• NAME
• SYNOPSIS
• DESCRIPTION
• REQUIREMENTS
• OPTIONS
  • Input Packet Selection
  • Output File Options
  • Output Visualization Options:
  • Graphical Options:
  • Debugging:
• COPYRIGHT
• AUTHOR
• SEE ALSO

NAME

dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file

SYNOPSIS

  dnspktflow -o output.png file.tcpdump

  dnspktflow -o output.png -x -a -t -q file.tcpdump

DESCRIPTION

The dnspktflow application takes a tcpdump network traffic dump file, passes it through the tshark application and then displays the resulting DNS packet flows in a "flow-diagram" image. dnspktflow can output a single image or a series of images which can then be shown in sequence as an animation.

dnspktflow was written as a debugging utility to help trace DNS queries and responses, especially as they apply to DNSSEC-enabled lookups.

REQUIREMENTS

This application requires the following Perl modules and software components to work:

  graphviz                  (http://www.graphviz.org/)
  GraphViz                  (Perl module)
  tshark                    (http://www.wireshark.org/)

The following is required for outputting screen presentations:

  MagicPoint                (http://member.wide.ad.jp/wg/mgp/)

If the following modules are installed, a GUI interface will be enabled for communication with dnspktflow:

  QWizard                   (Perl module)
  Getopt::GUI::Long         (Perl module)

OPTIONS

dnspktflow takes a wide variety of command-line options. These options are described below in the following functional groups: input packet selection, output file options, output visualization options, graphical options, and debugging.

Input Packet Selection

These options determine the packets that will be selected by dnspktflow.

-i STRING

--ignore-hosts=STRING

A regular expression of host names to ignore in the query/response fields.

-r STRING

--only-hosts=STRING

A regular expression of host names to analyze in the query/response fields.

-f

--show-frame-num

Display the packet frame numbers.

-b INTEGER

--begin-frame=INTEGER

Begin at packet frame NUMBER.

Output File Options

These options determine the type and location of dnspktflow's output.

-o STRING

--output-file=STRING

Output file name (default: out%03d.png as PNG format.)

--fig

Output format should be fig.

-O STRING

--tshark-out=STRING

Save tshark output to this file.

-m

--multiple-outputs

One picture per request (use %03d in the filename.)

-M STRING

--magic-point=STRING

Saves a MagicPoint presentation for the output.

Output Visualization Options:

These options determine specifics of dnspktflow's output.

--layout-style

Selects the graphviz layout style to use (dot, neato, twopi, circo, or fdp).

-L

--last-line-labels-only

Only show data on the last line drawn.

-z INTEGER

--most-lines=INTEGER

Only show at most INTEGER connections.

-T

--input-is-tshark-out

The input file is already processed by tshark.

Graphical Options:

These options determine fields included in dnspktflow's output.

-t

--show-type

Shows message type in result image.

-q

--show-queries

Shows query questions in result image.

-a

--show-answers

Shows query answers in result image.

-A

--show-authoritative

Shows authoritative information in result image.

-x

--show-additional

Shows additional information in result image.

-l

--show-label-lines

Shows lines attaching labels to lines.

--fontsize=INTEGER

Font Size

Debugging:

These options may assist in debugging dnspktflow.

-d

--dump-pkts

Dump data collected from the packets.

-h

--help

Show help for command line options.

COPYRIGHT

Copyright 2004-2013 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.

AUTHOR

Wes Hardaker <hardaker@users.sourceforge.net>

SEE ALSO

Getopt::GUI::Long(3) Net::DNS(3) QWizard.pm(3)

http://dnssec-tools.sourceforge.net/