Re: snort dns Preprocessor

["Seshaiah Erugu (serugu)" <serugu () cisco com>]

Hi Rohan,

As you said, currently DNS preprocessor inspecting/tracking responses from DNS server.
If you want to track DNS queries from client to server, you can add code in spp_dns.c (PrcoessDNS function).


Thanks,
Seshaiah Erugu.

From: rohan dora [mailto:dora.rohan () gmail com]
Sent: Friday, May 06, 2016 10:15 AM
To: snort-devel () lists sourceforge net; snort-users () lists sourceforge net
Subject: [Snort-devel] snort dns Preprocessor

Hell0 all,


I was browsing through the code of DNS Dynamic preprocessor(spp_dns.c) of Snort 2.9.1.

Objective

To count the number of DNS Queries that are made by my machine to DNS server(may be local/Remote doesn't matter).

Problem

Right now, DNS Dynamic preprocessor is able to track responses that are coming from DNS server to my machine,however it 
is not able to track/see the DNS queries that my machine makes.

I know that DNS Preprocessor is meant for analysing the responses of Remote server,But i added some code(Some if 
conditions,print statements) to track DNS queries.

Anyone ,having ideas what could be the problem or is this the right approach(modifying code in spp_dns.c) ?

Thanks


------------------------------------------------------------------------------
Find and fix application performance issues faster with Applications Manager
Applications Manager provides deep performance insights into multiple tiers of
your business applications. It resolves application problems quickly and
reduces your MTTR. Get your free trial!
https://ad.doubleclick.net/ddm/clk/302982198;130105516;z

_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel
Archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel

Please visit http://blog.snort.org for the latest news about Snort!