dnspcap

Generates pcap expression for filtering DNS message capture

Usage

./dnspcap --help usage: dnspcap --help show this usage message --src-ip addr match source ip address --dst-ip addr match destination ip address --src-port port match source port --dst-port port match destination port --qname string match QNAME string --qtype QTYPE match QTYPE --qclass QCLASS match QCLASS --max-length int max domain length

Example

$ dnspcap --dst-port 53 --qname in-addr.arpa. --qclass IN --qtype PTR > dnspcap.filter
$ tcpdump -F dnspcap.filter

Code

dnspcap.pl

Presentation

I spoke about dnspcap at OARC 2011-1 / ICANN Silicon Valley meeting in San Francisco on 13 March 2011

PDF

Feedback to dave@knig.ht is appreciated.