PaulDotCom mailing list archives
Re: DNS Query capture and analysis
From: Doug Burks <doug.burks () gmail com>
Date: Mon, 27 May 2013 12:04:48 -0400
Hi Tim, I recommend Bro for logging DNS queries/responses and ELSA for slicing and dicing those Bro logs. You can have both Bro and ELSA up and running in about 10 minutes with Security Onion: http://securityonion.blogspot.com/2013/01/dns-visibility-with-security-onion-1204.html Hope that helps! Thanks, Doug On Sun, May 26, 2013 at 9:53 PM, Tim Parker <timparkersec () gmail com> wrote:
What's the best way to capture and analyze DNS queries and responses on my LAN? Are there any good tools out there for this? I can run a full capture on the WAN interface, but then what's good for automating the extraction of the DNS traffic? Thanks! _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- Doug Burks http://securityonion.blogspot.com _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- DNS Query capture and analysis Tim Parker (May 27)
- Re: DNS Query capture and analysis Carlos Perez (May 27)
- Re: DNS Query capture and analysis Doug Burks (May 27)
- Re: DNS Query capture and analysis xgermx (May 27)
- Re: DNS Query capture and analysis craig bowser (May 27)
- Re: DNS Query capture and analysis Robin Wood (May 27)
- Re: DNS Query capture and analysis Harri Sylvander (May 27)
- Re: DNS Query capture and analysis John Bond (May 27)
- Re: DNS Query capture and analysis Ryan B (May 27)
- Re: DNS Query capture and analysis Frank McClain (May 28)
- Re: DNS Query capture and analysis Tim Parker (May 28)
- Re: DNS Query capture and analysis Jon Molesa (May 29)
- Re: DNS Query capture and analysis Ryan B (May 27)
- Re: DNS Query capture and analysis Jon Molesa (May 28)
(Thread continues...)