chenhengqi
commented
2 years ago $ tcpdump -i eth0 udp and port 53Open abhichatur opened 2 years ago
chenhengqi
commented
2 years ago $ tcpdump -i eth0 udp and port 53
abhichatur
commented
2 years ago Thank your for the response, It will just filter all the DNS traffic, without filtering on the basis of MAC address. is there any method so that I can accept and drop DNS query traffic coming from any particular MAC address/addresses.
Thank you.
chenhengqi
commented
2 years ago Please check the -i option.
abhichatur
commented
2 years ago -i option we are using for the interface means for which interface we want to filter traffic. like etho, ens33 etc.
chenhengqi
commented
2 years ago For a specific MAC address, it is assigned to an interface. So you can trace a specific interface instead.
:)
abhichatur
commented
2 years ago ok we can trace traffic it will only show the traffic but how i can block DNS queries for a particular interface/mac address ?
thanks
chenhengqi
commented
2 years ago No idea, maybe you can use iptables/firewall or something like that.
irenge
commented
2 years ago wireshark for gui
chantra
commented
2 years ago https://www.cyberciti.biz/tips/iptables-mac-address-filtering.html for examples on how to do that with iptables, or the XDP route https://blog.nlnetlabs.nl/journeying-into-xdp-part-1-augmenting-dns/
Are there any bcc tools available so that it can filter the DNS queries on the basis of the mac address.
I want to filter the DNS queries using the client's mac address. so is there any tool is available or what library we need for that to work on
Thank You