I was tring to monitor DNS request / response in Linux systems, below is the command I used:
$ sysdig -X -s 2000 -p "*%proc.name %evt.dir %evt.type %proc.pid %fd.cip:%fd.cport %fd.sip:%fd.sport %fd.l4proto\n%evt.args\n" "fd.sport = 53 and evt.rawres > 0"
Everything is fine when I send a DNS request using host or nslookup, I can see the request and response is captured by sysdig.
However if I use curl to visit a website, sometimes I cannot capture the DNS request ( response can be captured )
So I use strace to find what happened and I found that curl use the system call sendmmsg to send DNS request and Sysdig cannot capture the argument of sendmmsg
Is there any advise for me to solve this problem?
I was tring to monitor DNS request / response in Linux systems, below is the command I used:
Everything is fine when I send a DNS request using
hostornslookup, I can see the request and response is captured by sysdig.However if I use curl to visit a website, sometimes I cannot capture the DNS request ( response can be captured )
So I use strace to find what happened and I found that curl use the system call
sendmmsgto send DNS request and Sysdig cannot capture the argument ofsendmmsgIs there any advise for me to solve this problem?