oazabir · July 27, 2024 12:00
diff --git a/capture_dns.sh b/capture_dns.sh
 !/bin/bash

 echo "Flushing DNS cache, please give sudo password..."
 sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

 # Capture DNS traffic
 echo "Capturing DNS traffic..."
 sudo tcpdump -i any -s 0 -w dns_traffic.pcap port 53 &
 TCPDUMP_PID=$!

 /bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

 brew install wireshark

 echo "Recording DNS response times..."
 sleep 300


 echo "Stopping capture, give sudo access..."
 sudo kill $TCPDUMP_PID

 echo "Analyzing DNS traffic..."
 # Analyze the captured traffic
 tshark -r dns_traffic.pcap -Y "dns.flags.response == 1" -T fields -e dns.qry.name -e dns.time > /tmp/dns_times.txt

 # Filter and display DNS responses taking more than 300 ms
 echo "DNS requests taking more than 300 ms:"
 awk '{if ($2 > 0.300) print $1, $2}' /tmp/dns_times.txt
	!/bin/bash

	echo "Flushing DNS cache, please give sudo password..."
	sudo dscacheutil -flushcache; sudo killall -HUP mDNSResponder

	# Capture DNS traffic
	echo "Capturing DNS traffic..."
	sudo tcpdump -i any -s 0 -w dns_traffic.pcap port 53 &
	TCPDUMP_PID=$!

	/bin/bash -c "$(curl -fsSL https://raw.githubusercontent.com/Homebrew/install/HEAD/install.sh)"

	brew install wireshark

	echo "Recording DNS response times..."
	sleep 300


	echo "Stopping capture, give sudo access..."
	sudo kill $TCPDUMP_PID

	echo "Analyzing DNS traffic..."
	# Analyze the captured traffic
	tshark -r dns_traffic.pcap -Y "dns.flags.response == 1" -T fields -e dns.qry.name -e dns.time > /tmp/dns_times.txt

	# Filter and display DNS responses taking more than 300 ms
	echo "DNS requests taking more than 300 ms:"
	awk '{if ($2 > 0.300) print $1, $2}' /tmp/dns_times.txt