PaulDotCom mailing list archives
Re: DNS Query capture and analysis
From: allison nixon <elsakoo () gmail com>
Date: Tue, 28 May 2013 11:23:12 -0400
If you are interested in malware related activity, you may not want to limit it to only port 53. You would have to write tcpdump filters around the specific flags that specify DNS traffic On Tue, May 28, 2013 at 10:55 AM, Jon Molesa <rjmolesa () consoltec net> wrote:
To create a pcap that contains only dns lookups tcpdump -vvv -i wan0 -s 0 -l port 53 -w dns-only.pcap. To parse a larger pcap containing other protocols tcpdump -vvv -s 0 -l port 53 -r alltraffic.pcap. On Sun, May 26, 2013 at 9:53 PM, Tim Parker <timparkersec () gmail com>wrote:What's the best way to capture and analyze DNS queries and responses on my LAN? Are there any good tools out there for this? I can run a full capture on the WAN interface, but then what's good for automating the extraction of the DNS traffic? Thanks! _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- Jon Molesa rjmolesa () consoltec net Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer are in the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it out aynawy. ... so please excuse me for every typo in the email above. Reference: https://github.com/Ettercap/ettercap/blob/master/README _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- _________________________________ Note to self: Pillage BEFORE burning.
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Re: DNS Query capture and analysis, (continued)
- Re: DNS Query capture and analysis xgermx (May 27)
- Re: DNS Query capture and analysis craig bowser (May 27)
- Re: DNS Query capture and analysis Robin Wood (May 27)
- Re: DNS Query capture and analysis Harri Sylvander (May 27)
- Re: DNS Query capture and analysis John Bond (May 27)
- Re: DNS Query capture and analysis Ryan B (May 27)
- Re: DNS Query capture and analysis Frank McClain (May 28)
- Re: DNS Query capture and analysis Tim Parker (May 28)
- Re: DNS Query capture and analysis Jon Molesa (May 29)
- Re: DNS Query capture and analysis Ryan B (May 27)
- Re: DNS Query capture and analysis Jon Molesa (May 28)
- Re: DNS Query capture and analysis allison nixon (May 29)
- Re: DNS Query capture and analysis Jon Molesa (May 30)
- Re: DNS Query capture and analysis Liam Randall (Jun 11)
- Re: DNS Query capture and analysis allison nixon (May 29)