[dns-operations] Tool for fragmentation/TCP processing of pcap DNS files
John Kristoff
jtk at depaul.edu
Wed Sep 7 15:33:23 UTC 2016
On Wed, 7 Sep 2016 05:55:40 +0000
Shane Kerr <shane at time-travellers.org> wrote:
> http://www.dnsv6lab.net/2016/09/06/DNS-pcap-fragments/
> Hopefully it is useful to someone else working in DNS.
I think so, yes thanks for making this available.
The way I have handled DNS TCP pcap parsing was to cheat. I used
Wireshark's tshark, converting pcap data I couldn't parse on a per
packet basis to pdml and then parsing that, which is basically XML. It
doesn't scale very well, but worked in a pinch and for smaller jobs.
John
More information about the dns-operations
mailing list