Jump to content
TorGuard
  • 0
Sign in to follow this  
19807409

HowTo - Check your ports/interfaces and what is going on with your ISP (with tcpdump, openwrt)

Rate this question

Question

19807409

Check DNS requests guide

(webarchive)

 

In previous guide, I described how to get rid of your ISP or any other service (even TorGuard itself) hijacking your DNS (webarchive)

In this topic I will show how you simply can find out what exactly is going on with port 53 which is default DNS port. 

 

Requierments

 

 

  • tcpdump
    (If you do not have tcpdump installed, here is how to install)
    # Update your software repository
    opkg update
    
    # install tcpdump
    opkg install tcpdump

 

 

 

HowTo/Wiki/Links

 

 

 

Please read about tcpdump usage and how to on github, I will show here one exampe where I do check DNS requests on tun0 which is my openvpn tunnel connected to TorGuard. You can filter the command from the codebox below, but for simplicity, here it is:

# tcpdump -vvv -i YOURINTERFACE port PORTNUMBER
# Please lookup here for explanation of other options
#  - https://github.com/the-tcpdump-group/tcpdump
tcpdump -vvv -i tun0 port 53

Logfile of test dump
(it is long, that is why I'll put it into spoiler, for better overview)

 

This is example of port 53 (DNS requests) when starting a stream on netflix US :ph34r: :
(it will run until you stop it, you can do it by pressing CTRL+C on your keyboard)

 

 

Using username "root".


BusyBox v1.24.2 () built-in shell (ash)

  _______                     ________        __
 |       |.-----.-----.-----.|  |  |  |.----.|  |_
 |   -   ||  _  |  -__|     ||  |  |  ||   _||   _|
 |_______||   __|_____|__|__||________||__|  |____|
          |__| W I R E L E S S   F R E E D O M
 -----------------------------------------------------
 DESIGNATED DRIVER (Bleeding Edge, 50039)
 -----------------------------------------------------
  * 2 oz. Orange Juice         Combine all juices in a
  * 2 oz. Pineapple Juice      tall glass filled with
  * 2 oz. Grapefruit Juice     ice, stir well.
  * 2 oz. Cranberry Juice
 -----------------------------------------------------
[email protected]<script data-cfhash='f9e31' type="text/javascript">/*  */</script>:~# tcpdump -vvv -i tun0 port 53
tcpdump: listening on tun0, link-type RAW (Raw IP), capture size 65535 bytes
05:40:20.383789 IP (tos 0x0, ttl 64, id 14954, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.25006 > secured.torguard.org.53: [udp sum ok] 38042+ A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. (61)
05:40:20.383907 IP (tos 0x0, ttl 64, id 53449, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.25006 > secured1.torguard.org.53: [udp sum ok] 38042+ A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. (61)
05:40:20.384011 IP (tos 0x0, ttl 64, id 56585, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.25006 > dns.usa1.torguard.net.53: [udp sum ok] 38042+ A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. (61)
05:40:20.384113 IP (tos 0x0, ttl 64, id 37387, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.25006 > dns.usa2.torguard.net.53: [udp sum ok] 38042+ A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. (61)
05:40:20.384213 IP (tos 0x0, ttl 64, id 39926, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.25006 > c.resolvers.level3.net.53: [udp sum ok] 38042+ A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. (61)
05:40:20.384313 IP (tos 0x0, ttl 64, id 27114, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.25006 > b.resolvers.Level3.net.53: [udp sum ok] 38042+ A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. (61)
05:40:20.384387 IP (tos 0x0, ttl 64, id 14955, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.25006 > secured.torguard.org.53: [udp sum ok] 38042+ A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. (61)
05:40:20.384452 IP (tos 0x0, ttl 64, id 53450, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.25006 > secured1.torguard.org.53: [udp sum ok] 38042+ A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. (61)
05:40:20.384519 IP (tos 0x0, ttl 64, id 56586, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.25006 > dns.usa1.torguard.net.53: [udp sum ok] 38042+ A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. (61)
05:40:20.384582 IP (tos 0x0, ttl 64, id 37388, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.25006 > dns.usa2.torguard.net.53: [udp sum ok] 38042+ A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. (61)
05:40:20.384646 IP (tos 0x0, ttl 64, id 39927, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.25006 > c.resolvers.level3.net.53: [udp sum ok] 38042+ A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. (61)
05:40:20.384711 IP (tos 0x0, ttl 64, id 27115, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.25006 > b.resolvers.Level3.net.53: [udp sum ok] 38042+ A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. (61)
05:40:20.529645 IP (tos 0x0, ttl 64, id 59789, offset 0, flags [none], proto UDP (17), length 529)
    secured.torguard.org.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)
05:40:20.530549 IP (tos 0x0, ttl 64, id 59790, offset 0, flags [none], proto UDP (17), length 529)
    secured1.torguard.org.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)
05:40:20.530903 IP (tos 0x0, ttl 64, id 59791, offset 0, flags [none], proto UDP (17), length 529)
    dns.usa1.torguard.net.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)
05:40:20.532148 IP (tos 0x0, ttl 64, id 59792, offset 0, flags [none], proto UDP (17), length 529)
    dns.usa2.torguard.net.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)
05:40:20.535589 IP (tos 0x0, ttl 64, id 59793, offset 0, flags [none], proto UDP (17), length 529)
    c.resolvers.level3.net.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)
05:40:20.544815 IP (tos 0x0, ttl 64, id 59794, offset 0, flags [none], proto UDP (17), length 529)
    b.resolvers.Level3.net.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)
05:40:20.546269 IP (tos 0x0, ttl 64, id 59795, offset 0, flags [none], proto UDP (17), length 529)
    secured.torguard.org.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)
05:40:20.546741 IP (tos 0x0, ttl 64, id 59796, offset 0, flags [none], proto UDP (17), length 529)
    secured1.torguard.org.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)
05:40:20.547089 IP (tos 0x0, ttl 64, id 59797, offset 0, flags [none], proto UDP (17), length 529)
    dns.usa1.torguard.net.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)
05:40:20.547445 IP (tos 0x0, ttl 64, id 59798, offset 0, flags [none], proto UDP (17), length 529)
    dns.usa2.torguard.net.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)
05:40:20.547798 IP (tos 0x0, ttl 64, id 59799, offset 0, flags [none], proto UDP (17), length 529)
    c.resolvers.level3.net.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)
05:40:20.548149 IP (tos 0x0, ttl 64, id 59800, offset 0, flags [none], proto UDP (17), length 529)
    b.resolvers.Level3.net.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)
05:40:23.763420 IP (tos 0x0, ttl 64, id 15089, offset 0, flags [DF], proto UDP (17), length 89)
    10.35.0.6.57931 > secured.torguard.org.53: [udp sum ok] 25197+ A? ipv4_1-lagg0-c151.1.ord001.ix.nflxvideo.net. (61)
05:40:23.913530 IP (tos 0x0, ttl 64, id 59801, offset 0, flags [none], proto UDP (17), length 529)
    secured.torguard.org.53 > 10.35.0.6.57931: [udp sum ok] 25197 q: A? ipv4_1-lagg0-c151.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c151.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.181 ns: ix.nflxvideo.net. [3h48m2s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m2s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m2s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m2s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m2s] NS ns1.p30.dynect.net., ix.nflxvideo.net. [3h48m2s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m2s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m2s] NS ns4.p30.dynect.net. ar: pdns154.ultradns.com. [1d19h29m22s] A 156.154.64.154, pdns154.ultradns.com. [16h59m24s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m7s] A 208.78.71.30, pdns154.ultradns.org. [15h27m11s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m7s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m7s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m2s] A 156.154.65.154, pdns154.ultradns.net. [2h55m52s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m11s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m7s] A 208.78.70.30 (501)
^C
26 packets captured
26 packets received by filter
0 packets dropped by kernel
[email protected]/*  */:~# 

 

 

 

Results

Here we received 26 packets and now we have clear DNS requests overview. What did we find? Let's take one line out of this log, this as example:

05:40:20.548149 IP (tos 0x0, ttl 64, id 59800, offset 0, flags [none], proto UDP (17), length 529)
    b.resolvers.Level3.net.53 > 10.35.0.6.25006: [udp sum ok] 38042 q: A? ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. 1/8/10 ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net. [1h] A 108.175.38.188 ns: ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.com., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.net., ix.nflxvideo.net. [3h48m5s] NS ns2.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns3.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.biz., ix.nflxvideo.net. [3h48m5s] NS pdns154.ultradns.org., ix.nflxvideo.net. [3h48m5s] NS ns4.p30.dynect.net., ix.nflxvideo.net. [3h48m5s] NS ns1.p30.dynect.net. ar: pdns154.ultradns.com. [1d19h29m25s] A 156.154.64.154, pdns154.ultradns.com. [16h59m27s] AAAA 2001:502:f3ff::be, ns3.p30.dynect.net. [3h48m10s] A 208.78.71.30, pdns154.ultradns.org. [15h27m14s] AAAA 2001:502:4612::be, ns4.p30.dynect.net. [3h48m10s] A 204.13.251.30, ns2.p30.dynect.net. [3h48m10s] A 204.13.250.30, pdns154.ultradns.net. [1d3h48m5s] A 156.154.65.154, pdns154.ultradns.net. [2h55m55s] AAAA 2610:a1:1014::be, pdns154.ultradns.biz. [15h27m14s] AAAA 2610:a1:1015::be, ns1.p30.dynect.net. [3h48m10s] A 208.78.70.30 (501)

Basicly, all lines do the same if you take closer look, when you press play button on your browser, netflix does contact these servers on port 53. Choosen line in more understandable format

 

Domain: ipv4_1-lagg0-c158.1.ord001.ix.nflxvideo.net
IP: 108.175.38.188

Nameservers:
ix.nflxvideo.net
pdns154.ultradns.com, ix.nflxvideo.net
ns2.p30.dynect.net, ix.nflxvideo.net
ns3.p30.dynect.net, ix.nflxvideo.net
pdns154.ultradns.biz, ix.nflxvideo.net
pdns154.ultradns.org, ix.nflxvideo.net
ns4.p30.dynect.net, ix.nflxvideo.net

ns1.p30.dynect.net. ar: pdns154.ultradns.com


156.154.64.154, pdns154.ultradns.com
208.78.71.30, pdns154.ultradns.org
204.13.251.30, ns2.p30.dynect.net
204.13.250.30, pdns154.ultradns.net
156.154.65.154, pdns154.ultradns.net

2001:502:f3ff::be, ns3.p30.dynect.net
2001:502:4612::be, ns4.p30.dynect.net
2610:a1:1014::be, pdns154.ultradns.biz
2610:a1:1015::be, ns1.p30.dynect.net

208.78.70.30 (501)

 

 

Please do not think that preventing netflix to make this check (dns request) will help you with their service, this is not enough. But if you need to redirect anything, then this is how to get required information or simply to log your network.

 

If there are requests, I'll write you a gui for Luci in openwrt where you can make these tests or whatever could be the goal of the requested app.

 

You are free to discuss about your (or my  :rolleyes: ) results, check your ISP's and if you are conform with anything, well, listening to people on internet is not good, trying it out and doing yourself is good. At the end, whatever you want to do, you can automate it, ie. redirecting all these requests to your StreamIP (lol :), this would have worked until the last crackdown but not anymore). Other services still work with that and there are plenty of streaming services.

 

However, its good to know what your network does, at least on important ports like D

 

Hope my terrible english is good enough for writting guides, but sorry for typos or some strange :) expressions.

Share this post


Link to post
Share on other sites

1 answer to this question

Recommended Posts

  • 0
19807409

@torguardSupport, look at this service please.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×