{"id":21,"date":"2017-12-19T16:20:07","date_gmt":"2017-12-19T16:20:07","guid":{"rendered":"https:\/\/hegars83.wordpress.com\/?p=21"},"modified":"2018-06-14T16:57:55","modified_gmt":"2018-06-14T16:57:55","slug":"script-tshark-dns-queries","status":"publish","type":"post","link":"https:\/\/blog.hegars.com\/?p=21","title":{"rendered":"TSHARK DNS queries"},"content":{"rendered":"<p>using tshark to looks at DNS queries over the wire<\/p>\n<p><code>tshark -f \"udp port 53\" -Y \"dns.qry.type == 255 and dns.flags.response == 0\"<\/code><\/p>\n<p>https:\/\/www.ietf.org\/rfc\/rfc1035.txt<\/p>\n<p><code>tshark -f \"udp port 53\" -Y \"dns.qry.type ==1 and dns.flags.response == 0\"<br \/>\ntshark -f \"udp port 53\" -Y \"dns.flags.response == 0\"<br \/>\n<\/code><\/p>\n<p>Capturing on &#8216;enp3s0&#8217;<\/p>\n<p>1 0.000000 192.168.163.13 -&gt; 8.8.8.8 DNS 81 Standard query 0x5599 A hegars.com<br \/>\n3 2.713296 192.168.163.13 -&gt; 8.8.8.8 DNS 83 Standard query 0xdcb9 A safebrowsing.google.com<br \/>\n4 2.713553 192.168.163.13 -&gt; 8.8.8.8 DNS 83 Standard query 0x7857 A safebrowsing.google.com<br \/>\n9 33.052955 192.168.163.13 -&gt; 8.8.8.8 DNS 76 Standard query 0xabef A www.facebook.com<\/p>\n","protected":false},"excerpt":{"rendered":"<p>using tshark to looks at DNS queries over the wire tshark -f &#8220;udp port 53&#8221; -Y &#8220;dns.qry.type == 255 and dns.flags.response == 0&#8221; https:\/\/www.ietf.org\/rfc\/rfc1035.txt tshark -f &#8220;udp port 53&#8221; -Y &#8220;dns.qry.type ==1 and dns.flags.response == 0&#8221; tshark -f &#8220;udp port 53&#8221; -Y &#8220;dns.flags.response == 0&#8221; Capturing on &#8216;enp3s0&#8217; 1 0.000000 192.168.163.13 -&gt; 8.8.8.8 DNS 81 [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"site-container-style":"default","site-container-layout":"default","site-sidebar-layout":"default","disable-article-header":"default","disable-site-header":"default","disable-site-footer":"default","disable-content-area-spacing":"default","footnotes":""},"categories":[3],"tags":[],"_links":{"self":[{"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/posts\/21"}],"collection":[{"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=21"}],"version-history":[{"count":2,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/posts\/21\/revisions"}],"predecessor-version":[{"id":192,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=\/wp\/v2\/posts\/21\/revisions\/192"}],"wp:attachment":[{"href":"https:\/\/blog.hegars.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=21"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=21"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.hegars.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=21"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}