Stay on top of your DNS traffic
Switch branches/tags
Nothing to show
Clone or download
Fetching latest commit…
Cannot retrieve the latest commit at this time.
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
CHANGES
LICENSE
Makefile.in
README.md
config.h.in
configure
configure.scan
dnstop.8
dnstop.c
hashtbl.c
hashtbl.h
inX_addr.c
inX_addr.h
install-sh
known_tlds.h
lookup3.c
mk-known-tlds.sh
mk-newgtlds.sh
new_gtlds.h

README.md

DNSTOP: STAY ON TOP OF YOUR DNS TRAFFIC

dnstop is a libpcap application (like tcpdump) that displays various tables of DNS traffic on your network. Currently dnstop displays tables of:

  • Source IP addresses
  • Destination IP addresses
  • Query types
  • Response codes
  • Opcodes
  • Top level domains
  • Second level domains
  • Third level domains
  • etc...

dnstop supports both IPv4 and IPv6 addresses.

To help find especially undesirable DNS queries, dnstop provides a number of filters. The filters tell dnstop to display only the following types of queries:

  • For unknown/invalid TLDs
  • A queries where the query name is already an IP address
  • PTR queries for RFC1918 address space
  • Responses with code REFUSED

dnstop can either read packets from the live capture device, or from a tcpdump savefile.

See also http://dns.measurement-factory.com/tools/dnstop/.