Rechercher une page de manuel
dnstop
Langue: en
Version: 385751 (fedora - 01/12/10)
Section: 8 (Commandes administrateur)
BSD mandoc
NAME
dnstop - displays various tables of DNS traffic on your networkSYNOPSIS
[-46apsQR ] [-b expression ] [-i address ] [-f filter ] [-r interval ] [device ] [savefile ]DESCRIPTION
is a small tool to listen on device or to parse the file savefile and collect and print statistics on the local network's DNS traffic. You must have read access to /dev/bpf*COMMAND LINE OPTIONS
The options are as follows:
- -4
- count only messages with IPv4 addresses
- -6
- count only messages with IPv6 addresses
- -a
- anonymize addresses
- -b expression
- BPF filter expression
(default: udp port 53) - -i address
- ignore select addresses
- -p
- Do not put the interface into promiscuous mode.
- -r
- Redraw interval (seconds).
- -l level
- keep counts on names up to level domain name levels.
For example, with -l 2 (the default), will keep two tables: one with top-level domain names, and another with second-level domain names. Increasing the level provides more details, but also requires more memory and CPU.
- -f
- input filter name
The "unknown-tlds" filter includes only queries for TLDs that are bogus. Useful for identifying hosts/servers that leak queries for things like "localhost" or "workgroup."
The "A-for-A" filter includes only A queries for names that are already IP addresses. Certain Microsoft Windows DNS servers have a known bug that forward these queries.
The "rfc1918-ptr" filter includes only PTR queries for addresses in RFC1918 space. These should never leak from inside an organization.
- -Q
- count only DNS query messages
- -R
- count only DNS reply messages
- savefile
- a captured network trace in pcap format
- device
- ethernet device (ie fxp0)
RUN TIME OPTIONS
While running, the following options are available to alter the display:
- s
- display the source address table
- d
- display the destination address table
- t
- display the breakdown of query types seen
- o
- display the breakdown of opcodes seen
- 1
- show 1st level query names
- 2
- show 2nd level query names
- 3
- show 3rd level query names
- 4
- show 4th level query names
- 5
- show 5th level query names
- 6
- show 6th level query names
- 7
- show 7th level query names
- 8
- show 8th level query names
- 9
- show 9th level query names
- !
- show sources + 1st level query names
- @
- show sources + 2nd level query names
- #
- show sources + 3rd level query names
- $
- show sources + 4th level query names
- %
- show sources + 5th level query names
- ^
- show sources + 6th level query names
- &
- show sources + 7th level query names
- *
- show sources + 8th level query names
- (
- show sources + 9th level query names
- ^R
- reset the counters
- ^X
- exit the program
- space
- redraw
- ?
- help
NON-INTERACTIVE MODE
If stdout is not a tty, runs in non-interactive mode. In this case, you must supply a savefile for reading, instead of capturing live packets. After reading the entire savefile, prints the top 50 entries for each table.AUTHORS
- Duane Wessels (wessels@measurement-factory.com)
- Mark Foster (mark@foster.cc)
- Jose Nazario (jose@monkey.org)
- Sam Norris <@ChangeIP.com>
- Max Horn <@quendi.de>
- John Morrissey <jwm@horde.net>
- Florian Forster <octo@verplant.org>
- Dave Plonka <plonka@cs.wisc.edu>
- http://dnstop.measurement-factory.com/
BUGS
Does not support TCP at this time.Contenus ©2006-2024 Benjamin Poulain
Design ©2006-2024 Maxime Vantorre