On Jul 2, 2014, at 9:56 AM, Stefan <[email protected]> wrote: > Hello, DNS gurus, > > Does anybody have a good set of tcpdump/tshark capture filters, associated > with DNS, already prep-ed for specific fields in the payload (so beyond just > the simplistic udp 53 or tcp 53)? >
I've used the perl Net::DNS module for this type of stuff. It can easily be used to do that type of stuff. - Jared > Why am I asking? > > - I need to set up traffic captures in various tiers of > servers-hosting-applications whose owners cannot tell where the inter-tiers > reachability depends (and maybe fails) on FWD or REVERSE lookups. This cannot > be done by asking the server or apps folks to use the DNS traditional tools > (dig, nslookup, host, etc.) simply because they cannot tell which hostnames > or IPs make up the functionality of very complex apps, and have dependency on > name resolution (direct or reverse) in order to work > - I would be mostly interested (of course) in DNS packets with no responses > - I would like to avoid re-inventing the wheel by trying to figure out at > which byte offset I would have to start reading a string (is it even possible > to identify that, knowing that certain strings are variable in length??), and > identify no response, if someone has already figured out such things ;-) > > Thanks in advance for directions or "no way - forget about it" > ***Stefan > _______________________________________________ > dns-operations mailing list > [email protected] > https://lists.dns-oarc.net/mailman/listinfo/dns-operations > dns-jobs mailing list > https://lists.dns-oarc.net/mailman/listinfo/dns-jobs _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
