[119757] in North American Network Operators' Group
Re: DNS query analyzer
daemon@ATHENA.MIT.EDU (John Kristoff)
Mon Nov 30 23:13:15 2009
Date: Mon, 30 Nov 2009 22:11:05 -0600
From: John Kristoff <jtk@cymru.com>
To: Joseph Jackson <jjackson@aninetworks.net>
In-Reply-To: <695277448C537A469D28FF68D0938C8372F23B5EDB@EXMBX04.exchhosting.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Mon, 30 Nov 2009 16:06:45 -0800
Joseph Jackson <jjackson@aninetworks.net> wrote:
> Anyone know of a tool that can take a pcap file from wireshark that
> was used to collect dns queries and then spit out statistics about
> the queries such as RTT and timeouts?
Nothing with RTT and timeouts in this, but it could probably be adapted
with an additional, rudimentary subroutine to try summarizing that too:
<http://www.cymru.com/jtk/code/pcapsum.pl>
If you or no one else comes up with something or modifies this to do
it, give me a holler and I'll whip something up for you.
As is, it'll count DNS messages, header flags and give a top X list of
qnames seen. It uses the somewhat limited NetPacket modules, but it
would be easy to either switch wholesale to the Net::Packet modules or
pull in just those needed (e.g. VLAN and IPv6 support). It is what it
is, hopefully its of use.
John
