Don't know if I've posted the 3.1 version of dumpdnsCache, so here it is...
----------------------------------------------------------------------------
----
$ cat dumpdnsCache.c
/* dnsCache gdbm database dump -
Copyright (c) 2002 - Burton M. Strauss III ([EMAIL PROTECTED])
Released under GPL v2
*/
#include <stdio.h>
#include <string.h>
#include <gdbm.h>
#include <time.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
// Extracted from #include "globals-defines.h"
#define CONST_DNSCACHE_LIFETIME 24*3600
#define MAX_LEN_SYM_HOST_NAME 64
#define LEN_ETHERNET_ADDRESS 6
// Extracted from #include "globals-structtypes.h"
typedef struct storedAddress {
char symAddress[MAX_LEN_SYM_HOST_NAME];
time_t recordCreationTime;
short symAddressType;
char pad; /* Quiet valgrind */
} StoredAddress;
void print_record(datum key, datum data, time_t now) {
long long addr;
int a,b,c,d;
struct tm *tm;
char buf[64];
if(data.dsize == (sizeof(StoredAddress))) {
if(strchr(key.dptr, ':') > 0) {
/* IPv6 */
printf ("%-17s v6 ", ((StoredAddress*)data.dptr)->symAddress);
} else {
/* IPv4 */
addr = strtoll(key.dptr, NULL, 10);
a = addr >>24 & 0xff;
b = addr >>16 & 0xff;
c = addr >> 8 & 0xff;
d = addr & 0xff;
snprintf((char*)&buf, sizeof(buf), "%3d.%d.%d.%d", a, b, c, d);
printf ("%17s ", buf);
}
if (now - ((StoredAddress*)data.dptr)->recordCreationTime >
CONST_DNSCACHE_LIFETIME) {
printf("%19s ", "EXPIRED ");
} else {
tm = gmtime( (time_t*)
&((StoredAddress*)data.dptr)->recordCreationTime );
strftime((char*)&buf, sizeof(buf), "%Y-%m-%d %H:%M:%S", tm);
printf ("%-19s ", buf);
}
printf("%2d %s\n", ((StoredAddress*)data.dptr)->symAddressType,
((StoredAddress*)data.dptr)->symAddress);
} else {
printf ("%17s: '%s'\n", key.dptr, data.dptr);
}
}
int main(int argc, char *argv[]) {
GDBM_FILE dbfile;
datum key, data;
int recordCount = 0;
char buf[64];
time_t now=time(NULL);
struct in_addr inp;
printf ("dumpdnsCache - Burton Strauss <[EMAIL PROTECTED] - v1.1 for
ntop 3.1\n");
if ( (argc < 2) || (argc > 3) ) {
fprintf (stderr, "Usage: dumpdnsCache file [key]\n\n");
exit (1);
}
dbfile = gdbm_open (argv[1], 0, GDBM_READER, 0666, NULL);
if (!dbfile) {
fprintf (stderr, "Open file %s, error %d (%s) gdbm file.\n", argv[1],
gdbm_errno, gdbm_strerror(gdbm_errno));
exit (2);
}
printf("%20s %19s %s\n", "IP Address", "Good until", "CL Address");
printf("%20s %19s %s\n", "--------------------", "-------------------",
"-- --------------------------");
if ((argc < 3) || (strcmp(argv[2], ".") == 0)) {
key = gdbm_firstkey ( dbfile );
while (key.dptr) {
data = gdbm_fetch ( dbfile, key );
recordCount++;
print_record(key, data, now);
free (data.dptr);
key = gdbm_nextkey ( dbfile, key );
}
printf ("\nRecords read: %d\n\n", recordCount);
} else {
if(strchr(argv[2], '.') > 0) {
/* dotted quad, convert to integer */
inet_aton(argv[2], &inp);
snprintf(buf, sizeof(buf), "%d", ntohl(inp.s_addr));
key.dsize = strlen (buf) + 1;
key.dptr = (void*)&buf;
} else {
/* IPv6 - as is */
key.dsize = strlen (argv[2]) + 1;
key.dptr = argv[2];
}
data = gdbm_fetch (dbfile, key);
if (data.dptr) {
print_record(key, data, now);
free (data.dptr);
} else {
printf ("%17s key not found.\n", argv[2]);
}
}
gdbm_close (dbfile);
}
---------------------------------------------------------------------
Compile:
$ gcc -g -o dumpdnsCache dumpdnsCache.c -lgdbm
-----Burton
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf
Of Wolfgang Hennerbichler
Sent: Tuesday, January 18, 2005 3:33 PM
To: [email protected]
Subject: RE: [Ntop-dev] How can ntop resolve DynDNS hosts?
Aaaahhh...
THAT makes sense :)
I tried to recreate the 'scene', but I couldn't, and I thought I had seen
something wrong; Now that makes perfectly sense to me :)
Thanks;
Wolfgang
On Tue, 2005-01-18 at 14:46 -0600, Burton Strauss wrote:
> Not quite ... Remember ntop sniffs other people's DNS queries and
> caches the responses... (run dumpdnsCache or dumpgdbm on dnsCache.db).
>
> Once it has the data, ntop can do the 'reverse' lookup.
>
> -----Burton
>
>
>
>
> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On
> Behalf Of [EMAIL PROTECTED]
> Sent: Tuesday, January 18, 2005 12:00 PM
> To: [email protected]
> Cc: [EMAIL PROTECTED]; [email protected]
> Subject: RE: [Ntop-dev] How can ntop resolve DynDNS hosts?
>
>
> DynDNS does forward look-ups only. The PTR resolution must be
> provided for by the address owner. Typically a Broadband provider of
> some sort. The way it works is that the resolver asks who owns the
> PTR record for the address given. That is often an ISP or a large
corporation.
>
> --
>
> J. Eric Josephson
> Director of Network and System Operations
> 978-720-2159
> mailto:[EMAIL PROTECTED]
>
>
>
>
>
> Wolfgang
>
> Hennerbichler To: [email protected]
>
> <[EMAIL PROTECTED]> cc:
>
> Sent by: Subject: RE: [Ntop-dev]
How
> can ntop resolve DynDNS hosts?
> ntop-dev-bounces@
>
> unipi.it
>
>
>
>
>
> 01/18/2005 12:27
>
> PM
>
> Please respond to
>
> ntop-dev
>
>
>
>
>
>
>
>
>
> On Tue, 2005-01-18 at 11:21 -0600, Burton Strauss wrote:
> > There's nothing odd about it. DynDNS type services EXIST to provide
> > name resolution, of course ntop can resolve it!
>
> You misunderstood me. I wrote about reverse-DNS-lookups, which is not
> so obvious to me. Ntop can only be in the knowledge of my IP-Address,
> not my A record. I'm talking about PTR records, that DYNDNS doesn't
provide, I guess.
>
> > -----Burton
>
> Wolfgang
>
> > -----Original Message-----
> > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> > On
> Behalf
> > Of Wolfgang Hennerbichler
> > Sent: Tuesday, January 18, 2005 10:56 AM
> > To: [email protected]
> > Subject: [Ntop-dev] How can ntop resolve DynDNS hosts?
> >
> > Hi!
> >
> > I've found out, that ntop is able to resolve the dyndns record (via
> > a reverse-DNS lookup(!)) of my laptop - how is this possible?
> > I've just had a quick glance at the source code, but didn't find
> > anything
> -
> > I am really interested how this is done - so if somebody could give
> > me a hint - I'd appreciate that!
> >
> > Thank you!
> > Wolfgang
> >
> > _______________________________________________
> > Ntop-dev mailing list
> > [email protected]
> > http://listgateway.unipi.it/mailman/listinfo/ntop-dev
> >
> > _______________________________________________
> > Ntop-dev mailing list
> > [email protected]
> > http://listgateway.unipi.it/mailman/listinfo/ntop-dev
> >
>
> _______________________________________________
> Ntop-dev mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-dev
>
>
>
>
>
> _______________________________________________
> Ntop-dev mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-dev
>
> _______________________________________________
> Ntop-dev mailing list
> [email protected]
> http://listgateway.unipi.it/mailman/listinfo/ntop-dev
>
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
_______________________________________________
Ntop-dev mailing list
[email protected]
http://listgateway.unipi.it/mailman/listinfo/ntop-dev
