PaulDotCom mailing list archives

Re: DNS Query capture and analysis

From: Tim Parker <timparkersec () gmail com>
Date: Mon, 27 May 2013 23:08:05 -0400

Thanks to everybody that responded.  There are more cool tools for DNS out
there than I realized.  It sounds like I have some experimenting to do and
some new tools for my toolbox.


On Mon, May 27, 2013 at 7:08 PM, Ryan B <broadydownunder () gmail com> wrote:

If you have used some of the already described methods to capture the
traffic, Network Miner is a good tool for eating through it and pulling out
interesting information. I believe it shows DNS requests and responses in
one of the tabs.

Hope this helps.

Cheers


On Tue, May 28, 2013 at 4:39 AM, John Bond <john.r.bond () gmail com> wrote:




On 27 May 2013 03:53, Tim Parker <timparkersec () gmail com> wrote:

What's the best way to capture and analyze DNS queries and responses on
my LAN?  Are there any good tools out there for this?  I can run a full
capture on the WAN interface, but then what's good for automating the
extraction of the DNS traffic?


try some of the following options

dsc[1] for general overview stuff
dns-anomaly[2] For anomaly detection
dnstop[3] for general live overview stuff
packetQ[4] SQL interface to pcap data with builtin dns support (very cool)

some of the other tools at http://dns.measurement-factory.com/tools/ may
also be usefull


[1]https://www.dns-oarc.net/tools/dsc
[2]https://gitweb.labs.nic.cz/?p=dns-anomaly.git;a=summary
[3]http://dns.measurement-factory.com/tools/dnstop/
[4]https://github.com/dotse/PacketQ

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com



_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com

Current thread:

DNS Query capture and analysis Tim Parker (May 27)
- Re: DNS Query capture and analysis Carlos Perez (May 27)
- Re: DNS Query capture and analysis Doug Burks (May 27)
- Re: DNS Query capture and analysis xgermx (May 27)
- Re: DNS Query capture and analysis craig bowser (May 27)
- Re: DNS Query capture and analysis Robin Wood (May 27)
- Re: DNS Query capture and analysis Harri Sylvander (May 27)
- Re: DNS Query capture and analysis John Bond (May 27)
  - Re: DNS Query capture and analysis Ryan B (May 27)
    - Re: DNS Query capture and analysis Frank McClain (May 28)
    - Re: DNS Query capture and analysis Tim Parker (May 28)
  - Re: DNS Query capture and analysis Jon Molesa (May 29)
- Re: DNS Query capture and analysis Jon Molesa (May 28)
  - Re: DNS Query capture and analysis allison nixon (May 29)
    - Re: DNS Query capture and analysis Jon Molesa (May 30)
    - Re: DNS Query capture and analysis Liam Randall (Jun 11)