DNS traffic

pfe · July 28, 2016, 11:42am

Hello everyone !

Please could you explain to me how can I use Packetbeat to monitor DNS traffic

Thank you
Ragards

andrewkroh · July 28, 2016, 2:59pm

DNS capturing is enabled in the default configuration file. So just follow the Getting Started Guide for Packetbeat and you should be up and running.

pfe · July 28, 2016, 5:57pm

ok thank you for your response, but from where can I capture the traffic and analyze it ?

andrewkroh · July 28, 2016, 7:37pm

Packetbeat listens to the traffic on any one of the computer's network interfaces. So you install it on a server you will only see traffic to and from that server. If you want to see traffic from multiple devices on a network, then a common solution is to configure a port mirror on one of your managed switches or deploy a network tap device and feed that traffic to a free NIC on the server running Packetbeat.

system · August 18, 2016, 11:42am

This topic was automatically closed after 21 days. New replies are no longer allowed.