Assumptions:
- You are monitoring from the gateway router, so the traffic can be seen.
- Your xbox device's IP address is a.b.c.d.
- Your NIC you wish to monitor is em1.
Perhaps something as simple as:
# tcpdump -ni em1 host a.b.c.d and port 53
--- in addition ---
Add the
log option to the rules you wish to monitor, and you can use tcpdump(8) with the pflog(4) device to monitor PF rules being applied. Here are three examples, one for monitoring rules that log blocks, another to monitor rules that log passes, and the last to monitor both pass and block rules as they are applied to rules that log.
# tcpdump -ni pflog0 action block
# tcpdump -ni pflog0 action pass
# tcpdump -ni pflog0