Agenda: dns-tcpdump-wireshark.txt

File dns-tcpdump-wireshark.txt, 974 bytes (added by admin, 7 years ago)
Line 
1Use tcpdump & wireshark to show DNS traffic
2
31. Tcpdump
4
5    Open a NEW connection to your master.grpX machine (log in a second
6    time), so that you can have both windows side-by-side.
7
8    In the new window, run the following command (you must be 'root', that's
9    why we use sudo):
10
11# sudo tcpdump -n -s 1500 udp and port 53
12
13    This shows all packets going in and out of your machine for UDP port 53
14    (DNS).
15   
16    Now go to another window and repeat some of the 'dig' queries from earlier.
17
18    Look at the output of tcpdump, check the source and destination IP address
19    of each packet:
20
21Explanation:
22
23    -n  Prevents tcpdump doing reverse DNS lookups on the packets it receives,
24        which would generate additional (confusing) DNS traffic
25
26    -s 1500 Read the entire packet (otherwise tcpdump only reads 96 bytes)
27
28    udp and port 53
29        A filter which matches only packets to/from UDP port 53
30
312. Tshark, Wireshark
32
33** will be done as a demo **