How to catch DNS request using 'netstat' in Unix

I am working in a bank where 'netcat' is not there. I am having problem wherein one DNS server of the two going down is causing impact. In order to troubleshoot, I need to catch the request (incoming and outgoing) from the DNS clients (AIX). How can I do it? Netstat does not do with the options, I used


Netstat almost certainly won't be able to help you.

Netstat displays open sockets and active connections at the moment you execute the program. A DNS request will happen entirely too quickly for you to catch it because it'll be gone and done in less time than it takes to type out the command parameters. Moreover, UDP is stateless, so there isn't an active connection to see to begin with.

What you want instead is tcpdump. This program allows you to record network traffic depending on the parameters you give it.

tcpdump -w dnsrequests.pcap -i any udp and port 53 will capture all UDP traffic on port 53 on all interfaces and save it to the file dnsrequests.pcap. You can then open that file in wireshark and study it at your leisure.


I don't think netstat will let you inspect the actual traffic but tcpdump will if you don't have access to netcat. tcpdump udp port 53 should show you the traffic.