How to track network requests of a program in linux (catch DNS leaks)?

K

kizijo2019-05-05 15:22:03

linux

kizijo, 2019-05-05 15:22:03

Good afternoon.
Some programs in my Debian are configured to work through a SOCKS5 proxy.
How can I find out from which address they are doing DNS queries (also through a proxy or directly)?
Thanks in advance.
UPD.
Wireshark was installed and tried to find requests on port 53 through it, but it was empty there. I will clarify that I have two network interfaces: wlp60s0 and tun0 (VPN).
Judging by wireshark:
All traffic on wlp60s0 goes from 192.168... to the VPN server and back.
On the tun0 interface, there are already a bunch of different addresses in dest and src, but there are also no requests for port 53 at all. Used a filterudp.port == 53 || tcp.port == 53

Reply

Answer the question

In order to leave comments, you need to log in

4 answer(s)

B

brar, 2019-05-05
@kizijo

tcpdump -i wlp60s0 udp port 53 > dns_wifi.txt
Go and poke into your programs that work for you through socks5.
Stop tcpdump.
And study the dns.txt file
tcpdump -i tun0 udp port 53 > dns_tun0.txt

R

Ronald McDonald, 2019-05-05
@Zoominger

Through Wireshark, see what IP requests are coming from on port 53.

D

Damir Konkov, 2019-05-05
@d4mk0f

Install wireshark
If IP_ADDRESS_DNS_OR_PROXY is equal to the address of your proxy server - it turns out that traffic is walking through the proxy. If the address of the DNS server appears there, the traffic goes directly.

F

fara_ib, 2019-05-05
@fara_ib

What vpn do you have? If you add openvpn to the block-outside-dns configuration file and everything will go through your vpn on the other end and that's it :)