From aa917c71fd394cf5b64ecbcf8eab50568c91c670 Mon Sep 17 00:00:00 2001 From: gamelinux Date: Fri, 2 Dec 2011 20:12:40 +0000 Subject: [PATCH] Strange reverse (client/server) Im seeing - quick fix --- doc/TODO | 32 +++----------------------------- src/dns.c | 5 +++-- 2 files changed, 6 insertions(+), 31 deletions(-) diff --git a/doc/TODO b/doc/TODO index b31a5ef..bcf7685 100644 --- a/doc/TODO +++ b/doc/TODO @@ -1,32 +1,6 @@ # PassiveDNS - * Get main code up and running. - ** "catch" DNS traffic! - - * Decode DNS server reply packet - - * Output: timestamp||sensor||ns-server-ip||NAME||TYPE||CLASS||TTL||*RDLENGTH*||RDATA - ** NAME Name of the node to which this record pertains (variable) - ** TYPE Type of RR in numeric form (e.g. 15 for MX RRs) 2 - ** CLASS Class code 2 - ** TTL Count of seconds that the RR stays valid (The maximum is 231-1, which is about 68 years.) 4 -# ** RDLENGTH Length of RDATA field 2 - ** RDATA Additional RR-specific data (variable) - - -# ref: http://en.wikipedia.org/wiki/List_of_DNS_record_types -for answer in dns.an: - if answer.type == 5: - print "CNAME request", answer.name, "\tresponse", answer.cname - elif answer.type == 1: - print "A request", answer.name, "\tresponse", socket.inet_ntoa(answer.rdata) - elif answer.type == 28: - print "AAAA request", answer.name, "\tresponse", socket.inet6_ntoa(answer.rdata) - elif answer.type == 12: - print "PTR request", answer.name, "\tresponse", answer.ptrname - else - print "Parsing of R-Type", answer.type, "is not yet implemented..." - - - +* Implement comandline option for log filename +* Clean up memory on exit +* Add some stats diff --git a/src/dns.c b/src/dns.c index 33ba832..55dd3c8 100644 --- a/src/dns.c +++ b/src/dns.c @@ -331,9 +331,10 @@ void print_passet(pdns_asset *p, pdns_record *l) { u_ntop(p->sip, p->af, ip_addr_s); u_ntop(p->cip, p->af, ip_addr_c); + fprintf(fd,"%lu||%s||%s||",p->last_seen, ip_addr_s, ip_addr_c); - fprintf(fd,"%lu||%s||%s||",p->last_seen, ip_addr_c, ip_addr_s); - //fprintf("%lu||%s||%s||",p->last_seen, ip_addr_c, ip_addr_s); + //u_ntop(p->sip, p->af, ip_addr_s); + //fprintf(fd,"%s||",ip_addr_s); switch (ldns_rr_get_class(p->rr)) { case LDNS_RR_CLASS_IN: