Open rbjorklin opened 5 years ago
I'm in the same boat. It is possible to see the answers in tcpdump
but not in ngrep
. I would like to use ngrep to filter out all the DNS responses which resolve to a certain IP (192.167.178.4 in the example below).
tcpdump for reference
# tcpdump -nnlvi any "udp src port 53 and udp[10] & 0x80 = 128"
13:39:22.189673 eth0 Out IP (tos 0x0, ttl 64, id 35371, offset 0, flags [DF], proto UDP (17), length 71)
192.168.178.2.53 > 192.168.178.21.60634: 2 1/0/0 server.lan. A 192.168.178.4 (43)
I've tried filtering for DNS queries and can't see an IP in the response, what am I doing wrong?