On 04.01.2013 16:05, Matthew Pounsett wrote:
A friend of mine at an ISP asked me recently whether I had any
suggestions for fingerprinting stub resolvers. They've got pcaps
from
the downstream side of their caching servers and are looking at
trying
to pull more interesting statistics than query counts out of them. I
didn't have any good suggestions, but it seems like an interesting
question to ask of one's name server. Has anyone else tackled this
before? Do tools exist?
p0f would be a good one to start with.
Although it might not be 100% accurate, running those pcaps through p0f
would give a starting point as it already has some of the techniques
included that were mentione din other responses to your question.
http://lcamtuf.coredump.cx/p0f3/
Graeme
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs mailing list
https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
