Snort mailing list archives
Re: snort dns Preprocessor
From: rohan dora <dora.rohan () gmail com>
Date: Fri, 6 May 2016 16:46:56 +0530
Thanks Seshaiah, i have added code(Simple if condition) in ProcessDns to
track DNS query.
p = (SFSnortPacket*) packetPtr;
if(p->src_port==53) printf("DNS Response\n");
if(p->dst_port==53) printf("DNS Request\n");
After adding , i do make,make install and then use nslookup to issue a DNS
query.
However, i never see "DNS Request" printed on console.
So how will we track the DNS requests,because i think snort is handling
packet sniffing/capture part(user needn't look for it).
Please correct me if i am going wrong.
On Fri, May 6, 2016 at 11:16 AM, Seshaiah Erugu (serugu) <serugu () cisco com>
wrote:
Hi Rohan, As you said, currently DNS preprocessor inspecting/tracking responses from DNS server. If you want to track DNS queries from client to server, you can add code in spp_dns.c (PrcoessDNS function). Thanks, Seshaiah Erugu. *From:* rohan dora [mailto:dora.rohan () gmail com] *Sent:* Friday, May 06, 2016 10:15 AM *To:* snort-devel () lists sourceforge net; snort-users () lists sourceforge net *Subject:* [Snort-devel] snort dns Preprocessor Hell0 all, I was browsing through the code of *DNS Dynamic preprocessor*(*spp_dns.c*) of Snort 2.9.1. *Objective* To count the number of DNS Queries that are made by my machine to DNS server(may be local/Remote doesn't matter). *Problem* Right now, DNS Dynamic preprocessor is able to track responses that are coming from DNS server to my machine,*however it is not able to track/see the DNS queries that my machine makes*. I know that DNS Preprocessor is meant for analysing the responses of Remote server,But i added some code(Some if conditions,print statements) to track DNS queries. Anyone ,having ideas what could be the problem or is this the right approach(modifying code in spp_dns.c) ? Thanks
------------------------------------------------------------------------------ Find and fix application performance issues faster with Applications Manager Applications Manager provides deep performance insights into multiple tiers of your business applications. It resolves application problems quickly and reduces your MTTR. Get your free trial! https://ad.doubleclick.net/ddm/clk/302982198;130105516;z
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- snort dns Preprocessor rohan dora (May 05)
- Re: snort dns Preprocessor Seshaiah Erugu (serugu) (May 05)
- Re: snort dns Preprocessor rohan dora (May 06)
- Re: snort dns Preprocessor Seshaiah Erugu (serugu) (May 07)
- Re: snort dns Preprocessor rohan dora (May 07)
- Re: snort dns Preprocessor Seshaiah Erugu (serugu) (May 09)
- Re: snort dns Preprocessor rohan dora (May 10)
- Re: snort dns Preprocessor rohan dora (May 06)
- Re: snort dns Preprocessor Seshaiah Erugu (serugu) (May 05)