Provided by: drool_2.0.0-9_all 
NAME
drool - DNS Replay Tool
SYNOPSIS
drool respdiff [ options ] path name file name host port
DESCRIPTION
This tool is to be used in conjunction with the tool-chain respdiff by CZ.NIC (see
https://gitlab.labs.nic.cz/knot/respdiff).
It will replay DNS queries found in the PCAP, but only if a correlating response is also found, against
the target host and port. The query, original response and the received response is then stored into a
LMDB database located at path. The name before the PCAP file and the name before the target host are
stored in the meta table which should correspond with the configuration use for respdiff in order for it
to be able to read the results correctly.
OPTIONS
These options are specific for the respdiff command, see drool(1) for generic options.
-D Show DNS queries and responses as processing goes.
--no-tcp
Do not use TCP.
--no-udp
Do not use UDP.
-T --threads
Use threads.
--tcp-threads N
Set the number of TCP threads to use, default 2.
--udp-threads N
Set the number of UDP threads to use, default 4.
--timeout N.N
Set timeout for waiting on responses [seconds.nanoseconds], default 10.0.
--size BYTES
Set the size (in bytes, multiple of OS page size) of the LMDB database, default 10485760.
DATABASE SIZE
Note that you will need to set a database size that is large enough for all queries, all original
responses, all received responses and all analysis done by respdiff tool-chain in order for a successful
analysis to be done.
EXAMPLE
This example replays a PCAP file against localhost and then uses the respdiff tool-chain to analyze the
results.
$ drool respdiff /lmdb/path pcap file.pcap target 127.0.0.1 53
$ msgdiff.py /lmdb/path
$ diffsum.py /lmdb/path
SEE ALSO
drool(1)
AUTHORS
Jerry Lundström, DNS-OARC
Maintained by DNS-OARC
https://www.dns-oarc.net/
BUGS
For issues and feature requests please use:
https://github.com/DNS-OARC/drool/issues
For question and help please use:
admin@dns-oarc.net
DNS Replay Tool 2.0.0 drool(1)