June 15, 2018
10:43 a.m.
I've got what appears to be some end-user devices sending _ta-4a5c queries. I'm tracking them down with: tcpdump -s0 -n -p -i any -vvv -X dst port 53 and \ \( ip[0x28:4] == 0x085f7461 or ip6[0x3c:4] == 0x085f7461 \) This expression looks for DNS query names that start with an 8 character label beginning '_ta'. I thought this might be useful for others. Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ Dover, Wight, Portland, Plymouth: West or southwest 3 or 4, increasing 5 or 6. Slight or moderate. Showers later. Moderate or good.