DNS query analyzer

John Kristoff jtk at cymru.com
Mon Nov 30 22:11:05 CST 2009


On Mon, 30 Nov 2009 16:06:45 -0800
Joseph Jackson <jjackson at aninetworks.net> wrote:

> Anyone know of a tool that can take a pcap file from wireshark that
> was used to collect dns queries and then spit out statistics about
> the queries such as RTT and timeouts?

Nothing with RTT and timeouts in this, but it could probably be adapted
with an additional, rudimentary subroutine to try summarizing that too:

  <http://www.cymru.com/jtk/code/pcapsum.pl>

If you or no one else comes up with something or modifies this to do
it, give me a holler and I'll whip something up for you.

As is, it'll count DNS messages, header flags and give a top X list of
qnames seen. It uses the somewhat limited NetPacket modules, but it
would be easy to either switch wholesale to the Net::Packet modules or
pull in just those needed (e.g. VLAN and IPv6 support).  It is what it
is, hopefully its of use.

John




More information about the NANOG mailing list