Open in app

Sign in

Write

Sign in

DNS Monitoring using DNSQuerySniffer

Süleyman Çelik
3 min readNov 1, 2021

--

DNSQuerySniffer is a network sniffer utility that shows the DNS queries sent on your system. For every DNS query, the following information is displayed: Host Name, Port Number, Query ID, Request Type (A, AAAA, NS, MX, and other types), Request Time, Response Time, Duration, Response Code, Number of records, and the content of the returned DNS records. You can easily export the DNS query information to a CSV, tab-delimited, XML, or HTML file, or copy the DNS queries to the clipboard and then paste them into Excel or another spreadsheet application.

The DNSQuerySniffer starts monitoring the network traffic and takes some time to capture the traffic. Leave the window intact. It shows the DNS queries sent on your system along with its complete information such as host name, port number, request time, response time, duration, source address, and destination address, as shown in the screenshot.

  • To view the Source Address and Destination Address columns, scroll to the right side of the window.

-As you can see in the above screenshot, the DNS address is 8.8.8.8.

-In real-time, attackers will use malicious applications like DNSChanger to change the DNS of the target machine. For demonstration purposes, we are changing the DNS of the Windows 10 machine in the Network & Internet settings.

-Right-click on the Network icon in the lower-right corner of Desktop and click Open Network & Internet settings.

-The Network Status window appears. Click Change adapter options under Change your network settings.

-Right-click on the network adapter (here, Ethernet2) and click Properties.

-The Adapter Properties window appears. Select Internet Protocol Version 4 (TCP/IPv4) and click Properties.

-The Internet Protocol Version 4(TCP/IPv4) Properties window appears. Change the Preferred DNS server with the Windows Server 2016 IP address and click OK. IP address is 10.10.10.16.

-Click OK, and then Close the Adapter Properties window.

-Switch to the DNSQuerySniffer window; observe the few recorded logs. Right-click on the log for which DNS has changed and select Properties from the context menu.

-In the Properties window, observe that there is a change in DNS.

-After completion of the task, go to the network settings, change DNS 8.8.8.8 in the Windows 10 machine, and close all applications.

Note: You can also use other DNS monitoring/resolution tools such as DNSstuff (https://www.dnsstuff.com), DNS Lookup Tool (https://www.ultratools.com), or Sonar Lite (https://constellix.com) to perform DNS monitoring.

Dnsquerysniffer
DNS
Monitoring

--

--

Süleyman Çelik
Süleyman Çelik

Written by Süleyman Çelik

38 Followers
22 Following

Network Security Engineer, SOC-Siem Engineer, Cyber Security Researcher, Vulnerability Management Specialist | CEH | CNSS

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams