PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: DNS Query capture and analysis

From: Doug Burks <doug.burks () gmail com>
Date: Mon, 27 May 2013 12:04:48 -0400
Hi Tim,

I recommend Bro for logging DNS queries/responses and ELSA for slicing
and dicing those Bro logs.  You can have both Bro and ELSA up and
running in about 10 minutes with Security Onion:
http://securityonion.blogspot.com/2013/01/dns-visibility-with-security-onion-1204.html

Hope that helps!

Thanks,
Doug

On Sun, May 26, 2013 at 9:53 PM, Tim Parker <timparkersec () gmail com> wrote:

What's the best way to capture and analyze DNS queries and responses on my
LAN?  Are there any good tools out there for this?  I can run a full capture
on the WAN interface, but then what's good for automating the extraction of
the DNS traffic?

Thanks!

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com




-- 
Doug Burks
http://securityonion.blogspot.com
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: