nanog mailing list archives
Re: DNS query analyzer
From: John Kristoff <jtk () cymru com>
Date: Mon, 30 Nov 2009 22:11:05 -0600
On Mon, 30 Nov 2009 16:06:45 -0800 Joseph Jackson <jjackson () aninetworks net> wrote:
Anyone know of a tool that can take a pcap file from wireshark that was used to collect dns queries and then spit out statistics about the queries such as RTT and timeouts?
Nothing with RTT and timeouts in this, but it could probably be adapted with an additional, rudimentary subroutine to try summarizing that too: <http://www.cymru.com/jtk/code/pcapsum.pl> If you or no one else comes up with something or modifies this to do it, give me a holler and I'll whip something up for you. As is, it'll count DNS messages, header flags and give a top X list of qnames seen. It uses the somewhat limited NetPacket modules, but it would be easy to either switch wholesale to the Net::Packet modules or pull in just those needed (e.g. VLAN and IPv6 support). It is what it is, hopefully its of use. John
Current thread:
- DNS query analyzer Joseph Jackson (Nov 30)
- Re: DNS query analyzer Nathan Ward (Nov 30)
- RE: DNS query analyzer Stefan Fouant (Nov 30)
- RE: DNS query analyzer Raymond Dijkxhoorn (Nov 30)
- RE: DNS query analyzer Stefan Fouant (Nov 30)
- Re: DNS query analyzer Jay Hennigan (Nov 30)
- RE: DNS query analyzer Raymond Dijkxhoorn (Nov 30)
- Re: DNS query analyzer John Kristoff (Nov 30)
- Re: DNS query analyzer Jon Meek (Nov 30)