[dns-operations] Does anybody have a good list of capture filters for DNS traffic - details in email

Jared Mauch jared at puck.nether.net
Wed Jul 2 14:34:18 UTC 2014


On Jul 2, 2014, at 9:56 AM, Stefan <netfortius at gmail.com> wrote:

> Hello, DNS gurus,
> 
> Does anybody have a good set of tcpdump/tshark capture filters, associated with DNS, already prep-ed for specific fields in the payload (so beyond just the simplistic udp 53 or tcp 53)? 
> 

I've used the perl Net::DNS module for this type of stuff.  It can easily be used to do that type of stuff.

- Jared


> Why am I asking?
> 
> - I need to set up traffic captures in various tiers of servers-hosting-applications whose owners cannot tell where the inter-tiers reachability depends (and maybe fails) on FWD or REVERSE lookups. This cannot be done by asking the server or apps folks to use the DNS traditional tools (dig, nslookup, host, etc.) simply because they cannot tell which hostnames or IPs make up the functionality of very complex apps, and have dependency on name resolution (direct or reverse) in order to work
> - I would be mostly interested (of course) in DNS packets with no responses
> - I would like to avoid re-inventing the wheel by trying to figure out at which byte offset I would have to start reading a string (is it even possible to identify that, knowing that certain strings are variable in length??), and identify no response, if someone has already figured out such things ;-)
> 
> Thanks in advance for directions or "no way - forget about it"
> ***Stefan
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs





More information about the dns-operations mailing list