Provided by: dnssec-tools_2.2-2_all bug


       dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file


         dnspktflow -o output.png file.tcpdump

         dnspktflow -o output.png -x -a -t -q file.tcpdump


       The dnspktflow application takes a tcpdump network traffic dump file, passes it through
       the tshark application and then displays the resulting DNS packet flows in a "flow-
       diagram" image.  dnspktflow can output a single image or a series of images which can then
       be shown in sequence as an animation.

       dnspktflow was written as a debugging utility to help trace DNS queries and responses,
       especially as they apply to DNSSEC-enabled lookups.


       This application requires the following Perl modules and software components to work:

         graphviz                  (
         GraphViz                  (Perl module)
         tshark                    (

       The following is required for outputting screen presentations:

         MagicPoint                (

       If the following modules are installed, a GUI interface will be enabled for communication
       with dnspktflow:

         QWizard                   (Perl module)
         Getopt::GUI::Long         (Perl module)


       dnspktflow takes a wide variety of command-line options.  These options are described
       below in the following functional groups:  input packet selection, output file options,
       output visualization options, graphical options, and debugging.

   Input Packet Selection
       These options determine the packets that will be selected by dnspktflow.

       -i STRING
           A regular expression of host names to ignore in the query/response fields.

       -r STRING
           A regular expression of host names to analyze in the query/response fields.

           Display the packet frame numbers.

       -b INTEGER
           Begin at packet frame NUMBER.

   Output File Options
       These options determine the type and location of dnspktflow's output.

       -o STRING
           Output file name (default: out%03d.png as PNG format.)

           Output format should be fig.

       -O STRING
           Save tshark output to this file.

           One picture per request (use %03d in the filename.)

       -M STRING
           Saves a MagicPoint presentation for the output.

   Output Visualization Options:
       These options determine specifics of dnspktflow's output.

           Selects the graphviz layout style to use (dot, neato, twopi, circo, or fdp).

           Only show data on the last line drawn.

       -z INTEGER
           Only show at most INTEGER connections.

           The input file is already processed by tshark.

   Graphical Options:
       These options determine fields included in dnspktflow's output.

           Shows message type in result image.

           Shows query questions in result image.

           Shows query answers in result image.

           Shows authoritative information in result image.

           Shows additional information in result image.

           Shows lines attaching labels to lines.

           Font Size

       These options may assist in debugging dnspktflow.

           Dump data collected from the packets.

           Show help for command line options.


       Copyright 2004-2013 SPARTA, Inc.  All rights reserved.  See the COPYING file included with
       the DNSSEC-Tools package for details.


       Wes Hardaker <>


       Getopt::GUI::Long(3) Net::DNS(3)