Ubuntu Manpage: dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file

NAME

       dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file

SYNOPSIS

         dnspktflow -o output.png file.tcpdump

         dnspktflow -o output.png -x -a -t -q file.tcpdump

DESCRIPTION

       The dnspktflow application takes a tcpdump network traffic dump file, passes it through
       the tshark application and then displays the resulting DNS packet flows in a "flow-
       diagram" image.  dnspktflow can output a single image or a series of images which can then
       be shown in sequence as an animation.

       dnspktflow was written as a debugging utility to help trace DNS queries and responses,
       especially as they apply to DNSSEC-enabled lookups.

REQUIREMENTS

       This application requires the following Perl modules and software components to work:

         graphviz                  (http://www.graphviz.org/)
         GraphViz                  (Perl module)
         tshark                    (http://www.wireshark.org/)

       The following is required for outputting screen presentations:

         MagicPoint                (http://member.wide.ad.jp/wg/mgp/)

       If the following modules are installed, a GUI interface will be enabled for communication
       with dnspktflow:

         QWizard                   (Perl module)
         Getopt::GUI::Long         (Perl module)

OPTIONS

dnspktflow takes a wide variety of command-line options. These options are described
below in the following functional groups: input packet selection, output file options,
output visualization options, graphical options, and debugging.

Input Packet Selection
These options determine the packets that will be selected by dnspktflow.

-i STRING
--ignore-hosts=STRING
A regular expression of host names to ignore in the query/response fields.

-r STRING
--only-hosts=STRING
A regular expression of host names to analyze in the query/response fields.

-f
--show-frame-num
Display the packet frame numbers.

-b INTEGER
--begin-frame=INTEGER
Begin at packet frame NUMBER.

Output File Options
These options determine the type and location of dnspktflow's output.

-o STRING
--output-file=STRING
Output file name (default: out%03d.png as PNG format.)

--fig
Output format should be fig.

-O STRING
--tshark-out=STRING
Save tshark output to this file.

-m
--multiple-outputs
One picture per request (use %03d in the filename.)

-M STRING
--magic-point=STRING
Saves a MagicPoint presentation for the output.

Output Visualization Options:
These options determine specifics of dnspktflow's output.

--layout-style
Selects the graphviz layout style to use (dot, neato, twopi, circo, or fdp).

-L
--last-line-labels-only
Only show data on the last line drawn.

-z INTEGER
--most-lines=INTEGER
Only show at most INTEGER connections.

-T
--input-is-tshark-out
The input file is already processed by tshark.

Graphical Options:
These options determine fields included in dnspktflow's output.

-t
--show-type
Shows message type in result image.

-q
--show-queries
Shows query questions in result image.

-a
--show-answers
Shows query answers in result image.

-A
--show-authoritative
Shows authoritative information in result image.

-x
--show-additional
Shows additional information in result image.

-l
--show-label-lines
Shows lines attaching labels to lines.

--fontsize=INTEGER
Font Size

Debugging:
These options may assist in debugging dnspktflow.

-d
--dump-pkts
Dump data collected from the packets.

-h
--help
Show help for command line options.

COPYRIGHT

       Copyright 2004-2013 SPARTA, Inc.  All rights reserved.  See the COPYING file included with
       the DNSSEC-Tools package for details.

AUTHOR

       Wes Hardaker <hardaker@users.sourceforge.net>