|
Packet filter to watch DNS packets SUMMARY: This packet filter will show all DNS (Domain Name Service) packets arriving at or passing through the Portmaster (TM). This tool is useful in debugging DNS problems since it will show a user's or host's DNS queries destined for the DNS server and will show the ip address of the DNS server being accessed. If you see your secondary DNS server being accessed too often this can be an indication that DNS on the primary DNS server is having problems. The PortMaster itself will use DNS for translating ip addresses into hostnames and for administrative programs like telnet, rlogin, ping and traceroute. DNS runs on udp port 53 for DNS queries and responses. DNS zone transfers run on tcp port 53. Command> add filter dns New Filter successfully added Command> set filter dns 1 permit udp src eq 53 Command> set filter dns 2 permit udp dst eq 53 Command> set filter dns 3 permit tcp src eq 53 Command> set filter dns 4 permit tcp dst eq 53 To turn on ... Command> set console Setting CONSOLE to admin session Command> ptrace dns ext Packet Tracing Enabled # Example ptrace output of DNS packets UDP from 192.168.1.2.53 to 192.168.1.3.1025 UDP from 192.168.1.2.53 to 192.168.1.3.1025 UDP from 192.168.1.2.53 to 192.168.1.154.1238 UDP from 10.41.69.222.1330 to 192.168.1.2.53 UDP from 192.168.1.2.53 to 10.41.69.222.1330 UDP from 192.168.1.137.1097 to 192.168.1.2.53 UDP from 192.168.1.2.53 to 204.192.168.1.137.1097 UDP from 192.168.1.137.1102 to 192.168.1.2.53 UDP from 192.168.1.2.53 to 192.168.1.137.1102 To turn off... Command> ptrace Packet Tracing Disabled Command> reset console Console RESET |