Stefan, Not a direct solution to your problem but you may find this useful:
http://www.time-travellers.org/dns-tcpdump/ It has helped me out a few times in the past. Thanks Shane :) Brett On 2 July 2014 14:56, Stefan <[email protected]> wrote: > Hello, DNS gurus, > > Does anybody have a good set of tcpdump/tshark capture filters, associated > with DNS, already prep-ed for specific fields in the payload (so beyond > just the simplistic udp 53 or tcp 53)? > > Why am I asking? > > - I need to set up traffic captures in various tiers of > servers-hosting-applications whose owners cannot tell where the inter-tiers > reachability depends (and maybe fails) on FWD or REVERSE lookups. This > cannot be done by asking the server or apps folks to use the DNS > traditional tools (dig, nslookup, host, etc.) simply because they cannot > tell which hostnames or IPs make up the functionality of very complex apps, > and have dependency on name resolution (direct or reverse) in order to work > - I would be mostly interested (of course) in DNS packets with no responses > - I would like to avoid re-inventing the wheel by trying to figure out at > which byte offset I would have to start reading a string (is it even > possible to identify that, knowing that certain strings are variable in > length??), and identify no response, if someone has already figured out > such things ;-) > > Thanks in advance for directions or "no way - forget about it" > ***Stefan > > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs > -- Brett
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
