Skip to content

kfujiwara/PcapParseC

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

32 Commits
ext
ext
 
 
m4
m4
 
 
tools
tools
 
 
.gitignore
.gitignore
 
 
CHANGES
CHANGES
 
 
DNS.h
DNS.h
 
 
JPRS-OSCL.txt
JPRS-OSCL.txt
 
 
Makefile.am
Makefile.am
 
 
PcapL3Print.c
PcapL3Print.c
 
 
PcapParse.c
PcapParse.c
 
 
PcapParse.h
PcapParse.h
 
 
PcapSelectDNS.c
PcapSelectDNS.c
 
 
PcapSelectL3.c
PcapSelectL3.c
 
 
README.md
README.md
 
 
bit.c
bit.c
 
 
bit.h
bit.h
 
 
configure.ac
configure.ac
 
 
geoiplookup.c
geoiplookup.c
 
 
geoiplookup.h
geoiplookup.h
 
 
geoiptest.c
geoiptest.c
 
 
mytool.c
mytool.c
 
 
mytool.h
mytool.h
 
 
parse_DNS.c
parse_DNS.c
 
 
parse_DNS.h
parse_DNS.h
 
 
parse_L3.c
parse_L3.c
 
 
parse_L3.h
parse_L3.h
 
 
parse_bind9log.c
parse_bind9log.c
 
 
parse_int.h
parse_int.h
 
 
parse_tcp.c
parse_tcp.c
 
 
parse_testdata.c
parse_testdata.c
 
 
parse_testdata.h
parse_testdata.h
 
 
parse_tools.c
parse_tools.c
 
 
pcapDNSKEY.c
pcapDNSKEY.c
 
 
pcapDelay.h
pcapDelay.h
 
 
pcap_data.h
pcap_data.h
 
 
pcapgetquery.c
pcapgetquery.c
 
 
pcapinfo.c
pcapinfo.c
 
 
print_dns_answer.c
print_dns_answer.c
 
 
print_dns_answer.h
print_dns_answer.h
 
 

Repository files navigation

PcapParseC is always under development. It is a tool which the author want to use. License is described in JPRS-OSCL.txt.

Currently, the author uses it to count 'Number of possible DNSSEC validators', 'JP server selection of full-resolvers' and 'analysis of stub-resolvers'.

It can be used to analyze large pcap files which recorded DNS packets.

You can use PcapParse.c as a PCAP parser and you can evaluate anything you want to by writing C subroutine.

There is no documentation which describes how to use it as a library.

pcapDNSKEY.c and pcapgetquery.c are examples for PcapParse.c.

How to build:

autoreconf -i; ./configure; make; make install

Tested environment: FreeBSD 8.3 Linux (CentOS 5.6 and old RHEL) Solaris 10

How to use:

pcapgetquery reads pcap files and outputs BIND 9 style query logs. Or it can output CSV style query logs.

Usage: pcapgetquery [options] pcap files...

-A	Parse response packets

-L	BIND 9 querylog format
-C	CSV output
-c	Count mode

-D num	Debug flag
-4 v4	Specify DNS server's IPv4 address
-6 v6	Specify DNS server's IPv6 address
-e v4	Specify IPv4 address of excluded client
-m v4	Specify netmask for -a option
-a v4	Specify allowed client address prefix (IPv4 only)

pcapDNSKEY reads pcap files and counts that each query source IP address sent how many queries for JP, JP DNSKEY, any.JP DS, IN-ADDR.ARPA, *.IN-ADDR.ARPA DNSKEY, *.IN-ADDR.ARPA DS, *.BIND, *.SERVER and unknown TLDs.

Usage: pcapDNSKEY [options] pcap files...

-4 v4	Specify DNS server's IPv4 address
-6 v6	Specify DNS server's IPv6 address

Kazunori Fujiwara, Japan Registry Services Co., Ltd. fujiwara@jprs.co.jp, fujiwara@wide.ad.jp

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

0 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages