dtq: dnstap query

This tool allows you to filter dnstap data using JSON Pointer expressions and get the matching data printed in a JSON format.

This allows you to for example filter on a combination of question name and specific DNS message ID like so:

$ dtq -file file.dnstap -filter '"/Msg/Question/0/Name" == "www.domain.example." and "/Msg/MsgHdr/Id" == 1337'
{
  "Dnstap": {
    "type": 1,
    "message": {
      "type": 6,
      "socket_family": 2,
       [...]
    }
  },
  "Msg": {
    "Id": 1337,
    "Response": true,
    "Opcode": 0,
    "Authoritative": false,
    "Truncated": false,
    "RecursionDesired": true,
    "RecursionAvailable": true,
    "Zero": false,
    "AuthenticatedData": false,
    "CheckingDisabled": false,
    "Rcode": 0,
    "Question": [
      {
        "Name": "www.domain.example.",
        "Qtype": 1,
        "Qclass": 1
      }
    ],
    [...]
  }
}

Name		Name	Last commit message	Last commit date
Latest commit History 4 Commits
.gitignore		.gitignore
README.md		README.md
go.mod		go.mod
go.sum		go.sum
main.go		main.go

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

.gitignore

.gitignore

README.md

README.md

go.mod

go.mod

go.sum

go.sum

main.go

main.go

Repository files navigation

dtq: dnstap query

About

Releases

Packages

Languages

eest/dtq

Folders and files

Latest commit

History

Repository files navigation

dtq: dnstap query

About

Resources

Stars

Watchers

Forks

Languages