Table of Contents Dnstop Tcpdump Wireshark / Tshark Dnstop is a console libpcap application that displays various tables of DNS traffic on a network including: Source IP addresses Destination IP addresses Query types Top level domains Second level domains # dnstop enp0s3 -l 3 Use ctrl-r to reset the counter/refresh the history to get the latest queries. Tcpdump Capture packets from port 53 (DNS):