1DNSPKTFLOW(1) User Contributed Perl Documentation DNSPKTFLOW(1)
2
3
4
6 dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file
7
9 dnspktflow -o output.png file.tcpdump
10
11 dnspktflow -o output.png -x -a -t -q file.tcpdump
12
14 The dnspktflow application takes a tcpdump network traffic dump file,
15 passes it through the tshark application and then displays the result‐
16 ing DNS packet flows in a "flow-diagram" image. dnspktflow can output
17 a single image or a series of images which can then be shown in
18 sequence as an animation.
19
20 dnspktflow was written as a debugging utility to help trace DNS queries
21 and responses, especially as they apply to DNSSEC-enabled lookups.
22
24 This application requires the following Perl modules and software com‐
25 ponents to work:
26
27 graphviz (http://www.graphviz.org/)
28 GraphViz (Perl module)
29 tshark (http://www.wireshark.org/)
30
31 The following is required for outputting screen presentations:
32
33 MagicPoint (http://member.wide.ad.jp/wg/mgp/)
34
35 If the following modules are installed, a GUI interface will be enabled
36 for communication with dnspktflow:
37
38 QWizard (Perl module)
39 Getopt::GUI::Long (Perl module)
40
42 dnspktflow takes a wide variety of command-line options. These options
43 are described below in the following functional groups: input packet
44 selection, output file options, output visualization options, graphical
45 options, and debugging.
46
47 Input Packet Selection
48
49 These options determine the packets that will be selected by dnspkt‐
50 flow.
51
52 -i STRING
53 --ignore-hosts=STRING
54 A regular expression of host names to ignore in the query/response
55 fields.
56
57 -r STRING
58 --only-hosts=STRING
59 A regular expression of host names to analyze in the query/response
60 fields.
61
62 -f
63 --show-frame-num
64 Display the packet frame numbers.
65
66 -b INTEGER
67 --begin-frame=INTEGER
68 Begin at packet frame NUMBER.
69
70 Output File Options
71
72 These options determine the type and location of dnspktflow's output.
73
74 -o STRING
75 --output-file=STRING
76 Output file name (default: out%03d.png as PNG format.)
77
78 --fig
79 Output format should be fig.
80
81 -O STRING
82 --tshark-out=STRING
83 Save tshark output to this file.
84
85 -m
86 --multiple-outputs
87 One picture per request (use %03d in the filename.)
88
89 -M STRING
90 --magic-point=STRING
91 Saves a MagicPoint presentation for the output.
92
93 Output Visualization Options:
94
95 These options determine specifics of dnspktflow's output.
96
97 -L
98 --last-line-labels-only
99 Only show data on the last line drawn.
100
101 -z INTEGER
102 --most-lines=INTEGER
103 Only show at most INTEGER connections.
104
105 -T
106 --input-is-tshark-out
107 The input file is already processed by tshark.
108
109 Graphical Options:
110
111 These options determine fields included in dnspktflow's output.
112
113 -t
114 --show-type
115 Shows message type in result image.
116
117 -q
118 --show-queries
119 Shows query questions in result image.
120
121 -a
122 --show-answers
123 Shows query answers in result image.
124
125 -A
126 --show-authoritative
127 Shows authoritative information in result image.
128
129 -x
130 --show-additional
131 Shows additional information in result image.
132
133 -l
134 --show-label-lines
135 Shows lines attaching labels to lines.
136
137 --fontsize=INTEGER
138 Font Size
139
140 Debugging:
141
142 These options may assist in debugging dnspktflow.
143
144 -d
145 --dump-pkts
146 Dump data collected from the packets.
147
148 -h
149 --help
150 Show help for command line options.
151
153 Copyright 2004-2007 SPARTA, Inc. All rights reserved. See the COPYING
154 file included with the DNSSEC-Tools package for details.
155
157 Wes Hardaker <hardaker@users.sourceforge.net>
158
160 Getopt::GUI::Long(3) Net::DNS(3) QWizard.pm(3)
161
162 http://dnssec-tools.sourceforge.net/
163
164
165
166perl v5.8.8 2007-09-14 DNSPKTFLOW(1)