nanog mailing list archives

Re: DNS query analyzer

From: John Kristoff <jtk () cymru com>
Date: Mon, 30 Nov 2009 22:11:05 -0600

On Mon, 30 Nov 2009 16:06:45 -0800
Joseph Jackson <jjackson () aninetworks net> wrote:

Anyone know of a tool that can take a pcap file from wireshark that
was used to collect dns queries and then spit out statistics about
the queries such as RTT and timeouts?


Nothing with RTT and timeouts in this, but it could probably be adapted
with an additional, rudimentary subroutine to try summarizing that too:

  <http://www.cymru.com/jtk/code/pcapsum.pl>

If you or no one else comes up with something or modifies this to do
it, give me a holler and I'll whip something up for you.

As is, it'll count DNS messages, header flags and give a top X list of
qnames seen. It uses the somewhat limited NetPacket modules, but it
would be easy to either switch wholesale to the Net::Packet modules or
pull in just those needed (e.g. VLAN and IPv6 support).  It is what it
is, hopefully its of use.

John

Current thread:

DNS query analyzer Joseph Jackson (Nov 30)
- Re: DNS query analyzer Nathan Ward (Nov 30)
- RE: DNS query analyzer Stefan Fouant (Nov 30)
  - RE: DNS query analyzer Raymond Dijkxhoorn (Nov 30)
    - RE: DNS query analyzer Stefan Fouant (Nov 30)
    - Re: DNS query analyzer Jay Hennigan (Nov 30)
- Re: DNS query analyzer John Kristoff (Nov 30)
- Re: DNS query analyzer Jon Meek (Nov 30)