On Mon, 30 Nov 2009 16:06:45 -0800 Joseph Jackson <jjack...@aninetworks.net> wrote:
> Anyone know of a tool that can take a pcap file from wireshark that > was used to collect dns queries and then spit out statistics about > the queries such as RTT and timeouts? Nothing with RTT and timeouts in this, but it could probably be adapted with an additional, rudimentary subroutine to try summarizing that too: <http://www.cymru.com/jtk/code/pcapsum.pl> If you or no one else comes up with something or modifies this to do it, give me a holler and I'll whip something up for you. As is, it'll count DNS messages, header flags and give a top X list of qnames seen. It uses the somewhat limited NetPacket modules, but it would be easy to either switch wholesale to the Net::Packet modules or pull in just those needed (e.g. VLAN and IPv6 support). It is what it is, hopefully its of use. John