# systemd unit to record DNS and DHCP requests
#
# Setup:
#   sudo systemctl edit tcpdump --full --force
#   # copy-paste the code below
#   sudo systemctl enable tcpdump
#   sudo systemctl status tcpdump  # should show "loaded" and "active"
#
# Usage:
#   # reboot your workstation
#   tcpdump -r /tmp/tcpdump.pcap 2> /dev/null | grep -Po '(?<=A[?] )[^ ]*' | sort -u
#
[Unit]
Description="Record DNS and DHCP traffic"
Before=network-pre.target
Wants=network-pre.target

[Service]
ExecStart=/usr/bin/tcpdump -n -i any -C 10000 -G 86400 -w /tmp/tcpdump.pcap -z gzip -s 0 port 53 or port 67 or port 68

[Install]
WantedBy=multi-user.target