NAME¶
dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file
SYNOPSIS¶
dnspktflow -o output.png file.tcpdump
dnspktflow -o output.png -x -a -t -q file.tcpdump
DESCRIPTION¶
The
dnspktflow application takes a
tcpdump network traffic dump
file, passes it through the
tshark application and then displays the
resulting DNS packet flows in a "flow-diagram" image.
dnspktflow can output a single image or a series of images which can
then be shown in sequence as an animation.
dnspktflow was written as a debugging utility to help trace DNS queries
and responses, especially as they apply to DNSSEC-enabled lookups.
REQUIREMENTS¶
This application requires the following Perl modules and software components to
work:
graphviz (http://www.graphviz.org/)
GraphViz (Perl module)
tshark (http://www.wireshark.org/)
The following is required for outputting screen presentations:
MagicPoint (http://member.wide.ad.jp/wg/mgp/)
If the following modules are installed, a GUI interface will be enabled for
communication with
dnspktflow:
QWizard (Perl module)
Getopt::GUI::Long (Perl module)
OPTIONS¶
dnspktflow takes a wide variety of command-line options. These options
are described below in the following functional groups: input packet
selection, output file options, output visualization options, graphical
options, and debugging.
These options determine the packets that will be selected by
dnspktflow.
- -i STRING
- --ignore-hosts=STRING
- A regular expression of host names to ignore in the
query/response fields.
- -r STRING
- --only-hosts=STRING
- A regular expression of host names to analyze in the
query/response fields.
- -f
- --show-frame-num
- Display the packet frame numbers.
- -b INTEGER
- --begin-frame=INTEGER
- Begin at packet frame NUMBER.
Output File Options¶
These options determine the type and location of
dnspktflow's output.
- -o STRING
- --output-file=STRING
- Output file name (default: out%03d.png as PNG format.)
- --fig
- Output format should be fig.
- -O STRING
- --tshark-out=STRING
- Save tshark output to this file.
- -m
- --multiple-outputs
- One picture per request (use %03d in the filename.)
- -M STRING
- --magic-point=STRING
- Saves a MagicPoint presentation for the output.
Output Visualization Options:¶
These options determine specifics of
dnspktflow's output.
- --layout-style
- Selects the graphviz layout style to use (dot, neato,
twopi, circo, or fdp).
- -L
- --last-line-labels-only
- Only show data on the last line drawn.
- -z INTEGER
- --most-lines=INTEGER
- Only show at most INTEGER connections.
- -T
- --input-is-tshark-out
- The input file is already processed by tshark.
Graphical Options:¶
These options determine fields included in
dnspktflow's output.
- -t
- --show-type
- Shows message type in result image.
- -q
- --show-queries
- Shows query questions in result image.
- -a
- --show-answers
- Shows query answers in result image.
- -A
- --show-authoritative
- Shows authoritative information in result image.
- -x
- --show-additional
- Shows additional information in result image.
- -l
- --show-label-lines
- Shows lines attaching labels to lines.
- --fontsize=INTEGER
- Font Size
Debugging:¶
These options may assist in debugging
dnspktflow.
- -d
- --dump-pkts
- Dump data collected from the packets.
- -h
- --help
- Show help for command line options.
COPYRIGHT¶
Copyright 2004-2012 SPARTA, Inc. All rights reserved. See the COPYING file
included with the DNSSEC-Tools package for details.
AUTHOR¶
Wes Hardaker <hardaker@users.sourceforge.net>
SEE ALSO¶
Getopt::GUI::Long(3)
Net::DNS(3)
QWizard.pm(3)
http://dnssec-tools.sourceforge.net/
