[dns-operations] 答复: Tools to assemble fragments
RunxiaWan
wanrunxia at aliyun.com
Fri May 20 01:05:17 UTC 2016
Thanks! That helps a lot!
-----邮件原件-----
发件人: Matthäus Wander [mailto:matthaeus.wander at uni-due.de]
发送时间: 2016年5月20日 4:46
收件人: RunxiaWan; dns-operations at dns-oarc.net
主题: Re: [dns-operations] Tools to assemble fragments
Here's a Python 2.7 tool I've used to chew on 240 GBytes of .pcap files:
https://www.vs.uni-due.de/wander/reassemble_dns/
reassemble_write.py reads 1 to n .pcap files, extracts DNS messages and
writes a binary .dns file with all DNS messages. It supports IPv4, IPv6,
UDP and TCP. IP fragments and TCP streams are reassembled.
Depends on dpkt (https://github.com/kbandla/dpkt).
You can use dns_parser.py to parse the .dns file. Depends on dnspython
(www.dnspython.org).
Or implement a parser on your own. The file format is documented in
dns_file_format.txt.
Usage:
> python reassemble_write.py input.pcap output.dns
> python dns_parser.py output.dns
Regards,
Matt
RunxiaWan wrote on 2016-05-18 08:50:
> Hi, everyone,
>
> I am doing a data analysis work for the queries and responses captured
> in my recursive server. I find the DNS data has some fragments due to
> large DNS packageand it is tricky to assemble them. Would anyone tell me
> any works of assembling IP layer fragments or any tools to parse DNS
> message from tcpdump/dnscap data?
>
>
>
> Best
>
> Runxia Wan
>
>
> ---------------
> Runxia Wan(Brian)
>
> Research Engineer
> BII Lab
>
> Beijing Internet Institute(BII)
>
> _____rxwan at biigroup.cn_<mailto:rxwan at biigroup.cn>
>
>
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
More information about the dns-operations
mailing list