Provided by: dnssec-tools_2.0-1_all
dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file
dnspktflow -o output.png file.tcpdump dnspktflow -o output.png -x -a -t -q file.tcpdump
The dnspktflow application takes a tcpdump network traffic dump file, passes it through the tshark application and then displays the resulting DNS packet flows in a "flow- diagram" image. dnspktflow can output a single image or a series of images which can then be shown in sequence as an animation. dnspktflow was written as a debugging utility to help trace DNS queries and responses, especially as they apply to DNSSEC-enabled lookups.
This application requires the following Perl modules and software components to work: graphviz (http://www.graphviz.org/) GraphViz (Perl module) tshark (http://www.wireshark.org/) The following is required for outputting screen presentations: MagicPoint (http://member.wide.ad.jp/wg/mgp/) If the following modules are installed, a GUI interface will be enabled for communication with dnspktflow: QWizard (Perl module) Getopt::GUI::Long (Perl module)
dnspktflow takes a wide variety of command-line options. These options are described below in the following functional groups: input packet selection, output file options, output visualization options, graphical options, and debugging. Input Packet Selection These options determine the packets that will be selected by dnspktflow. -i STRING --ignore-hosts=STRING A regular expression of host names to ignore in the query/response fields. -r STRING --only-hosts=STRING A regular expression of host names to analyze in the query/response fields. -f --show-frame-num Display the packet frame numbers. -b INTEGER --begin-frame=INTEGER Begin at packet frame NUMBER. Output File Options These options determine the type and location of dnspktflow's output. -o STRING --output-file=STRING Output file name (default: out%03d.png as PNG format.) --fig Output format should be fig. -O STRING --tshark-out=STRING Save tshark output to this file. -m --multiple-outputs One picture per request (use %03d in the filename.) -M STRING --magic-point=STRING Saves a MagicPoint presentation for the output. Output Visualization Options: These options determine specifics of dnspktflow's output. --layout-style Selects the graphviz layout style to use (dot, neato, twopi, circo, or fdp). -L --last-line-labels-only Only show data on the last line drawn. -z INTEGER --most-lines=INTEGER Only show at most INTEGER connections. -T --input-is-tshark-out The input file is already processed by tshark. Graphical Options: These options determine fields included in dnspktflow's output. -t --show-type Shows message type in result image. -q --show-queries Shows query questions in result image. -a --show-answers Shows query answers in result image. -A --show-authoritative Shows authoritative information in result image. -x --show-additional Shows additional information in result image. -l --show-label-lines Shows lines attaching labels to lines. --fontsize=INTEGER Font Size Debugging: These options may assist in debugging dnspktflow. -d --dump-pkts Dump data collected from the packets. -h --help Show help for command line options.
Copyright 2004-2013 SPARTA, Inc. All rights reserved. See the COPYING file included with the DNSSEC-Tools package for details.
Wes Hardaker <firstname.lastname@example.org>
Getopt::GUI::Long(3) Net::DNS(3) QWizard.pm(3) http://dnssec-tools.sourceforge.net/