Mac OS X Linux Tech

Debugging Mac OS X DNS – tcpdump

Need to debug a slow Internet connection in OS X? Or simply have a desire to watch incoming and outgoing DNS (domain name service) queries in Leopard? Then tcpdump is your friend.

Open a terminal window and use the following command:

sudo tcpdump -i en1 -s 128 port 53

-i Sets which interface to listen to. en1 for me is the AirPort wifi card. en0 would be the ethernet card.
-s sets the number of bytes to “sniff” or “snarf” per call that goes through this interface. 128 gives us a bit better coverage than the default 68 bytes. If you find that tcpdump requests are showing up simply as [|domain], that means that the request is longer than 68 bytes and is truncated. To prevent truncation, increase -s.
port 53 is simply the network port for DNS communcation

Learn more about tcpdump at developer.apple.com

Posted

in

by

ben

Tags:

, , ,

Comments

2 responses to “Debugging Mac OS X DNS – tcpdump”

  1. Slow Internet with Leopard | Mac OS X Leopard & Tiger Dual Boot

    […] the Network window open as is and open up a Terminal window. We’re going to be using the tcpdump program to listen to DNS traffic between your computer and your DNS […]

    Reply
  2. 1.0.0.127.dnsbugtest. 1.0.0.127.in-addr-arpa | Mac OS X Leopard & Tiger Dual Boot

    […] evening while randomly working on articles for Installing Cats, I was watching DNS requests from tcpdump running in a terminal window and noticed something quite odd: a DNS request every three seconds for […]

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *