Home page logo
/

pauldotcom logo PaulDotCom mailing list archives

Re: Troubleshooting a DNS server
From: Chris Keladis <ckeladis () gmail com>
Date: Wed, 15 Sep 2010 14:07:19 +1000

On Wed, Sep 15, 2010 at 2:15 AM, James Costello <genesiswave () gmail com> wrote:

Hi James,

I am now using sudo netstat -vpcu >%servername%_%date%_netstat.txt

Yeah - interesting problem, apart from seeing which process made the
request you need something frequently polling to catch it in the act!
:)

You can run TCPView "tcpvcon" via scheduler and output to a CSV and
test that way.

Another (more efficient) Win32 way might be to use an API spy
(something that support filters) and tune a filter around a send()
call and let it run to find the process making the request. You can
tune it to catch any behavior you want in theory.

There are similar mechanisms to do this in the UNIX world.

API Spying might be the better way to go as the DNS request/reply
might be so quick it might escape your capture.

I have a few tools i normally use but am away from the kit at the
moment and their names escape me, but there are a few good open-source
API Spying tools (as well as some commercial ones).

Perhaps other list-members can recommend a few as well.


Hope it helps.


Chris.
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]