lost and found ( for me ? )

dnssnarf : collect DNS statistics


Here’s how to install dnssnarf on ubuntu 13.04.


about dnssnarf

# tail -1 /etc/lsb-release
DISTRIB_DESCRIPTION="Ubuntu 13.04"
# uname -ri
3.8.0-19-generic x86_64

install dnssnarf via git.
# git clone https://github.com/Cysource/DNSsnarf.git
Cloning into 'DNSsnarf'...

# cd DNSsnarf/
# make
# make install

# ls /usr/bin/dnssnarf*
/usr/bin/dnssnarf  /usr/bin/dnssnarfclient

start dnssnarf daemon.
# /usr/bin/dnssnarf --help
/usr/bin/dnssnarf: invalid option -- '-'

Usage: /usr/bin/dnssnarf [options]

Available Options:
 -f : Foreground mode
 -i : Device selection (-i eth9)
 -s : State file location (-s /path/to/state.bin)
 -p : PID file location (-p /var/run/dnssnarf.pid)

# /usr/bin/dnssnarf -i eth0
# dnssnarf: started.

do some name resolution.
# dig @<etg0’s IP> foo.bar a

get DNS statistics.
# /usr/bin/dnssnarfclient
Usage   : /usr/bin/dnssnarfclient <options>

Options : -r RECORDTYPE
         -q Count of incoming packets
         -a Count of outgoing packets
         -t Combined count

# /usr/bin/dnssnarfclient -r A -q
26
# /usr/bin/dnssnarfclient -r A -a
43
# /usr/bin/dnssnarfclient -r A -t
69

# /usr/bin/dnssnarfclient -r AAAA -q
6
# /usr/bin/dnssnarfclient -r MX -q
4
# /usr/bin/dnssnarfclient -r TXT -q
4

# /usr/bin/dnssnarfclient -r PTR -q
8

# /usr/bin/dnssnarfclient -r A -q
5e7
# python
Python 2.7.4 (default, Apr 19 2013, 18:28:01)
[GCC 4.7.3] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>> 0x5e7
1511
>>>

1 comment:

  1. Hello,

    Thank you for your comments.

    > How well does this compare to DSC?

    From my observation , DSC would be better.
    Because DCS can collect a wide variety of stats , such as QPS by node , QPS by type , Reply by Rcode etc.
    In case of dnssnarf , we can get only QPS by type as of now.
    But dnssnarf is easy to use.
    If you need only stats for QPS by type and do not need to archive DNS stats from some/many DNS servers , dnssnarf might be enough.

    >This doesn't appear to have a presenter, so I'm really asking how it performs as a collector.

    yes , no presenter.
    Seen from source code , dnssnarf seems to capture DNS traffic by using libpcap library.

    Shige

    ReplyDelete

Note: Only a member of this blog may post a comment.