4 个版本
| 0.1.3 | 2020年9月27日 |
|---|---|
| 0.1.2 | 2020年9月27日 |
| 0.1.1 | 2019年10月21日 |
| 0.1.0 | 2019年1月12日 |
#1720 在 解析实现
50KB
1.5K SLoC
dnslogger
被动 DNS 嗅探器。提供 dnslogger 二进制文件和 DNS 解析库。
安装
在安装之前,请确保您有:libpcap-dev
cargo install dnslogger --locked
或者
cargo build --release && cargo install --path .
用法
$ dnslogger --help
dnslogger 0.1.3
Erik Ahlström
Passive dns sniffer. Provides dnslogger binary and a dns parser library.
USAGE:
dnslogger [FLAGS] [OPTIONS] [bpf_expression]
FLAGS:
-h, --help Prints help information
-v, --verbose Verbose mode (-v, -vv, -vvv, etc.)
-V, --version Prints version information
OPTIONS:
-i Listen on interface
-o Set output format [default: Text] [possible values: Text, Json]
-r Read captured packets from pcap file
ARGS:
Set capture filter [default: src port (53 or 5353 or 5355)]
$ dnslogger -r fixtures/dns/dns.pcap
1112172466.496576 UDP 192.168.170.20:53 -> 192.168.170.8:32795 4146 Query/Response NoError q:|IN/TXT/google.com| a:|IN/270/TXT/google.com("v=spf1 ptr ?all")|
...
$ dnslogger -r fixtures/dns/dns.pcap -o json
{"ts":"1112172466.496576","proto":"UDP","src":"192.168.170.20","sport":53,"dest":"192.168.170.8","dport":32795,"qid":4146,"opcode":"Query","qr":"Response","rcode":"NoError","queries":[{"qclass":"IN","qtype":"TXT","qname":"google.com"}],"answers":[{"name":"google.com","rrtype":"TXT","rrclass":"IN","ttl":270,"rdata":{"TXT":{"len":15,"bytes":[118,61,115,112,102,49,32,112,116,114,32,63,97,108,108],"text":"v=spf1 ptr ?all"}}}],"nsrecords":[],"arecords":[]}
依赖项
~6–16MB
~183K SLoC