1DNSPKTFLOW(1) User Contributed Perl Documentation DNSPKTFLOW(1)
2
6 dnspktflow - Analyze and draw DNS flow diagrams from a tcpdump file
7
9 dnspktflow -o output.png file.tcpdump
10 dnspktflow -o output.png -x -a -t -q file.tcpdump
12
14 The dnspktflow application takes a tcpdump network traffic dump file,
15 passes it through the tshark application and then displays the
16 resulting DNS packet flows in a "flow-diagram" image. dnspktflow can
17 output a single image or a series of images which can then be shown in
18 sequence as an animation.
19 dnspktflow was written as a debugging utility to help trace DNS queries
21 and responses, especially as they apply to DNSSEC-enabled lookups.
22
24 This application requires the following Perl modules and software
25 components to work:
26 graphviz (http://www.graphviz.org/)
28 GraphViz (Perl module)
29 tshark (http://www.wireshark.org/)
30 The following is required for outputting screen presentations:
32 MagicPoint (http://member.wide.ad.jp/wg/mgp/)
34 If the following modules are installed, a GUI interface will be enabled
36 for communication with dnspktflow:
37 QWizard (Perl module)
39 Getopt::GUI::Long (Perl module)
40
42 dnspktflow takes a wide variety of command-line options. These options
43 are described below in the following functional groups: input packet
44 selection, output file options, output visualization options, graphical
45 options, and debugging.
46 Input Packet Selection
48 These options determine the packets that will be selected by
49 dnspktflow.
50 -i STRING
52 --ignore-hosts=STRING
53 A regular expression of host names to ignore in the query/response
54 fields.
55 -r STRING
57 --only-hosts=STRING
58 A regular expression of host names to analyze in the query/response
59 fields.
60 -f
62 --show-frame-num
63 Display the packet frame numbers.
64 -b INTEGER
66 --begin-frame=INTEGER
67 Begin at packet frame NUMBER.
68 Output File Options
70 These options determine the type and location of dnspktflow's output.
71 -o STRING
73 --output-file=STRING
74 Output file name (default: out%03d.png as PNG format.)
75 --fig
77 Output format should be fig.
78 -O STRING
80 --tshark-out=STRING
81 Save tshark output to this file.
82 -m
84 --multiple-outputs
85 One picture per request (use %03d in the filename.)
86 -M STRING
88 --magic-point=STRING
89 Saves a MagicPoint presentation for the output.
90 Output Visualization Options:
92 These options determine specifics of dnspktflow's output.
93 --layout-style
95 Selects the graphviz layout style to use (dot, neato, twopi, circo,
96 or fdp).
97 -L
99 --last-line-labels-only
100 Only show data on the last line drawn.
101 -z INTEGER
103 --most-lines=INTEGER
104 Only show at most INTEGER connections.
105 -T
107 --input-is-tshark-out
108 The input file is already processed by tshark.
109 Graphical Options:
111 These options determine fields included in dnspktflow's output.
112 -t
114 --show-type
115 Shows message type in result image.
116 -q
118 --show-queries
119 Shows query questions in result image.
120 -a
122 --show-answers
123 Shows query answers in result image.
124 -A
126 --show-authoritative
127 Shows authoritative information in result image.
128 -x
130 --show-additional
131 Shows additional information in result image.
132 -l
134 --show-label-lines
135 Shows lines attaching labels to lines.
136 --fontsize=INTEGER
138 Font Size
139 Debugging:
141 These options may assist in debugging dnspktflow.
142 -d
144 --dump-pkts
145 Dump data collected from the packets.
146 -h
148 --help
149 Show help for command line options.
150
152 Copyright 2004-2013 SPARTA, Inc. All rights reserved. See the COPYING
153 file included with the DNSSEC-Tools package for details.
154
156 Wes Hardaker <hardaker@users.sourceforge.net>
157
159 Getopt::GUI::Long(3) Net::DNS(3) QWizard.pm(3)
160 http://dnssec-tools.sourceforge.net/
162perl v5.38.0 2023-07-19 DNSPKTFLOW(1)