A network sniffer that logs all DNS server replies
Clone or download
Pull request Compare This branch is 24 commits ahead, 121 commits behind gamelinux:master.
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Failed to load latest commit information.
doc
etc
examples/mqtt
logstash
src
.gitignore
README
README.md
jmbp-603.jpg

README.md

Stash53

A work in progres. This was originally forked from passivedns, so you're probably better off there!

Modifications to the original code

  • Disabled -X option
  • Enabled checks for all qtypes and rcodes
  • Added json.[ch] from ccan
  • Added emit.[ch] with support for ZeroMQ, Redis, and MQTT
  • Added -e to specify emitter output:
    • For Redis: 127.0.0.1/6379
    • For MQTT: 127.0.0.1/1183
  • Added -O for specifying PUB topic (Redis and MQTT)
  • Added -N for specifying "nsid" (nameserver ID)
  • Added -v option to print additionally print emitted JSON to stdout
  • Logging to files is now disabled unless -l or -L are specified

Todo

  • See Issues.

Quickstart

  1. Get ElasticSearc. You need the version used by Logstash. At the time of this writing, that would be 0.20.5. Unpack it, and launch it:
bin/elasticsearch -f
  1. Get Logstash.
  2. Create a configuration for Logstash, based upon the example in my blog post.
  3. Launch Logstash:
java -jar logstash-1.1.12-flatjar.jar agent -f dns.conf -v
  1. Launch stash53, making sure you're using the correct network interface. Something like this, for Redis output, should do.
./stash53 -i eth0                    # Interface
          -e 127.0.0.1/6379          # Redis host/port
          -l /dev/null
          -P 0
          -O dns:hippo               # list name for Redis
  1. Get Kibana3, and drop all the files on a Web server. Edit config.js to have Kibana find your ElasticSearch server.

Original README

Please see the original README

Notes

This program includes libtai which is in the public domain.