+1-323-909-4740 blog@hegars.com

using tshark to looks at DNS queries over the wire

tshark -f "udp port 53" -Y "dns.qry.type == 255 and dns.flags.response == 0"

https://www.ietf.org/rfc/rfc1035.txt

tshark -f "udp port 53" -Y "dns.qry.type ==1 and dns.flags.response == 0"
tshark -f "udp port 53" -Y "dns.flags.response == 0"

Capturing on ‘enp3s0’

1 0.000000 192.168.163.13 -> 8.8.8.8 DNS 81 Standard query 0x5599 A hegars.com
3 2.713296 192.168.163.13 -> 8.8.8.8 DNS 83 Standard query 0xdcb9 A safebrowsing.google.com
4 2.713553 192.168.163.13 -> 8.8.8.8 DNS 83 Standard query 0x7857 A safebrowsing.google.com
9 33.052955 192.168.163.13 -> 8.8.8.8 DNS 76 Standard query 0xabef A www.facebook.com