Help answer threads with 0 replies.
Go Back > Forums > Linux Forums > Linux - Security
User Name
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.


  Search this Thread
Old 02-05-2014, 03:30 PM   #1
LQ Newbie
Registered: Feb 2014
Posts: 1

Rep: Reputation: Disabled
Application to DNS query mapping

Is there any way(application or command) that I can use to find out what application is sending out DNS queries from my computer.
Old 02-06-2014, 08:48 AM   #2
LQ Veteran
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
tcpdump <options> and port 53
or if you're new to the process,
Old 02-06-2014, 01:53 PM   #3
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592Reputation: 3592
iptables -t filter -I OUTPUT 1 -m tcp -p tcp -m conntrack --ctstate NEW --dport 53 -j LOG --log-prefix "DNS_TCP_req "
iptables -t filter -I OUTPUT 2 -m udp -p udp -m conntrack --ctstate NEW --dport 53 -j LOG --log-prefix "DNS_UDP_req "
but do note this and standard system tools will tell you what kind of traffic you're sending but not what application. Should you have the audit service then these two rules* should work:
auditctl -a exit,always -F a0=2 -F a1=2 -S socket -k DNS_UDP_req
auditctl -a exit,always -F a0=2 -F a1=2 -S socket -k DNS_TCP_req

Last edited by unSpawn; 02-06-2014 at 01:55 PM. Reason: //Fix vBB code tags
1 members found this post helpful.
Old 02-06-2014, 07:28 PM   #4
Senior Member
Registered: Jul 2007
Location: Directly above centre of the earth, UK
Distribution: SuSE, plus some hopping
Posts: 4,070

Rep: Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897Reputation: 897
Something which doesn't quite do what you are asking for is 'dnstop'. (Obviously) It is one of the top-style utils that basically does the data-capture-and-slightly-analyse thing, as per tcpdump/wireshark, but specifically set up for DNS packets. Now this may be easier to get to grips with than using, eg, wireshark and setting up filters that home in on the data that you want (not that this would actually be difficult), but it doesn't really give you any more information.

In particular, it doesn't give you much about what sent it, but does help with what happened subsequently. And it would help if you wanted to know something about how frequently packets were being sent. Sorry.


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
Iterative Query DNS and Recursive Query DNS !!!!! jitendra.sharma Linux - Newbie 1 09-05-2013 02:38 AM
forwarding DNS query to another DNS server pedenski Linux - Newbie 6 05-16-2013 08:56 AM
Redirect local DNS query to remote DNS server on non standard port? rock_ya_baby Linux - Server 8 04-13-2010 04:31 AM
mapping application for GPS information deretsigernu Linux - Software 3 09-06-2007 09:03 PM > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 03:32 PM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration