Showing the DNS queries to your AD controller with TCPdump

The following command will show the DNS queries to your DNS server:

tcpdump -i em2 -nn -s 0 dst port 53 | awk {'print $1" "$3" "$8'} | grep -v seq

red = show the dns queries. green = show only words 1, 3 and 8 in the line. blue = filter the ‘seq’ ┬ájunk.

Result:

08:27:10.093938 10.1.1.2.53060 stun.client.akadns.net.
08:27:10.116692 10.1.1.2.59186 stun.client.akadns.net.
08:27:10.118604 10.1.1.2.49966 stun.client.akadns.net.
08:27:10.120539 10.1.1.2.50279 stun.client.akadns.net.
08:27:10.122403 10.1.1.2.63134 stun.client.akadns.net.
08:27:10.124533 10.1.1.2.54681 stun.client.akadns.net.