Does anybody know what is this traffic? What is send to gandalf.internal.parrotsec.org?
It is one of parrots servers. It hosts the repository and also provides DNS.
if you are seeing it frequently it is probably handling your DNS queries.
I know it’s DNS traffic, but I use different DNS servers. Therefore I’m wondering what’s in the traffic to gandalf. The seconds thing is that gandalf isn’t mentioned anywhere is documentation (or maybe I didn’t found it - then sorry).
Well if its not in your
/etc/resolv.conf and the traffic to
126.96.36.199 (gandalf…) is DNS traffic, then its because the domains you are visiting are cached (In firefox).
If you use
nslookup it will use the DNS servers inside resolv.conf where as firefox will use cached, until you restart it.
Parrot tries to circumvent dns cersorship by putting the OpenNIC dns servers along side those suggested via dhcp by the provider
Some of the Parrot Project servers are also OpenNIC dns resolvers, and we include them by default.
i invite you to open wireshark and take a look at the traffic routed to this server, as you can see it is just dns traffic including only the dns resolution requests performed by your system