Provided by: drool_2.0.0-3_all
NAME
drool - DNS Replay Tool
SYNOPSIS
drool replay [ options ] file host port
DESCRIPTION
drool can replay DNS traffic from packet capture (PCAP) files and send it to a specified server, with options such as to manipulate the timing between packets, as well as loop packets infinitely or for a set number of iterations. This tool's goal is to be able to produce a high amount of UDP packets per second and TCP sessions per second on common hardware. The purpose can be to simulate Distributed Denial of Service (DDoS) attacks on the DNS and measure normal DNS querying. For example, the tool could enable you to take a snapshot of a DDoS and be able to replay it later to test if new code or hardening techniques are useful, safe & effective. Another example is to be able to replay a packet stream for a bug that is sequence- and/or timing-related in order to validate the efficacy of subsequent bug fixes.
OPTIONS
These options are specific for the replay command, see drool(1) for generic options. -D Show DNS queries and responses as processing goes. -n --no-responses Do not wait for responses before sending next request. --no-tcp Do not use TCP. --no-udp Do not use UDP. -T --threads Use threads. --tcp-threads N Set the number of TCP threads to use, default 2. --udp-threads N Set the number of UDP threads to use, default 4. --timeout N.N Set timeout for waiting on responses [seconds.nanoseconds], default 10.0. -t --timing mode[=option] Set the timing mode, see TIMING MODES.
EXAMPLES
drool replay --timing multiply=0.5 --no-tcp file.pcap 127.0.0.1 53 Send all DNS queries twice as fast as found in the PCAP file to localhost using UDP. drool replay --timing keep --no-udp file.pcap 127.0.0.1 53 Send all DNS queries over TCP to localhost as they were recorded. drool replay --no-tcp --no-responses --threads --udp-threads 3 file.pcap 127.0.0.1 53 Take all DNS queries found in the PCAP file and send them as fast as possible over UDP to localhost by ignoring both timings, replies and starting 3 threads that will simultaneously send queries.
TIMING MODES
ignore Set the timing mode to ignore all timings and try to send traffic as fast as possible (default). keep Set the timing mode to try and keep up with interval between the traffic received. add=<nanoseconds> Set the timing mode to add the given nanoseconds to the interval between the traffic received. reduce=<nanoseconds> Set the timing mode to reduce the interval between the traffic received with the given nanoseconds. multiply=<float> Set the timing mode to multiply the interval between the traffic received, this can be thought as percent with 1.00 being 100% of the interval, 2.00 being 200%, 0.10 being 10% and so on. fixed=<nanoseconds> Set the timing between packets to the given nanoseconds.
SEE ALSO
drool(1)
AUTHORS
Jerry Lundström, DNS-OARC Maintained by DNS-OARC https://www.dns-oarc.net/
BUGS
For issues and feature requests please use: https://github.com/DNS-OARC/drool/issues For question and help please use: admin@dns-oarc.net