"Saurabh Mehrotra" writes:
> Can you guide me how to set up TCP dump on RHEL 4 and test.
I'm afraid I don't use Red Hat Linux or RPMs so I'm not going to be able
to help you instal tcpdump. There's a good chance that it's installed
by default, though. To run it and monitor DNS traffic, do this:
tcpdump port 53
> Can u explain this more so that I will calculate that..
>
> " packet counts for each rule, which
> should help you to determine which rule is dropping or failing to
> forward the DNS packets."
(1) Run iptables -v -L
(2) Look at the rules you believe should match UDP traffic on port 53
between trench1 and 212.165.108.4. Note the number of packets which
have matched these rules.
(3) Run nslookup
(4) Run iptables -v -L again
(5) Look at the rules you believe should match UDP traffic on port 53
between trench1 and 212.165.108.4. Note the number of packets which
have matched these rules.
(6) Compare the numbers from steps (2) and (5) to see if they've
changed. If not then the rules aren't doing what you think they
are.
You may find a command like the following helpful:
watch iptables -v -L
Cheers,
-Ted
