1DNSPKTFLOW(1)         User Contributed Perl Documentation        DNSPKTFLOW(1)
2
3
4

NAME

6       dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file
7

SYNOPSIS

9         dnspktflow -o output.png file.tcpdump
10
11         dnspktflow -o output.png -x -a -t -q file.tcpdump
12

DESCRIPTION

14       The dnspktflow application takes a tcpdump network traffic dump file,
15       passes it through the tshark application and then displays the
16       resulting DNS packet flows in a "flow-diagram" image.  dnspktflow can
17       output a single image or a series of images which can then be shown in
18       sequence as an animation.
19
20       dnspktflow was written as a debugging utility to help trace DNS queries
21       and responses, especially as they apply to DNSSEC-enabled lookups.
22

REQUIREMENTS

24       This application requires the following Perl modules and software
25       components to work:
26
27         graphviz                  (http://www.graphviz.org/)
28         GraphViz                  (Perl module)
29         tshark                    (http://www.wireshark.org/)
30
31       The following is required for outputting screen presentations:
32
33         MagicPoint                (http://member.wide.ad.jp/wg/mgp/)
34
35       If the following modules are installed, a GUI interface will be enabled
36       for communication with dnspktflow:
37
38         QWizard                   (Perl module)
39         Getopt::GUI::Long         (Perl module)
40

OPTIONS

42       dnspktflow takes a wide variety of command-line options.  These options
43       are described below in the following functional groups:  input packet
44       selection, output file options, output visualization options, graphical
45       options, and debugging.
46
47   Input Packet Selection
48       These options determine the packets that will be selected by
49       dnspktflow.
50
51       -i STRING
52       --ignore-hosts=STRING
53           A regular expression of host names to ignore in the query/response
54           fields.
55
56       -r STRING
57       --only-hosts=STRING
58           A regular expression of host names to analyze in the query/response
59           fields.
60
61       -f
62       --show-frame-num
63           Display the packet frame numbers.
64
65       -b INTEGER
66       --begin-frame=INTEGER
67           Begin at packet frame NUMBER.
68
69   Output File Options
70       These options determine the type and location of dnspktflow's output.
71
72       -o STRING
73       --output-file=STRING
74           Output file name (default: out%03d.png as PNG format.)
75
76       --fig
77           Output format should be fig.
78
79       -O STRING
80       --tshark-out=STRING
81           Save tshark output to this file.
82
83       -m
84       --multiple-outputs
85           One picture per request (use %03d in the filename.)
86
87       -M STRING
88       --magic-point=STRING
89           Saves a MagicPoint presentation for the output.
90
91   Output Visualization Options:
92       These options determine specifics of dnspktflow's output.
93
94       --layout-style
95           Selects the graphviz layout style to use (dot, neato, twopi, circo,
96           or fdp).
97
98       -L
99       --last-line-labels-only
100           Only show data on the last line drawn.
101
102       -z INTEGER
103       --most-lines=INTEGER
104           Only show at most INTEGER connections.
105
106       -T
107       --input-is-tshark-out
108           The input file is already processed by tshark.
109
110   Graphical Options:
111       These options determine fields included in dnspktflow's output.
112
113       -t
114       --show-type
115           Shows message type in result image.
116
117       -q
118       --show-queries
119           Shows query questions in result image.
120
121       -a
122       --show-answers
123           Shows query answers in result image.
124
125       -A
126       --show-authoritative
127           Shows authoritative information in result image.
128
129       -x
130       --show-additional
131           Shows additional information in result image.
132
133       -l
134       --show-label-lines
135           Shows lines attaching labels to lines.
136
137       --fontsize=INTEGER
138           Font Size
139
140   Debugging:
141       These options may assist in debugging dnspktflow.
142
143       -d
144       --dump-pkts
145           Dump data collected from the packets.
146
147       -h
148       --help
149           Show help for command line options.
150
152       Copyright 2004-2013 SPARTA, Inc.  All rights reserved.  See the COPYING
153       file included with the DNSSEC-Tools package for details.
154

AUTHOR

156       Wes Hardaker <hardaker@users.sourceforge.net>
157

SEE ALSO

159       Getopt::GUI::Long(3) Net::DNS(3) QWizard.pm(3)
160
161       http://dnssec-tools.sourceforge.net/
162
163
164
165perl v5.32.1                      2021-01-26                     DNSPKTFLOW(1)
Impressum