4 个版本
0.1.3 | 2020年9月27日 |
---|---|
0.1.2 | 2020年9月27日 |
0.1.1 | 2019年10月21日 |
0.1.0 | 2019年1月12日 |
#1720 在 解析实现
50KB
1.5K SLoC
dnslogger
被动 DNS 嗅探器。提供 dnslogger 二进制文件和 DNS 解析库。
安装
在安装之前,请确保您有:libpcap-dev
cargo install dnslogger --locked
或者
cargo build --release && cargo install --path .
用法
$ dnslogger --help dnslogger 0.1.3 Erik Ahlström Passive dns sniffer. Provides dnslogger binary and a dns parser library. USAGE: dnslogger [FLAGS] [OPTIONS] [bpf_expression] FLAGS: -h, --help Prints help information -v, --verbose Verbose mode (-v, -vv, -vvv, etc.) -V, --version Prints version information OPTIONS: -i Listen on interface -o Set output format [default: Text] [possible values: Text, Json] -r Read captured packets from pcap file ARGS: Set capture filter [default: src port (53 or 5353 or 5355)]
$ dnslogger -r fixtures/dns/dns.pcap 1112172466.496576 UDP 192.168.170.20:53 -> 192.168.170.8:32795 4146 Query/Response NoError q:|IN/TXT/google.com| a:|IN/270/TXT/google.com("v=spf1 ptr ?all")| ...
$ dnslogger -r fixtures/dns/dns.pcap -o json {"ts":"1112172466.496576","proto":"UDP","src":"192.168.170.20","sport":53,"dest":"192.168.170.8","dport":32795,"qid":4146,"opcode":"Query","qr":"Response","rcode":"NoError","queries":[{"qclass":"IN","qtype":"TXT","qname":"google.com"}],"answers":[{"name":"google.com","rrtype":"TXT","rrclass":"IN","ttl":270,"rdata":{"TXT":{"len":15,"bytes":[118,61,115,112,102,49,32,112,116,114,32,63,97,108,108],"text":"v=spf1 ptr ?all"}}}],"nsrecords":[],"arecords":[]}
依赖项
~6–16MB
~183K SLoC