Hi, See my following testings:
$ dig www.twitter.com @8.8.8.8 +short 66.220.147.44 While the tcpdump gives the following at the meanwhile: $ sudo tcpdump -n 'host 8.8.8.8 and port 53' tcpdump: verbose output suppressed, use -v or -vv for full protocol decode listening on enp5s0, link-type EN10MB (Ethernet), capture size 262144 bytes 06:49:35.779852 IP 192.168.1.2.59443 > 8.8.8.8.53: 56457+ [1au] A? www.twitter.com. (44) 06:49:35.818492 IP 8.8.8.8.53 > 192.168.1.2.59443: 56457 1/0/0 A 66.220.147.44 (49) 06:49:35.818531 IP 8.8.8.8.53 > 192.168.1.2.59443: 56457 1/0/0 A 69.171.248.65 (49) 06:49:35.824454 IP 8.8.8.8.53 > 192.168.1.2.59443: 56457 3/0/1 CNAME twitter.com., A 104.244.42.129, A 104.244.42.65 (90) As you can see, the dns is poisoned, is it possible to defeat this with scapy or some techniques with python? Regards -- .: Hongyi Zhao [ hongyi.zhao AT gmail.com ] Free as in Freedom :. -- https://mail.python.org/mailman/listinfo/python-list
