#dns #pcap #ipv4 #ip

bin+lib dnslogger

被动 DNS 嗅探器。提供 dnslogger 二进制文件和 DNS 解析库。

4 个版本

0.1.3 2020年9月27日
0.1.2 2020年9月27日
0.1.1 2019年10月21日
0.1.0 2019年1月12日

#1720解析实现

MIT/Apache

50KB
1.5K SLoC

dnslogger

被动 DNS 嗅探器。提供 dnslogger 二进制文件和 DNS 解析库。

安装

在安装之前,请确保您有:libpcap-dev

cargo install dnslogger --locked

或者

cargo build --release && cargo install --path .

用法

$ dnslogger --help
dnslogger 0.1.3
Erik Ahlström 
Passive dns sniffer. Provides dnslogger binary and a dns parser library.

USAGE:
    dnslogger [FLAGS] [OPTIONS] [bpf_expression]

FLAGS:
    -h, --help       Prints help information
    -v, --verbose    Verbose mode (-v, -vv, -vvv, etc.)
    -V, --version    Prints version information

OPTIONS:
    -i             Listen on interface
    -o         Set output format [default: Text]  [possible values: Text, Json]
    -r             Read captured packets from pcap file

ARGS:
        Set capture filter [default: src port (53 or 5353 or 5355)]
$ dnslogger -r fixtures/dns/dns.pcap 
1112172466.496576  UDP     192.168.170.20:53 -> 192.168.170.8:32795     4146   Query/Response   NoError         q:|IN/TXT/google.com|                   a:|IN/270/TXT/google.com("v=spf1 ptr ?all")|
...
$ dnslogger -r fixtures/dns/dns.pcap -o json
{"ts":"1112172466.496576","proto":"UDP","src":"192.168.170.20","sport":53,"dest":"192.168.170.8","dport":32795,"qid":4146,"opcode":"Query","qr":"Response","rcode":"NoError","queries":[{"qclass":"IN","qtype":"TXT","qname":"google.com"}],"answers":[{"name":"google.com","rrtype":"TXT","rrclass":"IN","ttl":270,"rdata":{"TXT":{"len":15,"bytes":[118,61,115,112,102,49,32,112,116,114,32,63,97,108,108],"text":"v=spf1 ptr ?all"}}}],"nsrecords":[],"arecords":[]}

依赖项

~6–16MB
~183K SLoC