How to use Packet Capture utility to trace DNS packets.

MVP Expert
MVP Expert
Requirement:

This article describes how to use packet capture utility to capture and display DNS packets, sent and received from the Mobility Controller.



Solution:

In the following example, the Mobility Controller is configured for DNS domain lookup. The CLI “packet-capture controlpath” command, captures packet destined for the managed device for protocols TCP and UDP with port 53.
 



Configuration:

********** DNS configuration/verification **********

 

(Mobility-Controller) *[mynode] (config) #ip domain lookup
(Mobility-Controller) *[mynode] (config) #ip domain-name global.tslabs.hpecorp.net
(Mobility-Controller) *[mynode] (config) #ip name-server 10.252.248.9
(Mobility-Controller) *[mynode] (config) #ip name-server 10.252.248.10

 

(Mobility-Controller) *[mynode] #show ip domain-name
IP domain lookup:       Enabled
IPv6 domain lookup:     Enabled
IP Host.Domain name:    Mobility-Controller.global.tslabs.hpecorp.net

DNS servers
===========
10.252.248.9
10.252.248.10
10.181.253.40 *

 

********** DNS packets destined for the managed device **********

 

(Mobility-Controller) *[mynode] #packet-capture controlpath tcp 53
(Mobility-Controller) *[mynode] #packet-capture controlpath udp 53

 


(Mobility-Controller) *[mynode] #show packet-capture

Active Capture Destination
--------------------------
Destination    Disabled

Active Capture (Controlpath)
----------------------------
Interprocess   Disabled
Sysmsg         Disabled
TCP            Enabled    Ports: 53
UDP            Enabled    Ports: 53
Other          Disabled


Verification

A DNS client (192.168.200.1) made a query for the name support.arubanetworks.com. This query was sent to the name server (10.252.248.9.53) and the response was forwarded to the DNS client.

 

(Mobility-Controller) *[mynode] #show packet-capture controlpath-pcap

14:48:02.704422 IP 192.168.200.1.50961 > 192.168.200.2.53: 21+ A? support.arubanetworks.com. (43)
14:48:02.704620 IP 10.181.243.118.10951 > 10.252.248.9.53: 13618+ A? support.arubanetworks.com. (43)
14:48:02.757313 IP 10.252.248.9.53 > 10.181.243.118.10951: 13618 1/0/0 A 52.8.87.99 (59)
14:48:02.757431 IP 192.168.200.2.53 > 192.168.200.1.50961: 21 1/0/0 A 52.8.87.99 (59)
Version history
Revision #:
2 of 2
Last update:
2 weeks ago
Updated by:
 
Labels (1)
Contributors
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: