Skip to content

Instantly share code, notes, and snippets.

Last active Mar 2, 2017
What would you like to do?
A Bash script to call tcpdump for DNS traffic capture.
# Note: Do not run this script as root. You know better than that. Allow the standard user under which it runs the ability to execute /usr/sbin/tcpdump.
# Example: setcap 'CAP_NET_RAW+eip CAP_NET_ADMIN+eip' /usr/sbin/dumpcap
/usr/sbin/tcpdump -i [INTERFACE] -s0 -G 300 -w '/capture/dns_%Y-%m-%d_%H:%M:%S.pcap' 'port 53'
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment