summaryrefslogtreecommitdiff
path: root/network/dnstop/README
blob: 4465add979b92ba063b722ec5472725e45d5cfa4 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
dnstop is a libpcap  application (ala tcpdump) that displays various tables of DNS traffic on your network. Currently dnstop displays tables of:

    * Source IP addresses
    * Destination IP addresses
    * Query types
    * Response codes
    * Opcodes
    * Top level domains
    * Second level domains
    * Third level domains
    * etc...

dnstop supports both IPv4 and IPv6 addresses.

To help find especially undesirable DNS queries, dnstop provides a number of filters. The filters tell dnstop to display only the following types of queries:

    * For unknown/invalid TLDs
    * A queries where the query name is already an IP address
    * PTR queries for RFC1918 address space 

dnstop can either read packets from the live capture device, or from a tcpdump savefile.

--
Unless modified, this script compiles with PPP frame support.

Homepage: http://dns.measurement-factory.com/tools/dnstop/