tcpdump抓包

tcpdump -s0 port 53 -w test.cap

用PacketQ解析dns查询的pcap包

• PacketQ
• PacketQ: SQL queries on DNS pcap files
• Abusing Resources to Process 7TB of PCAP Data

号称PacketQ比tshark快很多，嗯，可以试试

用tshark解析dns pcap数据包

1000多个协议的参数：Display Filter Reference

dns协议的参数：Display Filter Reference: Domain Name Service

修复损坏的pcap：pcapfix

tshark -r .\test.cap -E 'separator=;' -T fields -e frame.time -e ip.src -e ip.dst -e dns.flags.opcode -e dns.qry.name -e dns.qry.type -e dns.flags.rcode -e dns.flags.response -e dns.flags.truncated -e dns.resp.name -e dns.resp.class -e dns.resp.type -e dns.resp.ttl -e dns.a -e dns.cname -e dns.ns -e dns.aaaa

Published

Categories

• dns 56

Tags

• dns 53
• software 1

Share On

• twitter


• weibo


• reddit


• linkedin