LEDE / OpenWRT sniff DNS traffic

log into router via ssh

opkg update
opkg install tcpdump
tcpdump -i eth1 -l -vvv dst port 53

save dump

tcpdump -i eth1 -l -vvv dst port 53 >> /tmp/dns.dump
grep -E 'A\?' /tmp/dns.dump  |sed -e 's/^.*A? //' -e 's/ .*//'|sort -u

live dns view

tcpdump -lvi any "udp port 53" 2>/dev/null | grep -E 'A\?' | awk '{print $(NF-1)}'

Leave a Reply

Your email address will not be published.

This site uses Akismet to reduce spam. Learn how your comment data is processed.