LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-05-2014, 03:30 PM   #1
walter24
LQ Newbie
 
Registered: Feb 2014
Posts: 1

Rep: Reputation: Disabled
Application to DNS query mapping


Is there any way(application or command) that I can use to find out what application is sending out DNS queries from my computer.
 
Old 02-06-2014, 08:48 AM   #2
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
tcpdump <options> and port 53
or if you're new to the process, http://www.cyberciti.biz/faq/how-to-...p-dns-traffic/
 
Old 02-06-2014, 01:53 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592
...or
Code:
iptables -t filter -I OUTPUT 1 -m tcp -p tcp -m conntrack --ctstate NEW --dport 53 -j LOG --log-prefix "DNS_TCP_req "
iptables -t filter -I OUTPUT 2 -m udp -p udp -m conntrack --ctstate NEW --dport 53 -j LOG --log-prefix "DNS_UDP_req "
but do note this and standard system tools will tell you what kind of traffic you're sending but not what application. Should you have the audit service then these two rules* should work:
Code:
auditctl -a exit,always -F a0=2 -F a1=2 -S socket -k DNS_UDP_req
auditctl -a exit,always -F a0=2 -F a1=2 -S socket -k DNS_TCP_req

Last edited by unSpawn; 02-06-2014 at 01:55 PM. Reason: //Fix vBB code tags
 
1 members found this post helpful.
Old 02-06-2014, 07:28 PM   #4
salasi
Senior Member
 
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897
Something which doesn't quite do what you are asking for is 'dnstop'. (Obviously) It is one of the top-style utils that basically does the data-capture-and-slightly-analyse thing, as per tcpdump/wireshark, but specifically set up for DNS packets. Now this may be easier to get to grips with than using, eg, wireshark and setting up filters that home in on the data that you want (not that this would actually be difficult), but it doesn't really give you any more information.

In particular, it doesn't give you much about what sent it, but does help with what happened subsequently. And it would help if you wanted to know something about how frequently packets were being sent. Sorry.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Iterative Query DNS and Recursive Query DNS !!!!! jitendra.sharma Linux - Newbie 1 09-05-2013 02:38 AM
forwarding DNS query to another DNS server pedenski Linux - Newbie 6 05-16-2013 08:56 AM
Redirect local DNS query to remote DNS server on non standard port? rock_ya_baby Linux - Server 8 04-13-2010 04:31 AM
mapping application for GPS information deretsigernu Linux - Software 3 09-06-2007 09:03 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:32 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration