[dns-operations] Utilities for showing DNS packets
Jim Reid
jim at rfc1035.com
Thu Mar 24 16:26:20 UTC 2016
> On 24 Mar 2016, at 00:32, Paul Hoffman <paul.hoffman at vpnc.org> wrote:
>
> Greetings again. There are many ways to visually describe the contents of an DNS packet. Dig's output is a common one, but for an application I'm writing it is kind of wasteful of vertical space. Are there other utils (C or Python preferred, but other languages are fine) that people like? Ability to display messages with name compression (cough cough priming responses cough) is a big plus.
Hi Paul. For the gTLD name collision study in 2013 I used tcpdump to pretty-print the DNS packets in the DITL pcap files. [That was the only tool available to me at the time which could do this.] tcpdump prints out one line of text for each query and response. It doesn’t make a distinction between the data in the Answer, Authority and Additional Sections though. I suppose it would be a simple matter of programming to fix this.
Roy Hooper of Demand Media later did pretty much the same thing using some perl scripts (I think) which are probably lying around on one of the OARC servers. I think his ASCII-fied versions of the DITL pcap data sets are still there too.
hth
More information about the dns-operations
mailing list