tanyjin123 / dns_parse Goto Github PK
View Code? Open in Web Editor NEWThis project forked from pflarr/dns_parse
A fast parser for DNS pcap data.
License: Other
dns_parse's Introduction
-- OVERVIEW -- dns_parse takes as input a pcap of DNS data and produces a complete, trivially parsable, human readable ASCII version of the same data. It's generally useful for network monitoring (send the data to Splunk or similar). The most common carrying protocols are supported, as well as packet deduplication. -- SUPPORTED PROTOCOLS -- Ethernet MPLS IPv4 (including fragment reassembly) IPv6 (including fragment reassembly) UDP TCP (with flow state saving and loading between pcaps) DNS (on any port) -- AUTHOR INFO -- Paul Ferrell [email protected] -- CONTENTS -- Code to build bin/dns_parse. init/dnscapture - An init script for running tcpdump on an interface as a service to generate regular pcap files. bin/dns_parse_cron - A python cron job script for periodically running dns_parse on regularly output pcap files (generally from using the -C or -G options in tcpdump). pkgs/dns_parse.spec - An RPM spec file, for those dinosaurs that still use these things (like me). etc/* - example config files for init/dnscapture and bin/dns_parse_cron -- DEPENDENCIES -- libpcap -- OS Dependencies -- This has been tested primarily on x86_64 linux, but there shouldn't be any typing issues on 32 bit machines. -- BUILDING AND INSTALLING -- make make install -- Running -- "./bin/dns_parse -h" should tell you everything you need to know. A reasonable set of options is: ./bin/dns_parse -m "" -t -r <dns_captured.pcap> This gets you newline separated resource records an empty main record separator, pretty printed dates, and the shorthand for the record types (ie. A or CNAME). Printing of additional and name server records is disabled (by default). The output will look like this: 2013-02-13 14:56:06.002102,75.32.12.33,75.32.37.16,61,u,r,AA ? mass.blah.com A ! mass.blah.com A 75.32.37.40 2013-02-13 14:56:06.002471,33.53.3.59,112.78.117.89,54,u,q,NA ? getsystemsinc.com MX 2013-02-13 14:56:06.005718,75.32.207.52,75.32.12.33,53,u,q,NA ? 11.207.165.128.in-addr.arpa PTR 2013-02-13 14:56:06.006109,75.32.12.33,75.32.207.52,80,u,r,AA ? 11.207.165.128.in-addr.arpa PTR ! 11.207.165.128.in-addr.arpa PTR cato.blah.com 2013-02-13 14:56:06.006189,75.32.157.134,75.32.12.33,47,u,q,NA ? blerg-dd.blah.com A 2013-02-13 14:56:06.006212,192.12.184.7,33.53.3.1,42,u,q,NA ? api.flyertown.ca A 2013-02-13 14:56:06.006570,75.32.12.33,75.32.157.134,63,u,r,AA ? blerg-dd.blah.com A ! blerg-dd.blah.com A 172.16.236.126
dns_parse's People
Contributors
Watchers
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.