Hello, I'd need to inspect the requests to internet addresses that a given host sends for reasoning about pbr policies. Is there a way to get a distinct list of such requests?
use tcpdump ?
1 Like
It could be an option. Just wondering if it were something baked into OpenWrt.
depends on what you need, specifically.
I need a list of Internet hostnames and possibile IPs that a LAN host requests during a time span.
you could enable logging in dnsmasq, that will get you the host names, but you also have to make sure your client(s) use your DNS.
Probably not, it relies on external DNS servers. So I guess that I'd rather use tcpdump this way:
tcpdump -i br-lan src host <host_ip> and port 53
shouldn't be a showstopper, unless the client uses DoT or DoH, simply forward the dnsmasq traffic to the same upstream DNS servers.
1 Like
With the iptables and mod-tee you used to be able to forward everything a specific client sends/receives to another client on your LAN (a computer running wireshark app) and monitor traffic with the wireshark app. I even wrote a service/luci app helping you set things up.
I haven't had a need to use it since the transition to nft tho, so it's completely untested.
You can still follow up on this idea and look up how to achieve the same with nft (without the extra package/luci app).
This topic was automatically closed 10 days after the last reply. New replies are no longer allowed.