Good point.
On Tue, May 28, 2013 at 11:23 AM, allison nixon <[email protected]> wrote: > If you are interested in malware related activity, you may not want to > limit it to only port 53. You would have to write tcpdump filters around > the specific flags that specify DNS traffic > > > On Tue, May 28, 2013 at 10:55 AM, Jon Molesa <[email protected]>wrote: > >> To create a pcap that contains only dns lookups tcpdump -vvv -i wan0 -s 0 >> -l port 53 -w dns-only.pcap. >> >> To parse a larger pcap containing other protocols tcpdump -vvv -s 0 -l >> port 53 -r alltraffic.pcap. >> >> >> On Sun, May 26, 2013 at 9:53 PM, Tim Parker <[email protected]>wrote: >> >>> What's the best way to capture and analyze DNS queries and responses on >>> my LAN? Are there any good tools out there for this? I can run a full >>> capture on the WAN interface, but then what's good for automating the >>> extraction of the DNS traffic? >>> >>> Thanks! >>> >>> _______________________________________________ >>> Pauldotcom mailing list >>> [email protected] >>> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >>> Main Web Site: http://pauldotcom.com >>> >> >> >> >> -- >> Jon Molesa >> [email protected] >> >> Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in >> waht >> oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the >> frist >> and lsat ltteer are in the rghit pclae. The rset can be a toatl mses and >> you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed >> ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it >> out aynawy. >> >> ... so please excuse me for every typo in the email above. >> >> Reference: https://github.com/Ettercap/ettercap/blob/master/README >> >> _______________________________________________ >> Pauldotcom mailing list >> [email protected] >> http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom >> Main Web Site: http://pauldotcom.com >> > > > > -- > _________________________________ > Note to self: Pillage BEFORE burning. > _______________________________________________ > Pauldotcom mailing list > [email protected] > http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom > Main Web Site: http://pauldotcom.com > -- Jon Molesa [email protected] Aoccdrnig to rscheearch at an Elingsh uinervtisy, it deosn't mttaer in waht oredr the ltteers in a wrod are, the olny iprmoetnt tihng is taht the frist and lsat ltteer are in the rghit pclae. The rset can be a toatl mses and you can sitll raed it wouthit a porbelm. Tihs is bcuseae we do not raed ervey lteter by it slef but the wrod as a wlohe and the biran fguiers it out aynawy. ... so please excuse me for every typo in the email above. Reference: https://github.com/Ettercap/ettercap/blob/master/README
_______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
