tags:

views:

142

answers:

1
+1  Q: 

how to monitor/sniff local DNS lookups to the windows local DNS? (on XP, Vista, Win7)

Is there a way in .NET (for a WPF application running on XP, Vista, or Windows 7) to monitor/sniff DNS lookups that the application is making to local DNS?

For example, is there a log file for a windows local DNS cache somewhere?

(Background - parsing network packets doesn't seem to work as a DNS lookup may not have to be issued outside of the PC if it is already cached in the Windows DNS)

+1  A: 

FWIW, checking tcpview+perfmon /res, it appears that dnscache listens on 'localhost' (for both ipv4 and ipv6 on my win7) on UDP port 5355, and since netmon can capture localhost traffic (most sniffers can't AFAIK), you should be able to use the NMAPI (look at Microsoft Network Monitor 3\api\NetmonAPI.cs after you install it) to monitor that traffic.

VRTA and NMExperts (IIRC) site on top of the managed interface if you want places to look for existing consumers for sample code:

James Manning  2010-08-17 02:26:03
thanks James - so re "most sniffers can't AFAIK" do you happened to know whether WinPCap can or not? (if I'm using this so far) WinPCap gets used in Wireshark too I believe.
Greg  2010-08-17 07:01:17
BTW - There's not a more basic way of monitoring the local DNS cache, such as a log file?
Greg  2010-08-17 10:36:54
Re: log - I couldn't find any other monitoring approach, unfortunately, although that doesn't mean it doesn't exist :) The definitive answer would likely be from either asking on one of the Windows forums or opening a ticket with Microsoft support.
James Manning  2010-08-22 20:35:20
Re: sniffers - in my past experience (over a year ago at this point) with winpcap/wireshark, it couldn't see localhost traffic (not its fault - localhost traffic doesn't get routed through the normal network stack - http://www.codinghorror.com/blog/2006/05/localhost-http-debugging-with-fiddler.html). AFAIK netmon had to do specific work to support localhost traffic, but i never really dug that much into it
James Manning  2010-08-22 20:39:06

related questions

Displaying Flash content in a C# WinForms application
How to get the value of built, encoded ViewState?
Unhandled Exception Handler in .NET 1.1
How do I connect to a database and loop over a recordset in C#?
How do I most elegantly express left join with aggregate SQL as LINQ query
Get a new object instance from a Type in C#
.NET Testing Framework Advice
Automatically update version number
What is the difference between an int and an Integer in Java/C#?
How to write to Web.Config in Medium Trust ?
WinForms ComboBox data binding gotcha
How do you sort a C# dictionary by value?
Adding Scripting functionality to .NET applications
Floating Point Number parsing: Is there a Catch All algorithm?
How do I print an HTML document from a web service?
Decoding T-SQL CAST in C#/VB.net
Anatomy of a "Memory Leak"
How do I get a distinct, ordered list of names from a DataTable using Linq
Reliable Timer in a Console Application
How do I fill a DataSet or a DataTable from a LINQ query resultset ?
What's the difference between Math.Floor() and Math.Truncate() in .NET?
How do I calculate relative time?
How do I calculate someone's age in C#?
Are there any conversion tools for porting Visual J# code to C#?
When setting a form's opacity should I use a decimal or double?