bcc icon indicating copy to clipboard operation
bcc copied to clipboard

Published 20 hours ago verified publisher icon iovisor

Mac filtering

Open abhichatur opened this issue 2 years ago • 9 comments

Are there any bcc tools available so that it can filter the DNS queries on the basis of the mac address.

I want to filter the DNS queries using the client's mac address. so is there any tool is available or what library we need for that to work on

Thank You

abhichatur avatar Jun 28 '22 08:06 abhichatur 

$ tcpdump -i eth0 udp and port 53

chenhengqi avatar Jun 29 '22 00:06 chenhengqi

Thank your for the response, It will just filter all the DNS traffic, without filtering on the basis of MAC address. is there any method so that I can accept and drop DNS query traffic coming from any particular MAC address/addresses.

Thank you.

abhichatur avatar Jun 29 '22 04:06 abhichatur

Please check the -i option.

chenhengqi avatar Jun 29 '22 04:06 chenhengqi

-i option we are using for the interface means for which interface we want to filter traffic. like etho, ens33 etc.

abhichatur avatar Jun 29 '22 07:06 abhichatur

For a specific MAC address, it is assigned to an interface. So you can trace a specific interface instead.

:)

chenhengqi avatar Jun 29 '22 09:06 chenhengqi

ok we can trace traffic it will only show the traffic but how i can block DNS queries for a particular interface/mac address ?

thanks

abhichatur avatar Jun 29 '22 17:06 abhichatur

No idea, maybe you can use iptables/firewall or something like that.

chenhengqi avatar Jun 30 '22 00:06 chenhengqi

wireshark for gui

irenge avatar Aug 25 '22 08:08 irenge

https://www.cyberciti.biz/tips/iptables-mac-address-filtering.html for examples on how to do that with iptables, or the XDP route https://blog.nlnetlabs.nl/journeying-into-xdp-part-1-augmenting-dns/

chantra avatar Aug 25 '22 14:08 chantra