browse
Packet Captures
The Umbrella roaming client doesn’t currently have a method for capturing all the outbound DNS queries it makes. If you need to capture DNS, you can use one of the following tools.
WireShark - Windows and MacOS both support loopback capture.
Wireshark allows you to capture packets sent to the local loopback interface (127.0.0.1), therefor allowing you to see DNS requests sent to the Umbrella roaming client whether encrypted or unencrypted.
Capture on all active network interfaces especially when local DNS resolution is a factor.
DNS Only
If you only want to look at DNS requests.
DNS + HTTP
If you only want to look at DNS and HTTP request.
Filter out debug lookups (probes)
If you are not explicitly testing checking for probe-related issues or issues with debug.opendns.com, you can filter out debug.opendns.com by typing the following in the filter bar:
For more information about harnessing the power of Wireshark, see the following resources:
- http://packetlife.net/media/library/13/Wireshark_Display_Filters.pdf
- http://wiki.wireshark.org/DisplayFilters
DNSQuerySniffer (Windows)
There are two capture methods:
- Method One—If you select the regular network interface, you will see only queries that are on the Internal Domains list, or that did not specifically go through the dnscryptproxy.
Note that these columns appear waaaay to the right in the capture and you have to scroll over quite a bit.
- Method Two—If you select the Loopback interface, you will see all DNS queries that are sent through the dnscryptproxy, but you will not see the true destination IP address for domains on the Internal Domains list; it will, however, display the query and answer.
Note that these columns appear waaaay to the right in the capture and you have to scroll over quite a bit.
The results look like this:
View of an individual lookup