DNSQuerySniffer is a tiny (130KB, including a Help file) network sniffer which detects and displays DNS queries as they're sent on your system.

This has some security applications. Malware will often use DNS traffic to communicate with its operators, for instance, so taking a closer look at your own system might help to uncover an infection (look for odd or unusual domains, say, or a lot of failed lookups).

And more generally, DNSQuerySniffer helps to reveal which of your applications is trying to go online, and maybe what they're trying to do.

The data capture itself can be done via WinPcap and Microsoft Network Monitor. Or if you'd rather not install anything else, choose the "Raw Sockets" option and you may still get reasonable results (the documentation provided with DNSQuerySniffer explains more).

Any queries intercepted are displayed in full, with all the details you'd expect: Host Name, Port Number, Query ID, Request Type, Request Time, Response Time, Duration, Response Code, Records Count, and the returned records.

And as usual with NirSoft tools, everything is displayed in a sortable table, and your data can be exported as TXT, CSV, HTML and more.

Version 1.62

Added /cfg command-line option, which instructs DNSQuerySniffer to use a config file in another location instead if the default config file, for example:
DNSQuerySniffer.exe /cfg "%AppData%\DNSQuerySniffer.cfg"


It's probably not a tool you'll use every day, but DNSQuerySniffer can occasionally be useful as a simple way to watch your PC's DNS traffic