lunar (1) drool-replay.1.gz

Provided by: drool_2.0.0-3_all bug

NAME

       drool - DNS Replay Tool

SYNOPSIS

       drool replay [ options ] file host port

DESCRIPTION

       drool  can  replay DNS traffic from packet capture (PCAP) files and send it to a specified
       server, with options such as to manipulate the timing between packets,  as  well  as  loop
       packets  infinitely  or for a set number of iterations.  This tool's goal is to be able to
       produce a high amount of UDP packets per second and TCP  sessions  per  second  on  common
       hardware.

       The purpose can be to simulate Distributed Denial of Service (DDoS) attacks on the DNS and
       measure normal DNS querying.  For example, the tool could enable you to take a snapshot of
       a  DDoS  and  be  able  to replay it later to test if new code or hardening techniques are
       useful, safe & effective.  Another example is to be able to replay a packet stream  for  a
       bug  that  is  sequence-  and/or  timing-related  in  order  to  validate  the efficacy of
       subsequent bug fixes.

OPTIONS

       These options are specific for the replay command, see drool(1) for generic options.

       -D     Show DNS queries and responses as processing goes.

       -n --no-responses
              Do not wait for responses before sending next request.

       --no-tcp
              Do not use TCP.

       --no-udp
              Do not use UDP.

       -T --threads
              Use threads.

       --tcp-threads N
              Set the number of TCP threads to use, default 2.

       --udp-threads N
              Set the number of UDP threads to use, default 4.

       --timeout N.N
              Set timeout for waiting on responses [seconds.nanoseconds], default 10.0.

       -t --timing mode[=option]
              Set the timing mode, see TIMING MODES.

EXAMPLES

       drool replay --timing multiply=0.5 --no-tcp file.pcap 127.0.0.1 53

              Send all DNS queries twice as fast as found in the PCAP  file  to  localhost  using
              UDP.

       drool replay --timing keep --no-udp file.pcap 127.0.0.1 53

              Send all DNS queries over TCP to localhost as they were recorded.

       drool replay --no-tcp --no-responses --threads --udp-threads 3 file.pcap 127.0.0.1 53

              Take  all DNS queries found in the PCAP file and send them as fast as possible over
              UDP to localhost by ignoring both timings, replies and starting 3 threads that will
              simultaneously send queries.

TIMING MODES

       ignore Set  the  timing  mode  to  ignore  all  timings and try to send traffic as fast as
              possible (default).

       keep   Set the timing mode to try and keep up with interval between the traffic received.

       add=<nanoseconds>
              Set the timing mode to add the  given  nanoseconds  to  the  interval  between  the
              traffic received.

       reduce=<nanoseconds>
              Set  the  timing  mode to reduce the interval between the traffic received with the
              given nanoseconds.

       multiply=<float>
              Set the timing mode to multiply the interval between the traffic received, this can
              be  thought  as percent with 1.00 being 100% of the interval, 2.00 being 200%, 0.10
              being 10% and so on.

       fixed=<nanoseconds>
              Set the timing between packets to the given nanoseconds.

SEE ALSO

       drool(1)

AUTHORS

       Jerry Lundström, DNS-OARC

       Maintained by DNS-OARC

              https://www.dns-oarc.net/

BUGS

       For issues and feature requests please use:

              https://github.com/DNS-OARC/drool/issues

       For question and help please use:

              admin@dns-oarc.net