UDP_req |
Something which doesn't quite do what you are asking for is 'dnstop'. (Obviously) It is one of the top-style utils that basically does the data-capture-and-slightly-analyse thing, as per tcpdump/wireshark, but specifically set up for DNS packets. Now this may be easier to get to grips with than using, eg, wireshark and setting up filters that home in on the data that you want (not that this would actually be difficult), but it doesn't really give you any more information.
In particular, it doesn't give you much about what sent it, but does help with what happened subsequently. And it would help if you wanted to know something about how frequently packets were being sent. Sorry. |
All times are GMT -5. The time now is 05:23 PM. |