1DNSPKTFLOW(1) User Contributed Perl Documentation DNSPKTFLOW(1)
2
6 dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file
7
9 dnspktflow -o output.png file.tcpdump
10 dnspktflow -o output.png -x -a -t -q file.tcpdump
12
14 The dnspktflow application takes a tcpdump network traffic dump file,
15 passes it through the tshark application and then displays the result‐
16 ing DNS packet flows in a "flow-diagram" image. dnspktflow can output
17 a single image or a series of images which can then be shown in
18 sequence as an animation.
19 dnspktflow was written as a debugging utility to help trace DNS queries
21 and responses, especially as they apply to DNSSEC-enabled lookups.
22
24 This application requires the following Perl modules and software com‐
25 ponents to work:
26 graphviz (http://www.graphviz.org/)
28 GraphViz (Perl module)
29 tshark (http://www.wireshark.org/)
30 The following is required for outputting screen presentations:
32 MagicPoint (http://member.wide.ad.jp/wg/mgp/)
34 If the following modules are installed, a GUI interface will be enabled
36 for communication with dnspktflow:
37 QWizard (Perl module)
39 Getopt::GUI::Long (Perl module)
40
42 dnspktflow takes a wide variety of command-line options. These options
43 are described below in the following functional groups: input packet
44 selection, output file options, output visualization options, graphical
45 options, and debugging.
46 Input Packet Selection
48 These options determine the packets that will be selected by dnspkt‐
50 flow.
51 -i STRING
53 --ignore-hosts=STRING
54 A regular expression of host names to ignore in the query/response
55 fields.
56 -r STRING
58 --only-hosts=STRING
59 A regular expression of host names to analyze in the query/response
60 fields.
61 -f
63 --show-frame-num
64 Display the packet frame numbers.
65 -b INTEGER
67 --begin-frame=INTEGER
68 Begin at packet frame NUMBER.
69 Output File Options
71 These options determine the type and location of dnspktflow's output.
73 -o STRING
75 --output-file=STRING
76 Output file name (default: out%03d.png as PNG format.)
77 --fig
79 Output format should be fig.
80 -O STRING
82 --tshark-out=STRING
83 Save tshark output to this file.
84 -m
86 --multiple-outputs
87 One picture per request (use %03d in the filename.)
88 -M STRING
90 --magic-point=STRING
91 Saves a MagicPoint presentation for the output.
92 Output Visualization Options:
94 These options determine specifics of dnspktflow's output.
96 -L
98 --last-line-labels-only
99 Only show data on the last line drawn.
100 -z INTEGER
102 --most-lines=INTEGER
103 Only show at most INTEGER connections.
104 -T
106 --input-is-tshark-out
107 The input file is already processed by tshark.
108 Graphical Options:
110 These options determine fields included in dnspktflow's output.
112 -t
114 --show-type
115 Shows message type in result image.
116 -q
118 --show-queries
119 Shows query questions in result image.
120 -a
122 --show-answers
123 Shows query answers in result image.
124 -A
126 --show-authoritative
127 Shows authoritative information in result image.
128 -x
130 --show-additional
131 Shows additional information in result image.
132 -l
134 --show-label-lines
135 Shows lines attaching labels to lines.
136 --fontsize=INTEGER
138 Font Size
139 Debugging:
141 These options may assist in debugging dnspktflow.
143 -d
145 --dump-pkts
146 Dump data collected from the packets.
147 -h
149 --help
150 Show help for command line options.
151
153 Copyright 2004-2007 SPARTA, Inc. All rights reserved. See the COPYING
154 file included with the DNSSEC-Tools package for details.
155
157 Wes Hardaker <hardaker@users.sourceforge.net>
158
160 Getopt::GUI::Long(3) Net::DNS(3) QWizard.pm(3)
161 http://dnssec-tools.sourceforge.net/
163perl v5.8.8 2007-09-14 DNSPKTFLOW(1)