Hey List! Anyone know of a tool that can take a pcap file from wireshark that was used to collect dns queries and then spit out statistics about the queries such as RTT and timeouts? Thanks! Joseph
On 1/12/2009, at 1:06 PM, Joseph Jackson wrote:
Hey List!
Anyone know of a tool that can take a pcap file from wireshark that was used to collect dns queries and then spit out statistics about the queries such as RTT and timeouts?
Not off the top of my head, but, you could use wireshark's Lua extension system to write a plugin to do this for you right within wireshark. The wireshark/Lua stuff is quite powerful (though not super super fast), it's a really useful tool to have on hand. -- Nathan Ward
-----Original Message----- From: Joseph Jackson [mailto:jjackson@aninetworks.net] Sent: Monday, November 30, 2009 7:07 PM
Anyone know of a tool that can take a pcap file from wireshark that was used to collect dns queries and then spit out statistics about the queries such as RTT and timeouts?
It just so happens there is a tool aptly named DNS Analyzer by NLnet Labs. I used it a while back but if I recall you could feed it a pcap and it could spit out all kinds of useful statistical data. I don't think it's being actively maintained at the moment but you should be able to find it on the NLnet Labs site - http://www.nlnetlabs.nl/projects/dns-analyzer/ HTHs. Stefan Fouant www.shortestpathfirst.net GPG Key ID: 0xB5E3803D
Hi!
Anyone know of a tool that can take a pcap file from wireshark that was used to collect dns queries and then spit out statistics about the queries such as RTT and timeouts?
It just so happens there is a tool aptly named DNS Analyzer by NLnet Labs. I used it a while back but if I recall you could feed it a pcap and it could spit out all kinds of useful statistical data.
I don't think it's being actively maintained at the moment but you should be able to find it on the NLnet Labs site - http://www.nlnetlabs.nl/projects/dns-analyzer/
I very recently asked the maintainers of that package if its still under development but i heard if was unfortunately dropped. Bye, Raymond.
-----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@prolocation.net] Sent: Monday, November 30, 2009 9:54 PM
I don't think it's being actively maintained at the moment but you should be able to find it on the NLnet Labs site - http://www.nlnetlabs.nl/projects/dns-analyzer/
I very recently asked the maintainers of that package if its still under development but i heard if was unfortunately dropped.
It would be nice if we could convince them to release the source code into the public domain. I'm sure there are a few people who would find it highly useful and would work on it to add to its utility. Stefan Fouant www.shortestpathfirst.net GPG Key ID: 0xB5E3803D
Stefan Fouant wrote:
-----Original Message----- From: Raymond Dijkxhoorn [mailto:raymond@prolocation.net]
I don't think it's being actively maintained at the moment but you should be able to find it on the NLnet Labs site - http://www.nlnetlabs.nl/projects/dns-analyzer/ I very recently asked the maintainers of that package if its still under development but i heard if was unfortunately dropped.
It would be nice if we could convince them to release the source code into the public domain. I'm sure there are a few people who would find it highly useful and would work on it to add to its utility.
The source (versions 0.2.0 and 0.3.0) is available at the above URL and there is a GPL license in the tarball. -- Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net Impulse Internet Service - http://www.impulse.net/ Your local telephone and internet company - 805 884-6323 - WB6RDV
On Mon, 30 Nov 2009 16:06:45 -0800 Joseph Jackson <jjackson@aninetworks.net> wrote:
Anyone know of a tool that can take a pcap file from wireshark that was used to collect dns queries and then spit out statistics about the queries such as RTT and timeouts?
Nothing with RTT and timeouts in this, but it could probably be adapted with an additional, rudimentary subroutine to try summarizing that too: <http://www.cymru.com/jtk/code/pcapsum.pl> If you or no one else comes up with something or modifies this to do it, give me a holler and I'll whip something up for you. As is, it'll count DNS messages, header flags and give a top X list of qnames seen. It uses the somewhat limited NetPacket modules, but it would be easy to either switch wholesale to the Net::Packet modules or pull in just those needed (e.g. VLAN and IPv6 support). It is what it is, hopefully its of use. John
I have a "DNSaudit" program that takes libpcap (wireshark/tcpdump) files. Originally its purpose was to identify AnswersWithoutQuestions, and QuestionsWithoutAnswers when we were having some routing issues causing answers to return via a different ISP. Later I added statistics for response time by server. I suggest trying the other programs mentioned first, I am the only user of my program... Jon On Mon, Nov 30, 2009 at 7:06 PM, Joseph Jackson <jjackson@aninetworks.net> wrote:
Hey List!
Anyone know of a tool that can take a pcap file from wireshark that was used to collect dns queries and then spit out statistics about the queries such as RTT and timeouts?
Thanks!
Joseph
Joseph Jackson (jjackson) writes:
Hey List!
Anyone know of a tool that can take a pcap file from wireshark that was used to collect dns queries and then spit out statistics about the queries such as RTT and timeouts?
I don't know if DSC does this, but check it out: http://dns.measurement-factory.com/tools/dsc/ Cheers, Phil
On Mon, 30 Nov 2009, Joseph Jackson wrote:
Anyone know of a tool that can take a pcap file from wireshark that was used to collect dns queries and then spit out statistics about the queries such as RTT and timeouts?
I don't know if it'll do exactly what you want, but have a look at https://www.dns-oarc.net/tools/dnscap Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
On Tue, Dec 1, 2009 at 3:58 PM, Tony Finch <dot@dotat.at> wrote:
On Mon, 30 Nov 2009, Joseph Jackson wrote:
Anyone know of a tool that can take a pcap file from wireshark that was used to collect dns queries and then spit out statistics about the queries such as RTT and timeouts?
I don't know if it'll do exactly what you want, but have a look at https://www.dns-oarc.net/tools/dnscap
dnscap paired with dpkt can quickly and elegantly accomplish what you desire; if you know python (:
Joseph Jackson wrote on 01/12/09 01:06:
Anyone know of a tool that can take a pcap file from wireshark that was used to collect dns queries and then spit out statistics about the queries such as RTT and timeouts?
You also have DNSTop http://dns.measurement-factory.com/tools/dnstop/ Best regards, Julien
participants (11)
-
Aaron Glenn
-
Jay Hennigan
-
John Kristoff
-
Jon Meek
-
Joseph Jackson
-
jul
-
Nathan Ward
-
Phil Regnauld
-
Raymond Dijkxhoorn
-
Stefan Fouant
-
Tony Finch