How to catch DNS request using 'netstat' in Unix

domain-name-system netstat aix

I am working in a bank where 'netcat' is not there. I am having problem wherein one DNS server of the two going down is causing impact. In order to troubleshoot, I need to catch the request (incoming and outgoing) from the DNS clients (AIX). How can I do it? Netstat does not do with the options, I used


Netstat almost certainly won't be able to help you.

Netstat displays open sockets and active connections at the moment you execute the program. A DNS request will happen entirely too quickly for you to catch it because it'll be gone and done in less time than it takes to type out the command parameters. Moreover, UDP is stateless, so there isn't an active connection to see to begin with.

What you want instead is tcpdump. This program allows you to record network traffic depending on the parameters you give it.

tcpdump -w dnsrequests.pcap -i any udp and port 53 will capture all UDP traffic on port 53 on all interfaces and save it to the file dnsrequests.pcap. You can then open that file in wireshark and study it at your leisure.


I don't think netstat will let you inspect the actual traffic but tcpdump will if you don't have access to netcat. tcpdump udp port 53 should show you the traffic.

Related

Server rack recommendations
Fast pdf to jpg conversion on Linux wanted [closed]
CentOS 6 + LDAP + NFS. File ownership is stuck on "nobody"
The best laptop for a sysadmin
SSH host identification changes on one wireless network
PHP configure not finding LDAP header libraries [closed]
Is is possible to filter the output of tail?
Silent and scripted install of CPAN and Perl modules?
How can I explain the difference between a domain name and a web host?
Who can eavesdrop on a user's HTTP traffic?
Why is a 19" rackable box only 17" wide?
OSX how to show apache status in terminal?