[dns-operations] Does anybody have a good list of capture filters for DNS traffic - details in email

Brett brettcarr at gmail.com
Wed Jul 2 14:17:08 UTC 2014


Stefan,

Not a direct solution to your problem but you may find this useful:

http://www.time-travellers.org/dns-tcpdump/

It has helped me out a few times in the past.

Thanks Shane :)

Brett


On 2 July 2014 14:56, Stefan <netfortius at gmail.com> wrote:

> Hello, DNS gurus,
>
> Does anybody have a good set of tcpdump/tshark capture filters, associated
> with DNS, already prep-ed for specific fields in the payload (so beyond
> just the simplistic udp 53 or tcp 53)?
>
> Why am I asking?
>
> - I need to set up traffic captures in various tiers of
> servers-hosting-applications whose owners cannot tell where the inter-tiers
> reachability depends (and maybe fails) on FWD or REVERSE lookups. This
> cannot be done by asking the server or apps folks to use the DNS
> traditional tools (dig, nslookup, host, etc.) simply because they cannot
> tell which hostnames or IPs make up the functionality of very complex apps,
> and have dependency on name resolution (direct or reverse) in order to work
> - I would be mostly interested (of course) in DNS packets with no responses
> - I would like to avoid re-inventing the wheel by trying to figure out at
> which byte offset I would have to start reading a string (is it even
> possible to identify that, knowing that certain strings are variable in
> length??), and identify no response, if someone has already figured out
> such things ;-)
>
> Thanks in advance for directions or "no way - forget about it"
> ***Stefan
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>



-- 
Brett
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20140702/b9331fc4/attachment.html>


More information about the dns-operations mailing list