dnstrack
dnstrack 是一款基于 libpcap 的 DNS 查询实时追踪工具,支持多种输出格式(verbose/question/json/yaml),用于监控机器网卡上的 DNS 查询活动,特别适合检测高频 DNS 查询的进程。
• Copy the embed code to showcase this product on your website
• Share on X to spread the word about this amazing tool
项目地址:https://github.com/chenjiandongx/dnstrackdnstrack 使用 libpcap 监听机器网卡并过滤 dns 查询,同时提供了多种输出方式(verbose/question/json/yaml)。此工具主要用于发现是否有进程持续高频地访问 dns 服务。## 用法> dnstrack 命令需要在特权模式或者 root 用户下运行。shell> dnstrack -h# A dns-query tracking tool written in goUsage: dnstrack [flags]Examples: # list all the net-devices $ dnstrack -l # filters google dns server packet attached in lo0 dev and output with json format $ dnstrack -s 8.8.8.8 -o j -d '^lo0$'Flags: -a, --all-devices listen all devices if present (default true) -d, --devices string devices regex pattern filter -h, --help help for dnstrack -l, --list list all devices name -o, --output-format string output format [json(j)|yaml(y)|question(q)|verbose(v)] (default "verbose") -s, --server string dns server filter -t, --type string dns query type filter [A/AAAA/CNAME/...] -v, --version version for dnstrackverbose 输出格式。shell> dnstrack -d '^lo$|^ens'--------------------; <ens160>@172.16.22.2:53, ID: 49390, OpCpde: Query, Status: Success;; When: 2024-05-29T00:42:52+08:00;; Query Time: 57.667µs;; Msg Size: 292B;; Question Section:google.com. A;; Answer Section:google.com. 5 A INET 93.46.8.90;; Authority Section:google.com. NS INET ns2.google.com.google.com. NS INET ns1.google.com.google.com. NS INET ns4.google.com.google.com. NS INET ns3.google.com.;; Additional Section:ns2.google.com. AAAA INET 2001:4860:4802:34::ans4.google.com. AAAA INET 2001:4860:4802:38::ans3.google.com. AAAA INET 2001:4860:4802:36::ans1.google.com. AAAA INET 2001:4860:4802:32::ans2.google.com. A INET 216.239.34.10ns4.google.com. A INET 216.239.38.10ns3.google.com. A INET 216.239.36.10ns1.google.com. A INET 216.239.32.10question 输出格式。shell> dnstrack -d '^lo$|^ens' -oq2024-05-29T00:44:02+08:00<ens160>@172.16.22.2:53A44.959µsfacebook.com.2024-05-29T00:44:02+08:00<lo>@127.0.0.53:53A16.416µsfacebook.com.2024-05-29T00:44:02+08:00<lo>@127.0.0.53:53A33.125µsfacebook.com.2024-05-29T00:44:04+08:00<lo>@127.0.0.53:53A35.125µstwitter.com.2024-05-29T00:44:04+08:00<lo>@127.0.0.53:53A59.166µstwitter.com.2024-05-29T00:44:04+08:00<ens160>@172.16.22.2:53A72.373058mstwitter.com.2024-05-29T00:44:08+08:00<ens160>@172.16.22.2:53A72.008765msgoogle.com.2024-05-29T00:44:08+08:00<lo>@127.0.0.53:53A72.072515msgoogle.com.2024-05-29T00:44:08+08:00<lo>@127.0.0.53:53A72.309974msgoogle.com.2024-05-29T00:44:13+08:00<ens160>@172.16.22.2:53A80.584µsx.com.2024-05-29T00:44:13+08:00<lo>@127.0.0.53:53A39.667µsx.com.2024-05-29T00:44:13+08:00<lo>@127.0.0.53:53A72.417µsx.com.