Wednesday, August 13, 2025

🔍 Tracking Your PC’s Hidden Connections with ipconfig /displaydns

 Have you ever wondered which websites your PC has visited, or which apps have been silently contacting servers in the background?



Windows actually keeps a short-term DNS cache, and with a simple command, you can see all the domains and IP addresses your system has looked up.

The Magic Command

Open your Command Prompt and run:

ipconfig /displaydns

his command will display your computer’s DNS Resolver Cache — a list of recently resolved domain names along with their corresponding IP addresses.

This cache includes:

  • Websites you visited in your browser.

  • Background requests made by installed apps.

  • Operating system updates and background services.


Why This Matters for Cybersecurity

By looking at this DNS cache, you might:

  • Spot suspicious domains your PC connected to.

  • Identify malware communication attempts to Command-and-Control (C2) servers.

  • Detect apps secretly “phoning home” without your permission.


A Real Example

Here’s what your DNS cache might look like:

IP AddressDomain NameNumber of VisitsNotes
93.184.216.34example.com5Legitimate website
45.155.205.233suspicious-malware-server.io3🚨 Possible C2 server
172.217.16.206google.com20Google search traffic

Step 1: Count the Visits

You can export the ipconfig /displaydns output to a file:

ipconfig /displaydns > dns_log.txt

Then, with a simple Python script, you can parse the file, group by IP/domain, and count how many times each appears.


Step 2: Check the Reputation of Each IP

For cybersecurity purposes, check whether any of these IPs have been flagged for malicious activity.
You can use free APIs like:

  • VirusTotal — Scan an IP for malware reports.

  • AbuseIPDB — Check if an IP is involved in spam, hacking, or DDoS.

Step 3: Monitor Live Traffic with Wireshark

While ipconfig /displaydns shows past DNS lookups, Wireshark lets you capture real-time network traffic to see exactly which IPs your PC is contacting at this moment.

By combining:

  • ipconfig /displaydns — recent history

  • Wireshark — live monitoring

  • VirusTotal / AbuseIPDB — reputation checks

…you’ll have a powerful toolkit for spotting malware, spyware, or unwanted tracking.


Pro Tip: If you discover unknown IPs with bad reputations, disconnect from the internet immediately and run a full antivirus scan.


If you want, I can also add a full working Python & PyQt6 tool that automatically runs ipconfig /displaydns, counts visits, checks IP reputation on both VirusTotal and AbuseIPDB, and displays it in a table.


No comments:

Post a Comment