not very scientific but maybe:
Code:
#!/usr/local/bin/perl
# --ephemera
$netif='em0';
$nsites=10;
$updateSecs=10;
open TDMP, "tcpdump -lnni $netif 'dst port 53' |" or die "$!\n";
while(<TDMP>) {
if (/ A\? ([A-z](?:[\w-]+\.)+[\w-]+[\w])\. /) {
$m{$1}++;
if (time - $t >= $updateSecs) {
$t = time;
print "\nTop $nsites sites as of ", scalar localtime $t, ":\n\n";
@s = sort {$m{$b} <=> $m{$a}} keys %m;
for (0..$nsites-1) { print "\t",$_+1,". $s[$_]\n";}
}
}
}