How to catch DNS request using 'netstat' in Unix

Solution 1:

Netstat almost certainly won't be able to help you.

Netstat displays open sockets and active connections at the moment you execute the program. A DNS request will happen entirely too quickly for you to catch it because it'll be gone and done in less time than it takes to type out the command parameters. Moreover, UDP is stateless, so there isn't an active connection to see to begin with.

What you want instead is tcpdump. This program allows you to record network traffic depending on the parameters you give it.

tcpdump -w dnsrequests.pcap -i any udp and port 53 will capture all UDP traffic on port 53 on all interfaces and save it to the file dnsrequests.pcap. You can then open that file in wireshark and study it at your leisure.

Solution 2:

I don't think netstat will let you inspect the actual traffic but tcpdump will if you don't have access to netcat. tcpdump udp port 53 should show you the traffic.

Solution 3:

I saw tcpdump mentioned elsewhere here and while it is very suitable for the task some people might prefer to use a graphical application such as Wireshark!